Jump to content
Skinny

Python Script for Rank Ordering SSID Pool

Recommended Posts

Hi Guys,

I've been working on a python script to help organize the pineapple's SSID pool. Most of the work I do with the pineapple has to do with attracting unassociated clients. As such it's sometimes undesirable to have an extremely large SSID pool. For instance, if I'm trying to grab a client and it's looking for an SSID that's 2250 on the list, but the pineapple rolling through SSIDs at number 5 on the list, I might miss my opportunity.

To help combat this, I generally use an SSID list that is smaller in number, but the SSIDs on that list are SSIDs that many people use (Ex: attwifi, panera, CableWifi). Up until now I've just been looking at multiple lists trying to pick out ones I think clients will be broadcasting.

The script makes use of pineapple's pineap.log file. You can find this file by going to the Logging system module and clicking the Download button after you've used Pineap to log some probe requests. You can also find it on the pineapple in the /tmp/ directory. This file starts anew after each restart.

If you place pineap.log in the same directory as the script and run the script, the script will:

- harvest of the SSIDs and the mac addresses that probed for them

- eliminate all duplicate requests

- assign each SSID a rank based on the number of times a unique device requested that SSID

- sort the SSID with the highest rank to the top with each successive rank behind

- write the results to two files. The first file, SSIDlist.log, has just SSIDs listed in their appropriate rank order. The second file, finalRanking.log, has the same but each SSID has it's rank next to it.

What I then do is edit SSIDlist.log, erase all but the top 100 SSIDs, rename the file to ssid_file, and place it in the pineapple's /etc/pineapple/ directory. (More on that here: https://forums.hak5.org/index.php?/topic/38060-ssid-pool-management/?p=275753) Now my standard pool of SSIDs are the top 100 SSIDs used in my part of the world.

Just to give you an example of how I'm using this on the ground. Yesterday I took my pineapple to a large target area. I needed to know what SSIDs would most likely ensnare the devices and the employees' personal devices on that campus. I spent over an hour walking the grounds and ended up with over 450 SSIDs. Using this script, I'll cut that 450 down to 100 or even 50 to increase the speed and efficiency of grabbing a client.

The example files that are with the script are from me driving around Tampa yesterday with the pineapple in the back of my car. Just for the record, war driving is a terrible way to collect probe requests for an area. You're better off walking.

You might be asking, why isn't this a module? First, I've never used javascript or php. I'm attempting to learn, but I'm not even close. So if anyone finds this helpful enough and wants to make it a module, be my guest.

Finally, I'd like to make a suggestion. If you use this script for a particular area and you don't mind sharing, I would like to make a repository of Top 100's on regions all over the world. I have webspace at skinnyrd.com and can post them all there in an organized fashion. The more distinct the region, like neighborhoods or industrial parks in cities vs entire metro areas, the better. If you live in a small town, that's welcome to. If you'd really rather not share, no big deal.

If you have any questions just let me know. Have a great day!

SSIDsort.zip

Edited by Skinny
  • Upvote 2

Share this post


Link to post
Share on other sites

Whistle Master,

As far as a dream module using the script above, being able to take the produced SSID file, trim it to a specific number of top SSIDs, and then manage those produced files would be helpful. With a way to manage the files, you could load or withdraw specific, high ranking SSID pools depending on what geographic location you find yourself.

A simpler module would just be a button that you click. With one click it would take a look at the pineap.log file, run it through the script above, and allow the user to download the resulting file for editing.

I'm a bit of an idiot when it comes to coding and have never used the languages required to write a module. I'm stepping through the video Darren and Seb made but I think it's going to take a few iterations and time I don't have. If you decide to pursue this as a project, let me know if there is a way I can assist and I'll help where I can.

Share this post


Link to post
Share on other sites

Im not sure how to do that in python, but in bash you can do

$ cat pineap.log | cut -c34- | sort | uniq -c | sort -n -r | head -100
If you just want the ssid's you can do

$ cat pineap.log | cut -c53- | sort | uniq -c | sort -n -r | head -100
Edited by fugu
  • Upvote 2

Share this post


Link to post
Share on other sites

Im not sure how to do that in python, but in bash you can do

$ cat pineap.log | cut -c34- | sort | uniq -c | sort -n -r | head -100
If you just want the ssid's you can do

$ cat pineap.log | cut -c53- | sort | uniq -c | sort -n -r | head -100

Nice work! I like the approach. There is a minor hitch for me with the second command but it just depends on what kind of list you're trying to build. For the ssid cat command, all the SSIDs are counted in the file regardless of how many times a single mac address may have beaconed it out. The python code above will not count an SSID as having a higher rank if that SSID has been beaconed for by the same mac address over and over.

For instance, in one of my pineap.log files there is an SSID called FiOS-4Z7UY. With the above cat command this SSID ranks second overall with a count of 19, but when you manually look through the log file you only see 2 mac addresses beaconing for that SSID over and over. By repeatedly beaconing the SSID, the ranking for that SSID becomes artificially inflated. The python script on the other hand puts the SSID much further down the list with a count of 2. The count is 2 because only two unique mac addresses beaconed for it. What I need out of an SSID pool is for that list to be filled with SSIDs with a high count from multiple devices to have the highest likelihood of grabbing the attention of a random, unassociated client. That's why the script is written in this manner.

Edited by Skinny

Share this post


Link to post
Share on other sites

I modified it a little bit, is this more like what you wanted to do?

$ cat pineap.log | cut -c34- | sort | uniq | cut -c20- | sort | uniq -c | sort -r -n
  • Upvote 1

Share this post


Link to post
Share on other sites

Thanks fugu. It's getting late, so I'll give it a try tomorrow.

Share this post


Link to post
Share on other sites

I modified it a little bit, is this more like what you wanted to do?

$ cat pineap.log | cut -c34- | sort | uniq | cut -c20- | sort | uniq -c | sort -r -n

Great job fugu! Checked out the results from both this morning and this one-liner has the exact functionality as the python script.

The python script produces two files. The first is just like you've made here. It shows the rankings. The second is the same as the first, it eliminates the ranking and just has the list of SSIDs. This second file is what gets put in /etc/pineapple/ for the PineAP pool. I believe you're just one cut command from having that file as well.

Thanks for posting this. I've learned a few things about formatting output from you. Seeing your one line of commands made me feel like an idiot after building a script in python for 6 hours. If you don't mind, I might contact you later in regards to some ubertooth-rx output I've been trying to shape.

Have a great day and thanks again!

Share this post


Link to post
Share on other sites

This is going to be very useful for profiling different regions that I go to for work. Does anyone have a ETA on a possible module that will scan for, sort, cut, and save profiles / templates of the ssid pool that has been collected.

Thanks again for all your hacking on this.

Share this post


Link to post
Share on other sites

hmm, seems to be NOT the ez pz.. ;)

any news regarding a release?

What do you guys think of a code to only adds associated ssids?!?

Share this post


Link to post
Share on other sites

I don't know that anyone is working on a module. The one line of bash script that fugu wrote works just fine.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...