#!/bin/bash # ############################################################################ # US Phone Number Generator by DERV # ############################################################################ # HELP # run the program with -h for help # # ./f0ne.sh -h # ############################################################################ # # USES: # wget* # awk # sort** # uniq** # tr** # # *internet access is required # # **not necessary, but recommended # # ############################################################################ # # CHANGE LOG # # revision 6 changes: (8/22/10) # -command-line arguments! # -to run: ./f0ne.sh [city] [style] # -outputs only phone numbers instead of a file (so user can pipe to a file or aircrack) # -ex: ./f0ne.sh "albuquerque, nm" 2 # -this will create all alb numbers with style 555-666-1234 (- separators) # # # revision 5 changes: (8/18/10) # -can run independent of crunch - slower, but it works if crunch isn't available # -saves to 'name_of_city.txt' instead of generic 'phone.txt' # -leeto burrito ascii art # # revision 4 changes: # -removes duplicates for numbers that don't contain the area code (prefix only) # # revision 3 changes: # -aircrack-ng passthrough for WPA cracking (saves time/space) # -key is outputted to aircrack.txt and script stops immediately if key is found # # revision 2 changes: # -menu system to output certain phone number formats # -corrected error for cities with spaces in the name # ############################################################################ # # ToDo # receive city, format, aircrack info as arguments to be more linux-like # - just have if [[ $1 != ... everywhere! # ############################################################################ # # Note: # This script runs MUCH faster if crunch is installed! # program looks for crunch in directory /pentest/passwords/crunch/ # edit the line below if crunch is located elsewhere on your computer: # CRUNCH="/pentest/passwords/crunch/./crunch" #CRUNCH="/derpderp/hurrdurr/./crunch" # for testing if user doesn't have crunch # # crunch can be found here: http://sourceforge.net/projects/crunch-wordlist/ # ############################################################################ # check if the user needs help if [[ $1 = 'h' ]] || [[ $1 = '--help' ]] || [[ $1 = '-h' ]] || [[ $1 = 'help' ]] || [[ $1 = '-help' ]]; then echo "" echo -e "\E[32m /" echo -e "\E[32m /\`\`/ \E[32mf 0 n e" echo -e "\E[32m /__/" echo -e "\E[32m /__/ \E[37mphone number generator" echo -e "\E[39m" echo "" echo -e "\E[37mabout:" echo -e "\E[39m" echo " Phone numbers are a common password choice." echo " Generating every 7-digit phone number for an area code leads to 10 million numbers." echo " There is a website that finds only valid numbers (areacode and prefix) for certain cities." echo " This program uses that website to generate customized lists of phone numbers." echo "" echo "" echo -e "\E[37mhow to use:" echo -e "\E[39m" echo " Enter the U.S. city, for example 'New York'." echo "" echo " Then enter what format you want the phone number stored." echo " 1) (555)444-####" echo " 2) 555-444-####" echo " 3) 555444####" echo " 4) 444-####" echo " 5) 444####" echo "" echo " f0ne will ask if you want to passthrough the results to aircrack-ng to crack WPA." echo " This feature is designed to save time and harddisk space." echo " Enter 'y' to select this option." echo " You will be prompted for the .CAP file containing a WPA handshake," echo " and the name (SSID) of the access point." echo "" echo " If you do not select aircrack-ng passthrough, f0ne will save the numbers to a file." echo "" echo "" echo -e "\E[37mnote:" echo " f0ne uses Crunch to generate phone numbers quickly." echo " The script defaults to /pentest/passwords/crunch/ to locate crunch" echo " If needed, edit f0ne.sh to change the crunch path (LINE 66)" echo "" echo " If crunch is not found, f0ne.sh uses a built-in script that is much slower than crunch." echo "" echo " f0ne also