brmlab/BLIT
4
0
Fork 0
mirror of https://github.com/brmlab/BLIT.git synced 2025-06-07 11:23:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

initial BLIT commit

Browse source
This commit is contained in:
Ruzicka Pavel 2016-09-16 03:03:49 +02:00
parent 7c2356fe80
commit 5130a2ab11
24 changed files with 900 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
*~

9
MaDHCPhost_changer/README.md Normal file
View file

@ -0,0 +1,9 @@
=== Instalation ===
# install dictionary
apt-get install wamerican
cp hostnamechanger /etc/network/if-pre-up.d/
chmod 755 /etc/network/if-pre-up.d/hostnamechanger
watch 'egrep "^send host-name" /etc/dhcp/dhclient.conf'
# disconnect and connect back to your network

18
MaDHCPhost_changer/hostnamechanger Executable file
View file

@ -0,0 +1,18 @@
#!/bin/bash
WORDFILE="/usr/share/dict/words"
# if no wordfile than fukitol
test -f "$WORDFILE" || exit 0
#Number of lines in $WORDFILE is max value for random chooser
wordfile_lines=$(awk 'NF!=0 {++c} END {print c}' "$WORDFILE")
## bash VARIANT
rnum="$((${RANDOM}*${RANDOM}%${wordfile_lines}+1))"
newhostname="$(sed -n "$rnum p" $WORDFILE |sed 's/[^a-zA-Z0-9]//g')"
## coreutils VARIANT
#newhostname="$(shuf -n1 /usr/share/dict/words|sed 's/[^a-zA-Z0-9]//g')"
#sed "s=$(hostname)=REPLACEME=g" -i /etc/hosts && hostname "$newhostname" && sed "s=REPLACEME=$(hostname)=g" -i /etc/hosts
sed -i "s+send host-name = .*+send host-name = \"${newhostname}\";+" /etc/dhcp/dhclient.conf

5
My_UDEV_notify/README.md Normal file
View file

@ -0,0 +1,5 @@
=== Instalation ===
cp my-udev-notify.sh /usr/local/bin/
chmod 755 /usr/local/bin/my-udev-notify.sh
cp my-udev-notify.rules to /etc/udev/rules.d/

5
My_UDEV_notify/my-udev-notify.rules Normal file
View file

@ -0,0 +1,5 @@
# - copy this file to /etc/udev/rules.d directory;
# - modify 2 paths below: they should match your real path to my-udev-notify.sh
ACTION=="add", RUN+="/bin/bash /usr/local/bin/my-udev-notify.sh -a add -p '%p' -b '$attr{busnum}' -d '$attr{devnum}'"
ACTION=="remove", RUN+="/bin/bash /usr/local/bin/my-udev-notify.sh -a remove -p '%p' -b '$attr{busnum}' -d '$attr{devnum}'"

