Python库 | trackerjacker-1.3.3.tar.gz

# trackerjacker Like nmap for mapping wifi networks you're not connected to. Maps and tracks wifi networks and devices through raw 802.11 monitoring. PyPI page: https://pypi.python.org/pypi/trackerjacker #### Install pip3 install trackerjacker **Linux-only** at this time (tested on Ubuntu, Kali, and RPi).  ## Usage Find detailed usage like this: trackerjacker -h There are 2 major usage modes for `trackerjacker`: **map** mode and **track** mode: ### Map mode example Map command: trackerjacker -i wlan1337 --map By default, this outputs the `wifi_map.yaml` YAML file, which is a map of all the nearby WiFi networks and all of their users. Here's an example `wifi_map.yaaml` file: TEST_SSID: 00:10:18:6b:7a:ea: bssid: 00:10:18:6b:7a:ea bytes: 5430 channels: - 11 devices: 3c:07:71:15:f1:48: bytes: 798 signal: 1 vendor: Sony Corporation 78:31:c1:7f:25:43: bytes: 4632 signal: -52 vendor: Apple, Inc. signal: -86 ssid: TEST_SSID vendor: Broadcom BRANSONS_WIFI: 90:48:9a:e3:58:25: bssid: 90:48:9a:e3:58:25 bytes: 5073 channels: - 1 devices: 01:00:5e:96:e1:89: bytes: 476 signal: -62 vendor: '' 30:8c:fb:66:23:91: bytes: 278 signal: -46 vendor: Dropcam 34:23:ba:1c:ba:e7: bytes: 548 signal: 4 vendor: SAMSUNG ELECTRO-MECHANICS(THAILAND) signal: -80 ssid: BRANSONS_WIFI vendor: Hon Hai Precision Ind. Co.,Ltd. hacker_network: 80:2a:a8:e5:de:92: bssid: 80:2a:a8:e5:de:92 bytes: 5895 channels: - 11 devices: 80:1f:02:e6:44:96: bytes: 960 signal: -46 vendor: Edimax Technology Co. Ltd. 80:2a:a8:8a:ec:c8: bytes: 472 signal: 4 vendor: Ubiquiti Networks Inc. 80:2a:a8:be:09:a9: bytes: 5199 signal: 4 vendor: Ubiquiti Networks Inc. d8:49:2f:7a:f0:8f: bytes: 548 signal: 4 vendor: CANON INC. signal: -46 ssid: hacker vendor: Ubiquiti Networks Inc. 80:2a:a8:61:aa:2f: bssid: 80:2a:a8:61:aa:2f bytes: 5629 channels: - 44 - 48 devices: 78:88:6d:4e:e2:c9: bytes: 948 signal: -52 vendor: '' e4:8b:7f:d4:cb:25: bytes: 986 signal: -48 vendor: Apple, Inc. signal: -48 ssid: null vendor: Ubiquiti Networks Inc. 82:2a:a8:51:32:25: bssid: 82:2a:a8:51:32:25 bytes: 3902 channels: - 48 devices: b8:e8:56:f5:a0:70: bytes: 1188 signal: -34 vendor: Apple, Inc. signal: -14 ssid: hacker vendor: '' 82:2a:a8:fc:33:b6: bssid: 82:2a:a8:fc:33:b6 bytes: 7805 channels: - 10 - 11 - 12 devices: 78:31:c1:7f:25:43: bytes: 4632 signal: -52 vendor: Apple, Inc. 7c:dd:90:fe:b4:87: bytes: 423223 signal: 4 vendor: Shenzhen Ogemray Technology Co., Ltd. 80:2a:a8:be:09:a9: bytes: 5199 signal: 4 vendor: Ubiquiti Networks Inc. signal: -62 ssid: null vendor: '' Note that, since this is YAML, you can easily use it as an input for other scripts of your own devising. ### Example: Track mode with trigger command Track mode allows you to specify some number of MAC addresses to watch, and if any specific devices exceeds the threshold (in bytes), specified here with the `-t 4000` (specifying an alert threshold of 4000 bytes) an alert will be triggered. trackerjacker --track -m 3c:2e:ff:31:32:59 --t 4000 --trigger-command "./alert.sh" --channels-to-monitor 10,11,12,44 Using monitor mode interface: wlan1337 Monitoring channels: {10, 11, 12, 44} [@] Device (3c:2e:ff:31:32:59) threshold hit: 4734 [@] Device (3c:2e:ff:31:32:59) threshold hit: 7717 [@] Device (3c:2e:ff:31:32:59) threshold hit: 7124 [@] Device (3c:2e:ff:31:32:59) threshold hit: 8258 [@] Device (3c:2e:ff:31:32:59) threshold hit: 8922 In this particular example, I was watching a security camera to determine when it was uploading a video (indicating