Ucnt

I imagined that might be the case, but wanted to ask in case I was wrong. Thanks for the suggestion.

I know that the Karma log is temporarily stored at tmp/karma-phy0.tmp, but wanted to see if anyone knew what file managed the log file (i.e. that creates its input) so I can see about modifying it to add the date/time that the probe was received. grep'ing the string "Probe Request from" didn't come up with anything. My intent is: Have a couple of my Pineapples send their log files (with date/time stamp of each probe request) to a "sink" (i.e. data collection server) which will track a user by MAC address or, if the MAC address is being randomized, by its SSID set (e.g. "home-router123", "starbucks", "myoffice-router"). I can use the DTG of the log file transfer but I want to limit the number of times I transmit the log file and including it in the probe request log seems to be the easiest solution.

Thanks for the feedback. I'm only in my 2nd semester of Java and didn't know you could use it to execute nmap or do an HTTP request like that. I appreciate it and I'll start playing around with it tonight. Sounds like it should be fairly easy...

That's what I'm trying to do...I'm not looking for someone to hand me a turn key solution... Though I'm new to coding, I have already written code, though admittedly easy and probably inefficient, that identifies IPs with port 80 open and exports the results to a text file and script (for automatically opening them in firefox) so I can browse through them. That is obviously is time intensive so I tried to use BeatifulSoup and similar methods to scrape the Belkin page, as I said above, but none work. There is no title to the page (just the IP), links are not being detected, and I have been unable to specify the hardware field to specifically parse that data. I understand that you and others can write code to do it; I'm just looking for advice on how you would go about it since the methods I have tried failed...

Oh, and I have tried BeautifulSoup using various methods (searching for the title, links, etc) but it is not reading the Belkin router's config page properly.

Not mine but touche I guess? or at least I understand what you are saying....though it's trivial to find an open router's config page that is password protected. It's not inviting the hacking of that router, it's using it as a reference in order to parse HTML data from. If I posted one of the open IP addresses, I'd be more apt to agree with you... That being said maybe a 'better' way to show this is to show you an xpath to one of the routers, written two different ways. id('cont_table')/x:tbody/x:tr/x:td[2]/x:blockquote/x:form/x:div[1]/x:table[1]/x:tbody/x:tr[2]/x:td[2]#<td> /tbody/tr/td[2]/blockquote/form/div[1]/table[1]/tbody/tr[2]/td[2]/text()

Desired end state: Scan and scrape a range of IP addresses, looking for a router model within an an HTML page, and output the IP address, if found. Note: Multiple versions of the router are open and the xpaths to the hardware versions are different... Background: I've been goofing around with nmap, scanning a few subnets around my IP address (Comcast) and have noticed that 5-10 Belkin F5D model routers per class B subnet are open on port 80 and about half of them have no admin password established. I want to do a more extensive scan but want to limit the IPs returned to the F5D routers, not every device open on port 80 so I don't have to go to each page and manually identify them. From what I understand python doesn't work well with nmap and I am not sure a good way to approach this and I was struggling to get something like BeautifulSoup to successfully scrape a config page. Any ideas?

I presume you're using Darren's script that he showed on the video (seen below) in order to generate the .txt file? Assuming so, I've never got that far along the attempts but will do my best to try it out. At worst, you could break the code up into 4 files (1-2500, 2501-5000, etc) and run it iteratively. Either way, there won't be a log created because it is acting like a keyboard so there isn't a way to do an if/then or while statement to verify if you're in and, if so, to create a message. You'd have to keep tabs on it to see when it gets unlocked so you know know the range of pin numbers that you were trying. Script: echo DELAY 5000 > android_brute-force_0000-9999.txt; echo {0000..9999} | xargs -n 1 echo STRING | sed '0~5 s/$/\nWAIT/g' | sed '0~1 s/$/\nDELAY 1000\nENTER\nENTER/g' | sed 's/WAIT/DELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER/g' >> android_brute-force_0000-9999.txt

First, thank you to the entire Hak5 team! You and your videos are awesome. Name: Matt Occupation: Student (M.S. in Computer Science) Hobbies: Continued IT education and poking around at different 'hacks' to supplement my in class education (e.g. the Rubber Ducky, wifi sniffing/hacking, etc) and hope to get the Wifi Pineapple when I get some more $ together. I'm not a great coder (yet...hopefully) and I'm still figuring out where I fit and what I'm good at but am here to learn and share whatever knowledge I may be able to bring to the table.