Wifi Pineapple module scanner
================================================================================
__ __ .__ __________
/ \ / \ |__| \______ \ ____
\ \/\/ / | | | ___// __ \
\ / | | | | \ ___/
\__/\ / |__| |____| \___ >
\/ \/
_________
/ _____/ ____ _____ ____ ____ ____ _______
\_____ \ _/ ___\ \__ \ / \ / \ _/ __ \ \_ __ \
/ \ \ \___ / __ \_ | | \ | | \ \ ___/ | | \/
/_______ / \___ > (____ / |___| / |___| / \___ > |__|
\/ \/ \/ \/ \/ \/
================================================================================
Usage: wexploit.py <IP and port> <time backwards in hours>
e.g.: wexploit.py 172.16.42.1:1471 2
Note #1: This works only for community made modules that don’t have any protection against brute forcing.
Note #2: This is done only for testing purposes.
I made a Wifi Pineapple scanner last week, now that Disobey – event is over, I’ll post this here.It’s a simple scanner that brute-forces community modules log files and config files from Wifi pineapple. Scanner is a bit quick and dirty work, but it works. If you use Wifi pineapple, anybody connected to that can download log and config files from the Wifi pineapple via port 1471 (management port) since the files are not protected in any way (except of course the time stamp). So, remember to use filters in Wifi Pineapple to include only your devices that you want to test and you control.
I would also like to say that this is only because of community modules that have flaws, not with Hak5 software.
Since almost all log files use epoch time stamp in log files, it’s just a matter of going through the possibilities. Some config files have certain names, so those can be fetched immediately. This can be a problem if the log/config files have usernames and/or passwords in them.
Usage example: ./wwipescanner.py 2 would crawl the log files from two hours back to current time.
Download from github: https://github.com/jvesiluoma/WipeScanner