WPS Wireless Attack Tool: Pyxiewps

2015-10-09T14:58:45
ID N0WHERE:31765
Type n0where
Reporter N0where
Modified 2015-10-09T14:58:45

Description

Pyxiewps is a wireless attack tool writen in python that uses reaver, pixiewps, macchanger and aircrack to retrieve the WPS pin of any vulnerable AP in seconds. There are already a lot of tools, reaver included, that can attack an access point (AP) using the Pixie Dust vulnerability but this tool was made to do it automatically – fast and user friendly.

> #### If the router is vulnerable, this script will use reaver and pixiewps to retrieve the AP password in 11 seconds. > > jgilhutton

img_wps It enumerates all the APs with active WPS, tries to get the PKE, PKR, E-NONCE, R-NONCE, AUTHKEY, HASH1 and 2 using the patched version of reaver, then passes all that information to pixiewps program so that it can retrieve the WPS pin, and finally runs reaver again with the pin that pixiewps found to get the AP WPA password.

Usage

python pyxiewps-[LANGUAGE].py <arguments>

     -p --use-pixie               Once all the data is captured with reaver                [False]
                                 the script tries to get the WPS pin with pixiewps.
    -a --airodump-time [time]    Airodump spends this amount of time enumerating APs      [3]
    -t --time [time]             Set the time used to get the hex data from the AP.       [6]
    -c --channel [channel]       Set the listening channel to enumerate the WPS-active APs.
                                 If not set, all channels are listened.
    -P --prompt                  If more than one WPS-active AP is found, ask the user    [False]
                                 the target to attack.
    -o --output [file]           Outputs all the data into a file.
    -f --pass                    If the WPS pin is found, the script uses reaver again to retrieve
                                 the WPA password of the AP.
    -q --quiet                   Doesn't print the AP information. Will print the WPS pin and pass if found.
    -F --forever                 Runs the program on a While loop so the user can scan and attack a hole
                                 zone without having to execute the program over and over again.
    -A --again                   Target is attacked again in case of success without prompting the user.
    -s --signal [-NUMBER]        APs with RSSI lower than NUMBER will be ignored          [-100]
                                 A value of "-50" will ignore APs with RSSI between
                                 -100 and -51 and will attack APs which RSSI goes from -50 to 0
    -M --max-aps [number]        Max amount of APs to be attacked.
    -m --mode [mode]             Set the mode preset. Any preset option can be override
                                 by giving its argument and value on the commandline.
                                 i.e: "-m DRIVE -t 10"

Available modes:

    WALK:
            [-p] [-f] [-a 4] [-t 8] [-F] [-M 2]
            Tries to get the WPS pin
            4 seconds will be used to enumerate the APs
            8 seconds will be used to fetch the AP information
            Will try to get the password
            The program will run in a while loop.
            A max amount of 2 APs will be attacked
            AP won't be atacked again if failed once
    DRIVE:
            [-p] [-t 10] [-F] [-M 1]
            Tries to get the WPS pin
            3 seconds will be used to enumerate the APs
            10 seconds will be used to fetch the AP information
            Won't try to get the password
            The program will run in a while loop.
            Only one AP will be attacked
            AP won't be atacked again if failed once
    STATIC:
            [-p] [-f] [-a 5] [-t 10] [-P] [-O]
            Tries to get the WPS pin
            5 seconds will be used to enumerate the APs
            10 seconds will be used to fetch the AP information
            Will try to get the password
            The program will run only once
            User will be prompted for an AP to attack
            AP will be atacked again if failed once

Eample

python pyxiewps-[LANGUAGE].py -p -t 6 -c 7 -P -o file.txt -f
python pyxiewps-[LANGUAGE].py --use-pixie --time 6 --channel 7 --prompt --output file.txt --pass

pyxiewps -m DRIVE

WPS Wireless Attack Tool pyxiewps Download