219
My_UDEV_notify/my-udev-notify.sh Executable file
View file

@ -0,0 +1,219 @@
#!/bin/bash
# thanks:
# - to guys from linux.org.ru;
# - to 'iptable' user from ##linux at irc.freenode.net.
# test command:
# sudo /bin/bash my-udev-notify -a add -p 'test_path' -b '555' -d '777'
# get path to this script
DIR="$(dirname $(readlink -f "$0"))"
# set default options {{{
# file for storing list of currently plugged devices
devlist_file="/var/tmp/udev-notify-devices"
# servers="localhost:4567 localhost:3456"
servers=
show_notifications=true
play_sounds=true
plug_sound_path="/usr/share/sounds/KDE-Im-Cant-Connect.ogg"
unplug_sound_path="/usr/share/sounds/KDE-Im-Connection-Lost.ogg"
# }}}
# read config file {{{
{
if [ -r /etc/my-udev-notify.conf ]; then
. /etc/my-udev-notify.conf
fi
#if [ -r ~/.my-udev-notify.conf ]; then
#. ~/.my-udev-notify.conf
#fi
}
# }}}
# retrieve options from command line {{{
# action: "add" or "remove"
action=
# dev_path: path like /devices/pci0000:00/0000:00:1d.0/usb5/5-1
dev_path=
# bus number and device number:
# they are needed since device is also stored at /dev/bus/usb/<bus_num>/<dev_num>
bus_num=
dev_num=
while getopts a:p:b:d: opt; do
case $opt in
a)
action=$OPTARG
;;
p)
dev_path=$OPTARG
;;
b)
bus_num=$OPTARG
;;
d)
dev_num=$OPTARG
;;
esac
done
shift $((OPTIND - 1))
# }}}
show_visual_notification()
{
# TODO: wait for 'iptable' user from ##linux to say how to do it better
# or, at least it's better to use 'who' command instead of 'w',
# because 'who' echoes display number like (:0), and echoes nothing if no display,
# which is more convenient to parse.
local header=$1
local text=$2
text=`echo "$text" | sed 's/###/\n/g'`
declare -a logged_users=(` who | grep "(.*)" | sed 's/^\s*\(\S\+\).*(\(.*\))/\1 \2/g' | uniq | sort`)
if [[ ${#logged_users[@]} == 0 ]]; then
# it seems 'who' doesn't echo displays, so let's assume :0 (better than nothing)
declare -a logged_users=(`who | awk '{print $1" :0"}' | uniq | sort`)
fi
for (( i=0; i<${#logged_users[@]}; i=($i + 2) )); do
cur_user=${logged_users[$i + 0]}
cur_display=${logged_users[$i + 1]}
export DISPLAY=$cur_display
su $cur_user -c "notify-send '$header' '$text'"
done
}
network_notification()
{
local server=$1
local header=$2
local text=$3
msg="${header}###${text}"
arr=$(echo $server | tr ":" "\n")
host=${arr[0]}
port=${arr[1]}
echo "$msg" | nc -q 0 $host $port
}
# notification for plugged device {{{
notify_plugged()
{
local dev_title=$1
if [[ $show_notifications == true ]]; then
#notify-send "device plugged" "$dev_title" &
show_visual_notification "device plugged" "$dev_title"
fi
if [[ $play_sounds == true && -r $plug_sound_path ]]; then
/usr/bin/play -q $plug_sound_path &
fi
for server in $servers; do
network_notification "$server" "plugged" "$dev_title"
done
}
# }}}
# notification for unplugged device {{{
notify_unplugged()
{
local dev_title=$1
if [[ $show_notifications == true ]]; then
#notify-send "device unplugged" "$dev_title" &
show_visual_notification "device unplugged" "$dev_title"
fi
if [[ $play_sounds == true && -r $unplug_sound_path ]]; then
/usr/bin/play -q $unplug_sound_path &
fi
for server in $servers; do
network_notification "$server" "unplugged" "$dev_title"
done
}
# }}}
{
# we need for lock our $devlist_file
exec 200>/var/lock/.udev-notify-devices.exclusivelock
flock -x -w 10 200 || exit 1
case $action in
"reboot" )
rm $devlist_file
;;
"add" )
# ------------------- PLUG -------------------
if [[ "$bus_num" != "" && "$dev_num" != "" ]]; then
# make bus_num and dev_num have leading zeros
bus_num=`printf %03d $bus_num`
dev_num=`printf %03d $dev_num`
# Retrieve device title. Currently it's done just by lsusb and grep.
# Not so good: if one day lsusb change its output format, this script
# might stop working.
dev_title=`lsusb -D /dev/bus/usb/$bus_num/$dev_num | grep '^Device:\|bInterfaceClass\|bInterfaceSubClass\|bInterfaceProtocol'|sed 's/^\s*\([a-zA-Z]\+\):*\s*[0-9]*\s*/<b>\1:<\/b> /' | awk 1 ORS='###'`
# Sometimes we might have the same device attached to different bus_num or dev_num:
# in this case, we just modify bus_num and dev_num to the current ones.
# At least, it often happens on reboot: during previous session, user plugged/unplugged
# devices, and dev_num is increased every time. But after reboot numbers are reset,
# so with this substitution we won't have duplicates in our devlist.
escaped_dev_path=`echo "$dev_path" | sed 's/[\/&*.^$]/\\\&/g'`
sed -i "s#^\([0-9]\{3\}:\)\{2\}\($escaped_dev_path\)#$bus_num:$dev_num:$dev_path#" $devlist_file
# udev often generates many events for the same device
# (I still don't know how to write udev rule to prevent it)
# so we need to check if this device is already stored in our devlist file
existing_dev_on_bus_cnt=`cat $devlist_file | grep "^$bus_num:$dev_num:" | awk 'END {print NR}'`
if [[ $existing_dev_on_bus_cnt == 0 ]]; then
# this device isn't stored yet in the devlist, so let's write it there.
echo "$bus_num:$dev_num:$dev_path title=\"$dev_title\"" >> $devlist_file
# and, finally, notify the user.
notify_plugged "$dev_title"
fi
fi
;;
"remove" )
# ------------------- UNPLUG -------------------
# Unfortunately, udev doesn't emit bus_num and dev_num for "remove" events,
# and there's even no vendor_id and product_id.
# But it emits dev_path. So we have to maintain our own plugged devices list.
# Now we retrieve stored device title from our devlist by its dev_path.
dev_title=`cat $devlist_file | grep "$dev_path " | sed 's/.*title=\"\(.*\)\".*/\1/g'`
# remove that device from list (since it was just unplugged)
cat $devlist_file | grep -v "$dev_path " > ${devlist_file}_tmp
mv ${devlist_file}_tmp $devlist_file
# if we have found title, then notify user, after all.
if [[ "$dev_title" != "" ]]; then
notify_unplugged "$dev_title"
fi
;;
esac
#unlock $devlist_file
flock -u 200
}

