This program is a completely automatic fire and forget WPA handshake collector that can release the user from the drudgery of actively attempting to collect WPA handshakes. In 12 hours of overnight operation while we slept, this script collected more handshakes then our teams normally collect in two weeks sitting in front of computer screens.
Script supports kali 1.10a and kali 2.0 and BOTH the older and newer version of airmon-ng.
After setup the program automatically:
1. Scans for any WPA Encrypted Association Points(WPAEAP) within range of the wifi device.
2. Opens two(2) xterm windows running airodump-ng and aireplay-ng pointed at the first WPAEAP found by the scan.
3. Sends two(2) timed aireplay-ng --deauth bursts at the first WPAEAP found by the scan attempting to collect a WPA handshake. Length of these deauth bursts is set by user.
4. A .cap file is collected by airodump-ng and is then read by aircrack-ng and wpaclean for the existence of a valid WPA handshake.
5. If a handshake is found, the file is moved to a /root/HANDSHAKEHOLD folder for further processing with aircrack-ng,pyrite or elcomsoft by the user.
6. Any ESSID probes collected are added to the /root/PROBEESSID_DATA/essidprobesdic.txt fle as a wordlist text file for use with aircrack-ng, pyrite or elcomsoft.
7. The mac address for the device is then randomly spoofed.
8. Program moves on to the next WPAEAP found during the scan and completes the above processes 2 thru 7 again.
After ALL WPAEAP found in the scan have undergone a deauth process, the program enters a passive all channel scan phase collecting data silently for a period of time set by the user.When the passive all-channel scan is completed, the .cap file is read for the existence of WPA handshakes. If found it moves the passive scan .cap file to the /root/HANDSHAKEHOLD folder for further processing by the user. Any ESSID Probes in clear text are written to the /root/PROBEESSID_DATA/essidprobesdic.txt as a wordlist text file.
The script then rescans for any WPAEAP found and again deauths all WPAEAP in turn. This Process can continue autonomously for as long as the user requires.
The script does not attack an AP unless it supports WPA.
White Listing any WPAEAP selected by the user so the program does not disrupt a specific device is supported in the setup.
If a handshake is found the program skips that AP in further attack cycles as long as the .cap file is found in the /root/HANDSHAKEHOLD folder.