motion was detected) so that I could turn on my security system sirens (which was the original genesis of this project). ### Example: Track mode with trigger plugin $ trackerjacker --track -m 3c:2e:ff:31:32:59 --threshold 10 --trigger-plugin examples/plugin_example1.py --channels-to-monitor 10,11,12,44 --trigger-cooldown 1 Using monitor mode interface: wlan1337 Monitoring channels: {10, 11, 12, 44} [@] Device (device 3c:2e:ff:31:32:59) threshold hit: 34 bytes 3c:2e:ff:31:32:59 seen at: [1521926768.756529] [@] Device (device 3c:2e:ff:31:32:59) threshold hit: 11880 bytes 3c:2e:ff:31:32:59 seen at: [1521926768.756529, 1521926769.758929] [@] Device (device 3c:2e:ff:31:32:59) threshold hit: 18564 bytes 3c:2e:ff:31:32:59 seen at: [1521926768.756529, 1521926769.758929, 1521926770.7622838] This runs `examples/plugin_example1.py` every time `3c:2e:ff:31:32:59` is seen sending/receiving 10 bytes or more. trackerjacker plugins are simply python files that contain either: * `Trigger` class which defines a `__call__(**kwargs)` method (example: `examples/plugin_example1.py`) * `trigger(**kwargs)` function (example: `examples/plugin_example2.py`) And optionally a `__apiversion__ = 1` line (for future backward compatibility) ### Example: Configuring with config file trackerjacker.py -c my_config.json And here's the example config file called `my_config.json`: ``` { "iface": "wlan1337", "devices_to_watch": {"5f:cb:53:1c:8a:2c": 1000, "32:44:1b:d7:a1:5b": 2000}, "aps_to_watch": {"c6:23:ef:33:cc:a2": 500}, "threshold_window": 10, "channels_to_monitor": [1, 6, 11, 52], "channel_switch_scheme": "round_robin" } ``` A few notes about this: * `threshold_bytes` is the default threshold of bytes which, if seen, a causes the alert function to be called * `threshold_window` is the time window in which the `threshold_bytes` is analyzed. * `devices_to_watch` is a list which can contain either strings (representing MACs) or dicts (which allow the specification of a `name` and `threshold`) - `name` is simply what a label you want to be printed when this device is seen. - `threshold` in the "Security camera" is how many bytes must be seen * `channels_to_monitor` - list of 802.11 wifi channels to monitor. The list of channels your wifi card supports is printed when trackerjacker starts up. By default, all supported channels are monitored. * `channel_switch_scheme` - either `default`, `round_robin`, or `traffic_based`. `traffic_based` determines the channels of most traffic, and probabilistically monitors them more. ### Example: Enable/Disable monitor mode on interface Trackerjacker comes with a few other utility functions relevant to WiFi hacking. One of these is the ability to turn on monitor mode on a specific interface. Enable monitor mode: trackerjacker --monitor-mode-on -i wlan0 Disable monitor mode: trackerjacker --monitor-mode-off -i wlan0mon Note that trackerjacker will automatically enable/disable monitor mode if necessary. This functionality is just useful if you want to enable monitor mode on an interface for use with other applications (or for quicker starup of trackerjacker, if you plan to be starting/exiting to test stuff). ### Example: Set adapter channel trackerjacker --set-channel 11 -i wlan0 Note that trackerjacker will automatically switch channels as necessary during normal map/track actions. This option is just useful if you want to set the channel on an interface for use with other applications. ## Example use-cases * Map out all the nearby wifi devices (and which