25
NeNe-discovery/README.md Normal file
View file

@ -0,0 +1,25 @@
=== Instalation ===
cp notify-arp-neighbours.sh /usr/local/sbin/
chmod 755 /usr/local/sbin/notify-arp-neighbours.sh
cp netiface-default.py /usr/local/bin/
chmod 755 /usr/local/bin/netiface-default.py
cp notify-send-as-root-MSG-permanent.sh /usr/local/bin/
chmod 755 /usr/local/bin/notify-send-as-root-MSG-permanent.sh
# change value of NOTIFY_USER variable to username of the user to send notification to
editor /usr/local/bin/notify-send-as-root-MSG-permanent.sh
cp dbus-find-session.sh /usr/local/bin/
chmod 755 /usr/local/bin/dbus-find-session.sh
# install arp-scan
apt-get install arp-scan
cp arp-localnet.sh /usr/local/bin/
chmod 755 /usr/local/bin/arp-localnet.sh
cp notify-arp-neighbours /etc/network/if-up.d/
# reconnect your network and you should receive and notification about your network neighbours

5
NeNe-discovery/arp-localnet.sh Executable file
View file

@ -0,0 +1,5 @@
#!/bin/bash
IFACE_DEFAULT="$(/usr/local/bin/netiface-default.py)"
/usr/bin/arp-scan --interface=${IFACE_DEFAULT} --localnet

10
NeNe-discovery/dbus-find-session.sh Executable file
View file

@ -0,0 +1,10 @@
#!/bin/bash
USER_DBUS_PROCESS_NAME="gconfd-2"
export NOTIFY_SEND_BIN="/usr/bin/notify-send"
# get pid of user dbus process
DBUS_PID="$(ps ax | grep $USER_DBUS_PROCESS_NAME | grep -v grep | awk '{ print $1 }')"
# get DBUS_SESSION_BUS_ADDRESS variable
export DBUS_SESSION="$(grep -z DBUS_SESSION_BUS_ADDRESS /proc/$DBUS_PID/environ | sed -e s/DBUS_SESSION_BUS_ADDRESS=//)"

7
NeNe-discovery/netiface-default.py Executable file
View file

@ -0,0 +1,7 @@
#!/usr/bin/python
import sys
import netifaces as ni
gw_iface = ni.gateways()['default'][ni.AF_INET][1]
print gw_iface

4
NeNe-discovery/notify-arp-neighbours Executable file
View file

@ -0,0 +1,4 @@
#!/bin/bash -x
#echo "START: $(date)" >> /tmp/nei
/usr/local/sbin/notify-arp-neighbours.sh
#echo "STOP: $(date)" >> /tmp/nei

6
NeNe-discovery/notify-arp-neighbours.sh Executable file
View file

@ -0,0 +1,6 @@
#!/bin/bash
#. /usr/local/bin/dbus-find-session.sh
#/usr/bin/notify-send -t 0 "$(/usr/local/bin/arp-localnet.sh)"
/usr/local/bin/notify-send-as-root-MSG-permanent.sh LocalNet "$(/usr/local/bin/arp-localnet.sh)"

23
NeNe-discovery/notify-send-as-root-MSG-permanent.sh Executable file
View file

@ -0,0 +1,23 @@
#!/bin/bash -x
#
# This script shows how to send a libnotify message
# to a specific user.
#
# It looks for a process that was started by the user and is connected to dbus.
# process to determine DBUS_SESSION_BUS_ADDRESS
NOTIFY_USER=ruza
TIME="$(date +%H:%M:%S)"
NOTIFY_SEND_BIN="/usr/bin/notify-send"
#PARAMS="$3"
. /usr/local/bin/dbus-find-session.sh
#TITLE="$(echo $1|tr -d \')"
#MESSAGE="$(echo $2|tr -d \')"
TITLE="$1"
MESSAGE="$2"
# send notify
DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION su -s /bin/bash -c "$NOTIFY_SEND_BIN -t 0 \"${TITLE}\" \"${MESSAGE}\"" ${NOTIFY_USER}
#/usr/bin/logger "${NOTIFY_USER} notified: ${TITLE}: ${MESSAGE}"

