My favorites | Sign in
Project Logo
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
Summary | Updates | People
Code license: New BSD License
Labels: wep, cracking, wifi, wireless, security, hacking, auditing, wpa, backtrack
Show all Featured downloads:
wepbuster-1.0_beta-0.7.tgz
Links:
Blogs:
Feeds:
People details
Project owners:
  markjayson.alvarez

WEPBuster 1.0

if something's insecure in your wifihood... 

This small utility was written for information security professional to
aid in conducting Wireless Security Assessment. The script executes 
various programs included in the aircrack-ng suite - a set of tools for 
auditing wireless networks, in order to obtain the WEP encryption key of
a wireless access point. WEPBuster also has a wordlist generator 
which can be used in creating "dictionary" files for WPA Pre-Shared Key
cracking and for other related tasks. aircrack-ng 
can be obtained from http://www.aircrack-ng.org

Features: 

Cracks all access points within the range in one go!!
Supports:

WEP Cracking:

 - Mac address filtering bypass (via mac spoofing)
 - Auto reveal hidden SSID
 - Client-less Access Point injection (fragmentation, -p0841)
 - Shared Key Authentication 
 - whitelist (crack only APs included in the list)
 - blacklist (do not crack AP if it's included in the list)

Wordlist Generator:

 - generate all combinations of a given set
 - generate all unique combinations of a given set
 - apply filters to each generated word
 - apply filters to an input file or a wordlist
 - apply filters from another wordlist
 - merge two wordlists and apply filters to each generated word

USAGE: 

  perl wepbuster [channel(s)]
  perl wepbuster [sort | connect] [hostname/ip address]
  perl wepbuster permute [OPTIONS]
  or
  perl wepbuster --help	| --man for list of all supported options.

REQUIREMENTS: 

  									 
  - aircrack-ng 1.0			 
										 
  - perl installation with standard libraries (threading support)  	 	 
     - perl modules (http://search.cpan.org)			 		 
        - Term::ReadKey							 
        - Expect.pm 
        - Getopt::Long
        - File::Slurp
        - Number::Range
        - Algorithm::Permute
        - Pod::Usage
 								 										 
  - macchanger	 (www.alobbs.com/macchanger)					 
										 
  - miscellaneous unix programs						 
	- ifconfig, iwconfig, rm, pkill, stty, cp, touch, mv, route, ping, 	 
         dhclient, netstat

WEP CRACKING PROCESS: 

When invoked without any arguments, the program initially builds a list
of all WEP-enabled access points within the range using airodump-ng(1) on
each non-overlapping channel of the country specified. (US 1, 6, 11 and 
EU 1, 5, 9, 13). If there's any, associated stations are also saved for 
use in mac address spoofing when dealing with access points with hidden 
SSIDs or those with mac address filtering enabled. 

Once done scanning, the automated WEP cracking begins. The script will go 
through the list and attempt to crack each access point listed. A white list
(known_ap.txt) and black list (bad_ap.txt) text files on the current working
directory are consulted to know if a particular access point is to be skipped
or not.

The first step in the actual WEP cracking is to associate the cracking 
station using aireplay-ng(1) to the target access point. Shared-key 
authentication (SKA) is also done automatically. If the SSID is unknown or
hidden , association will not be possible hence, the script will use 
aireplay-ng to launch deauthentication attacks in order to reveal the ssid. 

Once associated, the script will use aireplay-ng(1) to launch an arp-replay
attack against the access point. When a particular period has elapsed and 
the IV count did not increase significantly, fragmentation attack will be 
launched. If fragmentation attack was successful (keystream was found), the 
script will use packetforge-ng(1) in order to build an arp packet to be used 
in arp-replay attack. If unsuccessful, fragmentation attack will be stopped 
and rebroadcast attack (-p0841) will be tried next.

If all goes well, wepbuster should display the IV counts as they increase. 
When enough IVs are collected, the script will launch aircrack-ng(1) and 
will try to crack the WEP encryption key using the collected data packet 
dumps. If successful, the WEP key will be saved into the text file "owned.txt"
in the current working directory. This entire process is repeated until all 
the access points included in the initial list are processed.

WORDLIST GENERATOR: 

The key to a successful bruteforce attack is to have a good dictionary file. 
It is a known fact that at this point, one cannot just create a dictionary 
file by generating all the possible combinations of all the character sets and
expect to make it useable upon completion, if at all. 

Building a dictionary file for bruteforce password guessing is a tricky exercise. 
People came up with various ideas such as crawling a website in order to extract 
unique words from it, word association using data mining, "leetifying", case 
switching (e.g., lower to upper), mutation, etc.

WEPBuster is capable of generating all combinations of a given set and at the 
same time apply filters to each generated word in order to make the resulting 
word list size significantly smaller.









Hosted by Google Code