#!/usr/bin/perl
# 2010 WeakNet Labs
# Coded by Trevelyn
# Douglas [at] WeakNetLabs [dot] com
#  
# Depends on Aircrack-ng Suite and TCPDump
# This application will deauthenticate all MAC addresses that are ARP flooding
# 	via WiFi.  It will attack multiple attackers at once, spoofed MAC addresses,
#	and stops the ARP attack almost instantly.
#
# This is a "proof of concept application, which does not come with any warranty.
# It is free and can be modified and redistributed.
# WeakNetLabs is not responsible for an damage or downtime caused by the
# 	use of this application, please use at your own risk. 
# It does not make the WEP encryption "stronger" It simply acts as a WIDS.
#  
# You also need a wireless card that supports injection, with patched drivers.
# If support is needed please contact us on the WeakNet Linux Forums @ 
# 	http://www.weaknetlabs.com/forums in the "HELP!?" section.
#
#
use strict;
# stuff your stack with some stuff:
my $bssid = $ARGV[0];
my $essid = $ARGV[1];
my $device = $ARGV[2];
my $file = $ARGV[3];
my $fn = 0;
my $fna;
my $file_grab;
my $essid_grab;
my $bssid_grab;
my $device_grab;
my $ans0;
my $m;
my @ATK;
my $attacker;
my @MACs;
my @MACz;
my %h;

# no arguments:
if ($ARGV[0] eq '') { print "Please run with \"--help\" or \"-h\" for syntax.\n"; exit; }
# help is on the way!
elsif ($ARGV[0] eq '--help' || $ARGV[0] eq '-h') { print "Catchme-NG(WEPprotect) - 2010 WeakNetLabs.com\n [ ^.^ ] Usage:\n"; 
	print "  -i\tWireless Device\n  -f\tTCPDump output file\n  -b\tBSSID (MAC address of your AP)\n  -e\tESSID (Broadcast name of your AP)\n\n";
	exit;

}

# proper syntax given: (there should be a Perl module made for this, using @ARGV?)
# i do all of this so you can specify the arguments in whichever order.
else {
	foreach (@ARGV) { if ($_ =~ '-f') { $fna = $fn + 1; $file_grab = $ARGV[$fna]; } $fn++; }
		$fn = 0;
	foreach (@ARGV) { if ($_ =~ '-b') { $fna = $fn + 1; $bssid_grab = $ARGV[$fna]; } $fn++; }
		$fn = 0;
	foreach (@ARGV) { if ($_ =~ '-i') { $fna = $fn + 1; $device_grab = $ARGV[$fna]; } $fn++; }
		$fn = 0;
	foreach (@ARGV) { if ($_ =~ '-e') { $fna = $fn + 1; $essid_grab = $ARGV[$fna]; } $fn++; }
		$fn = 0;
     }
# check for all componenets:
if (!grep(/-f/, @ARGV)) {print "You forgot to specify a dump file!\n [ ^.^ ] Try catchme-ng_wep --help for usage.\n"; exit;}
if (!grep(/-b/, @ARGV)) {print "You forgot to specify the BSSID of the AP!\n [ ^.^ ] Try catchme-ng_wep --help for usage.\n"; exit;}
if (!grep(/-i/, @ARGV)) {print "You forgot to specify the WiFi device!\n [ ^.^ ] Try catchme-ng_wep --help for usage.\n"; exit;}
if (!grep(/-e/, @ARGV)) {print "You forgot to specify the ESSID of the AP!\n [ ^.^ ] Try catchme-ng_wep --help for usage.\n"; exit;}

print "Using DEVICE: $device_grab, BSSID: $bssid_grab, ESSID: $essid_grab, and FILE: $file_grab\n";
print "is this okay [y/n]? ";
$ans0 = <STDIN>; chomp $ans0; $ans0 =~ tr/A-Z/a-z/;
if ($ans0 eq 'n') { print "\nTry again... \n\n"; exit; }
elsif ($ans0 eq 'y') { print "[ ^.^ ] Starting up... \n"; open (FLE, $file_grab) or die "[ x_x ] Cannot open tcpdump file!!\n[ ^.^ ] Make sure you have the FULL pathname if not in current directory!\n"; close FLE;} 
else { print "Just a \"y\" or \"n\" please.\n"; exit; }

# start up already:
&start;

sub start { sleep 2;
open (FLE, $file_grab);
print "[ ^.^ ] Checking dump file...\n";
# slurp the # of lines in $file_grab into $m:
$m++ while <FLE>;
close FLE; open (FLE, "$file_grab");
if ($m > 10) { 
	print "[ \@_\@ ] Your airspace is polluted! [ $m lines ]\n";
	while (<FLE>) { @ATK = split(/\s/, $_); chomp $ATK[1]; push(@MACs, $ATK[1]); } # <-- Slurp all MAC addresses into @MACs
	@MACz = grep { !$h{$_}++ } @MACs; # <-- deduplicate MAC addresses (found syntax by googling)
# Deauth ALL attackers MACs:
	foreach (@MACz) { 
	  if ($_ ne '') { 
		print "[ \>_\< ] Deauthenticating attacker: $attacker!!\n";
	# The Deauth process is forked, incase of multiple attackers.
		system "aireplay-ng -0 5 -a $bssid_grab -e $essid_grab -c $_ $device_grab \&"; } } # <-- Deauth attack.
	
	close FLE;
	open (FLE, ">$file_grab"); # <-- open and clear out tcpdump file.
	print FLE "\n"; 
	close FLE;
	$m = 0; # <-- reset lines counter.
	&start; } # <-- start over.

else { close FLE; open (FLE, ">$file_grab"); print FLE "$m\n"; close (FLE); print "[ ^.~ ] Airways clean... \n"; $m = 0; &start; }

}