12
README.md
View file

@ -1,2 +1,14 @@
# BLIT
Brmlab Linux Improvements Toolkit
* is an collection of tools and scripts you can implement yourself on your Linux desktop/notebook to improve an experience using your device.
* consists of tools related to security, information gathering, anonymity and so on.
* toolkit is provided as-is and installing any tool from this toolkit in your Linux could require non-trivial tasks and adjustments or even need to read/rewrite/customize some parts of the code.
* some of the scripts included are not my own but were taken from various sources from the Internet (if they were better comparing to what i wrote by myself). Mostly I respect their authorship by not touching headers with a link to the original autor if the files contain such information. However the files links to the original author, files can be subject to my changes, customizations or improvements to my needs.
Tools included in toolkit in more detail:
* **wifi-probes**: collection of scripts that sniffs wireless network broadcasts from wireless devices around, logs them and notify you an SSIDs seen. Requires an secondary wireless device.
* **thinkpad-antitheft** - customized script that starts when you lock screen, ends itself when screen unlocked and activate an audio alarm when device moves while screen locked. Needs an working HDAPS (Thinkpad notebooks)
* **NeNe discovery** - discovers network devices connected to the same network as your laptop. When you connect with your laptop via ethernet/WiFi to the network you'd possibly like to know something about network devices that resides on the same network as You. This script does it automatically each time you connect and makes an desktop notification with a list of devices discovered.
* **MaDHCPhost changer** - you probably know macchanger that changes hardware address of your network device when you want to avoid tracking identities bundled with your network device identificator (MAC address). Unfortunately this is not the only udentificator bundled with your device. Normally you are sending your hostname in your DHCP request for an IPv4 address. This script changes MAC each time you connect and also selects new DHCP hostname from dictionary of common words. Warning: can eat up all your DHCP range of not assigned IP address if you reconnecting frequently
* **My UDEV notify** - udev rule scripts that notifies you each time an device is plugged/unplugged.

6
thinkpad-antitheft/README.md Normal file
View file

@ -0,0 +1,6 @@
=== Instalation ===
Configure keyboard shortcut in your WM (i am using an i3wm) to run lockscreen.sh to lock your screen.
Copy tp-theft.pl to /usr/local/bin/tp-theft.pl and make it executable.
Copy sudoers file to /etc/sudoers.d/tp-theft

23
thinkpad-antitheft/lockscreen.sh Executable file
View file

@ -0,0 +1,23 @@
#!/bin/bash -x
export DISPLAY=:0
TPTHEFT_PIDFILE="/tmp/tp-theft.pid"
## stop dunst notifications?
#/usr/bin/killall -SIGUSR1 dunst &
# forget all sudo cached credentials
/usr/bin/sudo -K
# turn on TP-theft protection
/usr/bin/sudo /usr/local/bin/tp-theft.pl -a &
# log TP-theft PID
echo $! >${TPTHEFT_PIDFILE}
# switch to i3 WM workspace that is not in use and has zero possibility you'd write
# confidential information (like password) blindly into some application (i.e. to an IRC)
/usr/bin/i3-msg workspace 99 && /usr/bin/i3lock -i /home/ruza/tmp/images/Terminal.png -f
## screen was unlocked so kill an antitheft script
/usr/bin/sudo /bin/kill -9 $(cat $TPTHEFT_PIDFILE)

6
thinkpad-antitheft/sudoers Normal file
View file

@ -0,0 +1,6 @@
Defaults env_reset,!tty_tickets,insults
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Cmnd_Alias TPTHEFT = /usr/local/bin/tp-theft.pl *, /bin/kill -9 *
Defaults!TPTHEFT !syslog, !pam_session
ruza ALL=NOPASSWD: TPTHEFT

