Skip to content

r3k4t/Shellbully

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Shellbullly

Author : RKT

Description

       +-+-+-+-+-+-+-+-+-+-+
       |S|H|E|L|L|B|U|L|L|Y|
       +-+-+-+-+-+-+-+-+-+-+      
                                                                                                                                                                                                        
Adavance WPS vulnerability assessment utility

Shellbully implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in Brute forcing Wi-Fi Protected Setup When poor design meets poor implementation. Shellbully has been designed to be a robust and practical attack against Wi-Fi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases and has been tested against a wide variety of access points and WPS implementations. Depending on the target's Access Point (AP), to recover the plain text WPA/WPA2 passphrase the average amount of time for the transitional online brute force method is between 4-10 hours. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase. When using the offline attack, if the AP is vulnerable, it may take only a matter of seconds to minutes.

Screenshot at 2020-08-28 17-36-44

Tested on

  • Kali Linux
  • LinuxMint
  • Ubuntu
  • Parrot Os
    • Installation

      • chmod +x install.sh
      • sudo ./install.sh

      Screenshot at 2020-08-28 11-38-12

      Screenshot at 2020-08-28 17-15-42

      Getting started

      git clone https://github.com/r3k4t/Shellbully.git
      cd Shellbully
      sudo ./shellbully.sh

      Menu

      • BullyWps
      • Wash
      • Airodump-ng
        • BullyWps

          Bully is a new implementation of the WPS brute force attack, written in C. It is conceptually identical to other programs, in that it exploits the (now well known) design flaw in the WPS specification. It has several advantages over the original reaver code. These include fewer dependencies, improved memory and cpu performance, correct handling of endianness, and a more robust set of options. It runs on Linux, and was specifically developed to run on embedded Linux systems (OpenWrt, etc) regardless of architecture.

          Bully provides several improvements in the detection and handling of anomalous scenarios. It has been tested against access points from numerous vendors, and with differing configurations, with much success.

          Screenshot at 2020-08-28 17-37-29

          Screenshot at 2020-08-28 18-25-14

          Screenshot at 2020-08-28 18-51-31

          Wash

          Wash is a utility for identifying WPS enabled access points. It can survey from a live interface or it can scan a list of pcap files.

          Wash is an auxiliary tool designed to display WPS enabled Access Points and their main characteristics. Wash is included in the Reaver package.

          Wash can detect wifi wps lock enable or disable.

          Linux Terminal Command

          • chmod +x wash.sh
          • sudo ./wash.sh

          Screenshot at 2020-08-28 17-38-26

          Screenshot at 2020-08-28 17-38-47

          Screenshot at 2020-08-28 17-48-26

          Airodump-ng

          Airodump-ng is used for packet capturing of raw 802.11 frames and is particularly suitable for collecting WEP IVs (Initialization Vector) for the intent of using them with aircrack-ng. If you have a GPS receiver connected to the computer, airodump-ng is capable of logging the coordinates of the found access points.

          Additionally, airodump-ng writes out several files containing the details of all access points and clients seen.

          Linux Terminal Command

          • chmod +x airodump-ng
          • sudo ./airodump-ng.sh

          Screenshot at 2020-08-28 18-19-41

          Screenshot at 2020-08-28 18-20-44

          Screenshot at 2020-08-28 18-21-14

Releases

No releases published

Packages

No packages published

Languages