164
thinkpad-antitheft/tp-theft.pl Executable file
View file

@ -0,0 +1,164 @@
#!/usr/bin/perl -w
# tp-theft (http://thinkwiki.org/wiki/Script_for_theft_alarm_using_HDAPS)
# This script uses the HDAPS accelerometer found on recent ThinkPad models
# to emit an audio alarm when the laptop is tilted. In sufficiently
# populated environments, it can be used as a laptop theft deterrent.
#
# This file is placed in the public domain and may be freely distributed.
#
# 2006-05-16: Script simplified by Guido Socher, just beep
use strict;
use vars qw($opt_a $opt_s $opt_h);
use Getopt::Std;
use Time::HiRes qw (sleep);
sub help();
#
getopts("ash")||die "ERROR: No such option. -h for help\n";
help() if ($opt_h);
#
##############################
# alarms are generated with writing 15 to /proc/acpi/ibm/beep
# To stop it you need to run
# tp-theft -s
#
# meaning of ACPI sounds -- /proc/acpi/ibm/beep
# 0 - stop a sound in progress (but use 17 to stop 16)
# 2 - two beeps, pause, third beep ("low battery")
# 3 - single beep
# 4 - high, followed by low-pitched beep ("unable")
# 5 - single beep
# 6 - very high, followed by high-pitched beep ("AC/DC")
# 7 - high-pitched beep
# 9 - three short beeps
# 10 - very long beep
# 12 - low-pitched beep
# 15 - three high-pitched beeps repeating constantly, stop with 0
# 16 - one medium-pitched beep repeating constantly, stop with 17
# 17 - stop 16
##############################
my $thresh = 0.9; # tilt threshold (increase value to decrease sensitivity)
my $interval = 0.1; # sampling interval in seconds
my $depth = 8; # number of recent samples to analyze
my $pos_file='/sys/devices/platform/hdaps/position';
my $blink_speed='0.25';
##############################
sub get_pos(){
# The file looks like this:
# (383,371)
open(POS,$pos_file) or die "Can't open HDAPS file $pos_file: $!\n";
$_=<POS>;
m/^\((-?\d+),(-?\d+)\)$/ or die "Can't parse $pos_file content\n";
return ($1,$2);
}
sub stddev(@) {
my $sum=0;
my $sumsq=0;
my $n=$#_+1;
for my $v (@_) {
$sum += $v;
$sumsq += $v*$v;
}
return sqrt($n*$sumsq - $sum*$sum)/($n*($n-1));
}
sub alarm_on {
open (BEEP,">/proc/acpi/ibm/beep")|| die "ERROR: can not write to /proc/acpi/ibm/beep\n";
print BEEP "15";
close BEEP;
}
sub alarm_off {
open (BEEP,">/proc/acpi/ibm/beep")|| die "ERROR: can not write to /proc/acpi/ibm/beep\n";
print BEEP "0";
close BEEP;
}
sub light_on {
open (BEEP,">/proc/acpi/ibm/light")|| die "ERROR: can not write to /proc/acpi/ibm/light\n";
print BEEP "on";
close BEEP;
}
sub light_off {
open (BEEP,">/proc/acpi/ibm/light")|| die "ERROR: can not write to /proc/acpi/ibm/light\n";
print BEEP "off";
close BEEP;
}
sub help(){
print "tp-theft -- use the Thinkpad built-in two-axis accelerometer,
as part of the HDAPS feature to generate a theft alarm.
USAGE: tp-theft [-ahs]
OPTIONS: -a start alarm system
-h this help
-s stop alarm
The ibm_acpi kernel module needs to be loaded (e.g from an init-script).
ibm_acpi is used to generate the alarm.
USAGE EXAMPLES:
Start tp-theft (when you come back stop it with Crtl-c):
tp-theft -a
Stop an ongoing alarm:
tp-theft -s
";
exit 0;
}
if (! -w "/proc/acpi/ibm/beep"){
die "ERROR: can not write to /proc/acpi/ibm/beep. Did you load the ibm_acpi kernel module? Did you make it writeable for an init script?";
}
if ($opt_s){
open (BEEP,">/proc/acpi/ibm/beep")|| die "ERROR: can not write to /proc/acpi/ibm/beep\n";
print BEEP "0";
close BEEP;
exit 0;
}
help() unless ($opt_a);
my (@XHIST, @YHIST);
my ($x,$y);
($x,$y) = get_pos();
for (1..$depth) {
push(@XHIST,$x);
push(@YHIST,$y);
}
my $xdev;
my $ydev;
my $tilted;
print "Starting accelerometer monitor...\n";
while (1) {
($x,$y) = get_pos();
shift(@XHIST); push(@XHIST,$x);
shift(@YHIST); push(@YHIST,$y);
$xdev = stddev(@XHIST);
$ydev = stddev(@YHIST);
# Print variance and history
#print "debug X: v=$xdev (".join(',',@XHIST).") Y: v=$ydev (".join(",",@YHIST).")\n";
$tilted = $xdev>$thresh || $ydev>$thresh;
if ($tilted){
system("/usr/bin/logger -p authpriv.alert -t ThinkPad-AntiTheft Theft ALARM!!");
# print "Theft ALARM!!\n";
# this will block until the command is played:
alarm_on();
for my $i (0..5) {
light_on();
sleep ($blink_speed);
light_off();
sleep ($blink_speed);
}
alarm_off();
exit 1;
}
select(undef, undef, undef, $interval); # sleep
}
# vim:sw=4:ts=4:si:et:nowrap:

30
wifi-probes/README.md Normal file
View file

@ -0,0 +1,30 @@
=== Instalation ===
# install notify-send binary and airmon-ng
apt-get install libnotify-bin aircrack-ng tshark
cp hoover.pl /usr/local/bin/
chmod 755 /usr/local/bin/hoover.pl
cp hoover-start.sh /usr/local/bin/
chmod 755 /usr/local/bin/hoover-start.sh
# change WIFI_INTERFACE to your WiFi sniffing interface and
# UPLINK_WLAN to Wifi interface you are using to connect to Internet
editor /usr/local/bin/hoover-start.sh
cp dbus-find-session.sh /usr/local/bin/
chmod 755 /usr/local/bin/dbus-find-session.sh
cp wifi-probes.service /etc/systemd/system/
# change value of User=ruza to user to be notified
editor /etc/systemd/system/wifi-probes.service
systemctl daemon-reload
cp sudoers /etc/sudoers.d/wifi-probes
mkdir /home/LEAKS/wifi/probes/
systemctl start wifi-probes.service
systemctl status wifi-probes.service
# watch log files in /home/LEAKS/wifi/probes/ directory
# You should also get desktop notification from time to time

10
wifi-probes/dbus-find-session.sh Executable file
View file

@ -0,0 +1,10 @@
#!/bin/bash
USER_DBUS_PROCESS_NAME="gconfd-2"
export NOTIFY_SEND_BIN="/usr/bin/notify-send"
# get pid of user dbus process
DBUS_PID="$(ps ax | grep $USER_DBUS_PROCESS_NAME | grep -v grep | awk '{ print $1 }')"
# get DBUS_SESSION_BUS_ADDRESS variable
export DBUS_SESSION="$(grep -z DBUS_SESSION_BUS_ADDRESS /proc/$DBUS_PID/environ | sed -e s/DBUS_SESSION_BUS_ADDRESS=//)"

75
wifi-probes/hoover-start.sh Executable file
View file

@ -0,0 +1,75 @@
#!/bin/bash
PIDFILE="/run/wifi-probe-scanner.pid"
WIFI_INTERFACE="wlxra"
UPLINK_WLAN=""
NOW="$(date +%Y-%m-%d--%H:%M:%S)"
#HOOVER_OPTS="--verbose"
MY_PID="$$"
# this is your first wifi device used to connect to Internet. We are detecting your location based on SSID you are connected to on yout first wifi device.
UPLINK_WLAN="${UPLINK_WLAN:-wlp3s0}"
WLAN0_SSID="$(iw dev ${UPLINK_WLAN} info | awk -F' ' '/ssid/ {print $2 }')"
DUMPFILE="/home/LEAKS/wifi/probes/dump-${NOW}-${WLAN0_SSID}.txt"
. /usr/local/bin/dbus-find-session.sh
function airmon_stop {
MON_IFACES="$(ifconfig -a|grep $(ifconfig -a|grep ${WIFI_INTERFACE}|awk '{print $5}'|sed 's/:/-/g'|tr a-z A-Z)|awk '{print $1}')"
for mon in ${MON_IFACES};do
echo "## Shutting down $mon"
sudo airmon-ng stop ${mon} && echo "** Monitoring device ${mon} destroyed"
done
}
trap ctrl_c INT
function ctrl_c() {
echo "** Trapped [CTRL-C]"
airmon_stop
echo "** ${DUMPFILE} occasionally written"
}
function main_start {
echo "${MY_PID}" > ${PIDFILE}
sudo ifconfig ${WIFI_INTERFACE} up
sudo airmon-ng start ${WIFI_INTERFACE} && echo "** Monitoring device for ${WIFI_INTERFACE} started"
touch ${DUMPFILE} && echo "** dumpfile is ${DUMPFILE}"
sudo /usr/local/bin/hoover.pl --interface mon0 --dumpfile ${DUMPFILE} ${HOOVER_OPTS} | while read LINE
do
# echo $LINE
if [[ $LINE == *probe* ]] ; then
# notify-send "$(echo \"${LINE}\"|sed 's/.*++//')"
#MSG="$(echo \"${LINE}\"|sed 's/.*++//')"
# /usr/local/bin/notify-send-as-root-MSG.sh "" "${TITLE}" "${MSG}"
#export DISPLAY=:0
#sudo -s /bin/bash su -c /usr/local/bin/notify-send-as-root-MSG.sh "-u low" "WiFi probe" "${MSG}"
# notify-send "${MSG}"
#DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION /usr/bin/notify-send "Wifi Probe" "$(echo \"${LINE}\"|sed 's/.*++//')"
DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION /usr/bin/notify-send -u low "$(echo \"${LINE}\"|sed 's/.*++//')"
fi
done
}
function main_stop {
#kill -INT $MY_PID
airmon_stop
kill $MY_PID
}
case "$1" in
start)
#main_stop
main_start
;;
stop)
main_stop
;;
*)
main_start
;;
esac

215
wifi-probes/hoover.pl Executable file
View file

@ -0,0 +1,215 @@
#!/usr/bin/perl
#
# hoover.pl - Wi-Fi probe requests sniffer
#
# Original idea by David Nelissen (twitter.com/davidnelissen)
# Thank to him for allowing me to reuse the idea!
#
# This script scans for wireless probe requests and prints them out.
# Hereby you can see for which SSID's devices nearby are searching.
#
# Copyright (c) 2012 David Nelissen & Xavier Mertens
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. Neither the name of copyright holders nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# History
# -------
# 2012/01/11 Created
# 2015/06/09 Fix: root detection
#
use strict;
use Getopt::Long;
$SIG{USR1} = \&dumpNetworks; # Catch SIGINT to dump the detected networks
$SIG{INT} = \&cleanKill;
$SIG{KILL} = \&cleanKill;
$SIG{TERM} = \&cleanKill;
my $uniqueSSID = 0; #uniq ssid counter
my %detectedSSID; # Detected network will be stored in a hash table
# SSID, Seen packets, Last timestamp
my $pid;
my $help;
my $verbose;
my $interface;
my $dumpFile;
my $dumpImmediately = "true";
my $ifconfigPath = "/sbin/ifconfig";
my $iwconfigPath = "/sbin/iwconfig";
my $tsharkPath = "/usr/bin/tshark";
my $options = GetOptions(
"verbose" => \$verbose,
"help" => \$help,
"interface=s" => \$interface,
"ifconfig-path=s" => \$ifconfigPath,
"iwconfig-path=s" => \$iwconfigPath,
"tshark-path=s" => \$tsharkPath,
"dumpfile=s" => \$dumpFile,
);
if ($help) {
print <<_HELP_;
Usage: $0 --interface=wlan0 [--help] [--verbose] [--iwconfig-path=/sbin/iwconfig] [--ipconfig-path=/sbin/ifconfig]
[--dumpfile=result.txt]
Where:
--interface : Specify the wireless interface to use
--help : This help
--verbose : Verbose output to STDOUT
--ifconfig-path : Path to your ifconfig binary
--iwconfig-path : Path to your iwconfig binary
--tshark-path : Path to your tshark binary
--dumpfile : Save found SSID's/MAC addresses in a flat file (SIGUSR1)
_HELP_
exit 0;
}
# We must be run by root
($> ne 0) && die "$0 must be run by root!\n";
# We must have an interface to listen to
(!$interface) && die "No wireless interface speficied!\n";
# Check ifconfig availability
( ! -x $ifconfigPath) && die "ifconfig tool not found!\n";
# Check iwconfig availability
( ! -x $iwconfigPath) && die "iwconfig tool not found!\n";
# Check tshark availability
( ! -x $tsharkPath) && die "tshark tool not available!\n";
# Configure wireless interface
(system("$ifconfigPath $interface up")) && "Cannot initialize interface $interface!\n";
# Set interface in monitor mode
(system("$iwconfigPath $interface mode monitor")) && die "Cannot set interface $interface in monitoring mode!\n";
# Create the child process to change wireless channels
(!defined($pid = fork)) && die "Cannot fork child process!\n";
sub dumpNetworks {
my $i;
my $key;
print STDOUT "!! Dumping detected networks:\n";
print STDOUT "!! MAC Address SSID Count Last Seen\n";
print STDOUT "!! -------------------- ------------------------------ ---------- -------------------\n";
if ($dumpFile) {
open(DUMP, ">$dumpFile") || die "Cannot write to $dumpFile (Error: $?)";
print DUMP "MAC Address SSID Count Last Seen\n";
print DUMP "-------------------- ------------------------------ ---------- -------------------\n";
}
for $key ( keys %detectedSSID)
{
#my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($detectedSSID{$key}[2]);
#my $lastSeen = sprintf("%04d/%02d/%02d %02d:%02d:%02d", $year+1900, $mon+1, $mday, $hour, $min, $sec);
my $lastSeen = $detectedSSID{$key}[3];
print STDOUT sprintf("!! %-20s %-30s %10s %-20s\n", $detectedSSID{$key}[2],
$detectedSSID{$key}[0], $detectedSSID{$key}[1], $lastSeen);
($dumpFile) && print DUMP sprintf("%-20s %-30s %10s %-20s\n",
$detectedSSID{$key}[2], $detectedSSID{$key}[0],
$detectedSSID{$key}[1], $lastSeen);
}
print STDOUT "!! Total unique SSID: $uniqueSSID\n";
($dumpFile) && print DUMP "Total unique SSID: $uniqueSSID\n";
close(DUMP);
return;
}
if ($pid) {
# ---------------------------------
# Parent process: run the main loop
# ---------------------------------
($verbose) && print "!! Running with PID: $$ (child: $pid)\n";
#open(TSHARK, "$tsharkPath -i $interface -n -l subtype probereq |") || die "Cannot spawn tshark process!\n";
open(TSHARK, "$tsharkPath -i $interface -o gui.column.format:'\"Source\", \"%s\", \"Destination\", \"%d\", \"Protocol\", \"%p\", \"Info\", \"%i\"' -n -l subtype probereq |") || die "Cannot spawn tshark process!\n";
while (<TSHARK>) {
chomp;
my $line = $_;
print "$line\n"; # debug
chomp($line = $_);
# Everything exept backslash (some probes contains the ssid in ascii, not usable)
#if($line = m/\d+\.\d+ ([a-zA-Z0-9:]+).+SSID=([a-zA-ZÀ-ÿ0-9"\s\!\@\$\%\^\&\*\(\)\_\-\+\=\[\]\{\}\,\.\?\>\<]+)/) {
if($line = m/([a-zA-Z0-9:_]+).+SSID=([a-zA-ZÀ-ÿ0-9"\s\!\@\$\%\^\&\*\(\)\_\-\+\=\[\]\{\}\,\.\?\>\<]+)/) {
if($2 ne "Broadcast") { # Ignore broadcasts
my $macAddress = $1;
my $newKey = $2;
print DEBUG "$macAddress : $newKey\n";
my $time=localtime();
if (! $detectedSSID{$newKey})
{
# New network found!
my @newSSID = ( $newKey, # SSID
1, # First packet
$macAddress, # MAC Address
$time); # Seen now
$detectedSSID{$newKey} = [ @newSSID ];
$uniqueSSID++;
print "++ New probe request from $macAddress with SSID: $newKey [$uniqueSSID] \@$time\n";
if ( $dumpImmediately ) {
dumpNetworks
#system("/bin/cat", "/home/ruza/bin/wifi-probe-requests/hoover/$dumpFile");
}
}
else
{
# Existing SSID found!
$detectedSSID{$newKey}[1]++; # Increase packets counter
$detectedSSID{$newKey}[2] = $macAddress; # MAC Address
$detectedSSID{$newKey}[3] = $time; # Now
($verbose) && print "-- Probe seen before: $newKey [$uniqueSSID] \@$detectedSSID{$newKey}[3] \n";
}
}
}
}
}
else {
# --------------------------------------------------
# Child process: Switch channels at regular interval
# --------------------------------------------------
($verbose) && print STDOUT "!! Switching wireless channel every 5\".\n";
while (1) {
for (my $channel = 1; $channel <= 13; $channel++) {
(system("$iwconfigPath $interface channel $channel")) &&
die "Cannot set interface channel.\n";
sleep(5);
}
}
}
sub cleanKill {
if ($pid) {
# Parent process: display information
print "!! Received kill signal!\n";
kill 1, $pid;
dumpNetworks;
}
exit 0;
}

3
wifi-probes/sudoers Normal file
View file

@ -0,0 +1,3 @@
Cmnd_Alias AIRMON = /sbin/ifconfig * up, /usr/sbin/airmon-ng start *, /usr/sbin/airmon-ng stop *, /usr/local/bin/hoover.pl *
Defaults!AIRMON !syslog, !pam_session
ruza ALL=NOPASSWD: AIRMON

19
wifi-probes/wifi-probes.service Normal file
View file

@ -0,0 +1,19 @@
[Unit]
Description=wifi-probe-scanner
[Service]
Type=simple
NotifyAccess=all
RemainAfterExit=yes
# just call /bin/true and let psd-resync.service do it for speed
#Environment=XDG_RUNTIME_DIR=/run/user/1000/
ExecStart=/usr/local/bin/hoover-start.sh start
ExecStop=/usr/local/bin/hoover-start.sh stop
PIDFile=/run/wifi-probe-scanner.pid
KillMode=mixed
Restart=on-failure
RestartSec=42s
User=ruza
[Install]
WantedBy=default.target