accepts command-line arguments!" echo -e " Usage: \E[39m./f0ne.sh \E[32m[CITY] [STYLE]\E[37m" echo -e " Example: \E[39m./f0ne.sh \E[32m\"albuquerque, nm\" 5\E[37m" echo " When using command-line arguments, f0ne will only output the phone numbers and no other data," echo " so piping to a file is recommened:" echo -e " \E[39m./f0ne.sh \E[32m\"chicago, il\" 5 \E[36m> chicago.txt\E[37m" echo " This will write all the phone numbers to the file 'chicago.txt'" echo -e "\E[39m" exit 0 fi # trap term/keyboard interrupt signals trap ITSATRAP INT trap ITSATRAP TERM ITSATRAP() { killall aircrack-ng 2> /dev/null & 1> /dev/null if [[ $# -eq 0 ]]; then echo -e "\E[39m" echo -e "\E[31m[!] Keyboard interrupt; exiting\E[39m" fi exit 0 } # banner if [[ $# -eq 0 ]]; then # only print if user supplied no arguments echo "" echo -e "\E[32m /" echo -e "\E[32m /\`\`/ \E[32mf 0 n e" echo -e "\E[32m /__/" echo -e "\E[32m /__/ \E[37mphone number generator" echo -e "\E[39m" echo "" fi # check if user has crunch installed if [[ ! -f "$CRUNCH" ]]; then # crunch isn't found; use a built-in shell script instead # check if user is root; warn about not running as root (chmod!) if [[ `users` != 'root' ]] && [[ $# -eq 0 ]]; then echo "[+] It is recommened to run this script as root if you do not have crunch installed." echo -n "[?] Do you wish to continue? (y/n) " read ANSWER if [[ "${ANSWER}" = 'n' ]]; then exit 0; fi fi HAS_CRUNCH="0" # variable so we know if we are using CRUNCH or not if [[ $# -eq 0 ]]; then echo "" echo -e "\E[31m[!] \E[39mCrunch was not found." echo "[-] Creating temporary phone-number-generating script..." fi # create script that generates the last 4 phone numbers to the argument passed # as you can see, all this script does is echo (it's harmless) echo "#!/bin/bash trap ITSATRAP INT trap ITSATRAP TERM ITSATRAP() { exit 0 } PRE=\$1 COUNT=0 while [ \${COUNT} -lt 10000 ]; do TEMP=\${COUNT} if [ \${#TEMP} -eq 1 ]; then TEMP=\"000\${TEMP}\" elif [ \${#TEMP} -eq 2 ]; then TEMP=\"00\${TEMP}\" elif [ \${#TEMP} -eq 3 ]; then TEMP=\"0\${TEMP}\" fi echo \${PRE}\${TEMP} COUNT=\$((COUNT + 1)) done exit 0" > f0ne-crunch.sh # end of script # change permissions on this temporary script (so we can run it) chmod +x f0ne-crunch.sh # let user know what's up if [[ $# -eq 0 ]]; then echo -e "\E[33m[-] \E[39mNote: Temporary script f0ne-crunch.sh will be deleted on exit." fi CRUNCH="./f0ne-crunch.sh" ## old style would quit ; fuck that! ## echo "" ## echo "[!] Path to crunch not found! ($CRUNCH)" ## echo "[!] Please edit phone.sh Line 40 to the correct path to Crunch" ## exit else # if crunch is found, use it! (it's much faster than f0ne-crunch.sh) HAS_CRUNCH="1" fi if [[ $# -eq 0 ]]; then echo -n -e "\E[32m[+] \E[39mEnter a U.S. City (e.g. \E[32mchicago, il\E[39m): \E[32m" read CITY OUTFILE=$CITY # OUTFILE is the output file -- where the data is saved to OUTFILE=${OUTFILE// /} # strip out the spaces OUTFILE=${OUTFILE//[^a-zA-Z0-9]/} # leave only alphanumeric characters OUTFILE=`echo -n $OUTFILE | tr A-Z a-z` # convert to lowercase OUTFILE="${OUTFILE}.txt" # make it a txt file rm -rf ${OUTFILE} # remove the output file, just in case; so we don't 'stack' numbers together elif [[ $# -eq 1 ]]; then CITY=$1 STYLE=3 # default to [areacode][prefix][number] without any separators OUTFILE="" elif [[ $# -eq 2 ]]; then CITY=$1 STYLE=$2 # user gave us city and separator! OUTFILE="" else echo -e "\E[33m[+] \E[39mError: invalid amount of arguments" echo "" echo -e "\E[33m[+] \E[39mProper usage (with examples):" echo "" echo -e "\E[33m[+] \E[39m./f0ne.sh \E[32m[CITY]" echo -e "\E[33m[+] \E[39m ./f0ne.sh \E[32mchicago" echo -e "\E[33m[+] \E[39m ./f0ne.sh \E[32m\"chicago, il\"" echo "" echo -e "\E[33m[+] \E[39m./f0ne.sh \E[32m[CITY] [STYLE]" echo -e "\E[33m[+] \E[39m ./f0ne.sh \E[32mchicago 3" echo -e "\E[33m[+] \E[39m ./f0ne.sh \E[32m\"chicago, il\" 3" echo "" exit 0 fi # change format of CITY (used for URL request) CITY=${CITY// /+} # website we use can't have spaces; use plus-signs (+) instead CITY=${CITY//,/+} # convert commas to spaces CITY=${CITY//[^a-zA-Z0-9+]/} # only alphanumeric characters (and plus signs!) CITY=`echo -n $CITY | tr A-Z a-z` # finally, lowercase if [[ $# -eq 0 ]]; then # phone number style menu echo -e "\E[39m" echo -e "[-] Select a phone number format:" echo "" echo -e " \E[32m1\E[39m) (555)555-5555 [13 chars]" echo -e " \E[32m2\E[39m) 555-555-1234 [12 chars]" echo -e " \E[32m3\E[39m) 5555555555 [10 chars]" echo -e " \E[32m4\E[39m) 555-1234 [ 8 chars]" echo -e " \E[32m5\E[39m) 5551234 [ 7 chars]" echo "" echo -n -e "\E[32m[+]\E[39m Enter a number between \E[32m1\E[39m and \E[32m5\E[39m: \E[32m" read STYLE fi # check if style (phone number formatting) is a valid menu option if [[ "$STYLE" -lt "1" ]] || [[ $STYLE -gt "5" ]]; then # if they picked something < 1 or > 5 echo -e "\E[31m[!] \E[39mInvalid menu number ($STYLE). Please use 1-5. \E[31mexiting.\E[39m" exit 0 fi # if we're not using command-line arguments... if [[ $# -eq 0 ]]; then # wpa passthrough question echo -e "\E[33m[?]\E[39m Do you want to passthrough the phone numbers into " echo -n -e " aircrack-ng to crack a WPA handshake capture file? (\E[32my\E[39m/\E[32mn\E[39m): \E[32m" read ANS # if they want to pass through to aircrack-ng... if [[ "$ANS" == "y" ]]; then # get .cap path echo "" echo -n -e "[+] Enter the \E[32mpath to the .cap file\E[39m containing a WPA handshake: \E[32m" read CAP echo -e "\E[39m" if [[ ! -f "$CAP" ]]; then # if the .cap file does not exist, gtfo CAP="" echo -e "\E[31m[!] \E[39mCAP file \E[31m\'${CAP}\' \E[39mnot found; defaulting output to \E[32m${OUTFILE}\E[39m" else # cap file exists, get the ESSID echo -n -e "[+] Enter the \E[32mESSID\E[39m of the access point: \E[32m" read ESSID fi # remove aircrack.txt now -- will contain if/when WPA key is found rm -f aircrack.txt else # if CAP="", then we will only output phone numbers to the OUTFILE; no passthrough CAP="" fi else CAP="" fi # delete temporary files rm -rf /tmp/page1.txt rm -rf /tmp/page2.txt # get html from site if [[ $# -eq 0 ]]; then echo -e "\E[39m" echo -e "\E[32m[+] \E[39mGathering area-code and prefix information using wget; please wait..." fi wget -q -O /tmp/page1.txt http://www.melissadata.com/lookups/phonelocation.asp?number=${CITY} # if wget returned invalid data or nothing at all... if [[ $(cat /tmp/page1.txt) = "" ]] || [[ ! -f /tmp/page1.txt ]]; then echo "" echo -e "\E[31m[!]\E[39m Unable to download phone numbers for city '${CITY}'; exiting" echo -e "\E[31m[!]\E[39m Unexpected errors occurred while accessing the following site:" echo -e "\E[31mhttp://www.melissadata.com/lookups/phonelocation.asp?number=${CITY}\E[39m" echo -e "\E[31m[!]\E[39m Check to make sure your internet connection is working and this URL provides relevant data." exit 0 fi # echo "[-] Prefixes gathered. Parsing..." # the next few lines are pretty ugly # i don't know much about awk, so I basically juggled the data between two files (page1.txt and page2.txt) # this is horrible code and I'm sure there's a one-line awk solution to this, but I wasn't able to find it... # grab the beginning of the phone numbers from page1, store in page2 awk ' BEGIN {FS = "?number=" } {print $2} ' /tmp/page1.txt >> /tmp/page2.txt rm /tmp/page1.txt # strip the end of the number (ignoring the trailing '0000' for each #) awk ' BEGIN {FS = "0000\"" } {print $1} ' /tmp/page2.txt >> /tmp/page1.txt rm /tmp/page2.txt # remove blank lines 'cause I suck at awk awk '$0!~/^$/ {print $0}' /tmp/page1.txt >> /tmp/page2.txt rm /tmp/page1.txt # if the user selected a menu item larger than 3... if [[ "${STYLE}" -gt "3" ]]; then # we don't need area code! while read Lines do # remove areacode from each line echo ${Lines:3} >> /tmp/page1.txt done < /tmp/page2.txt rm /tmp/page2.txt # remove duplicates -- this is possible for large cities where different areacodes have the same prefix! cat /tmp/page1.txt | sort | uniq > /tmp/page2.txt rm /tmp/page1.txt fi # at this point, /tmp/page2.txt contains all of the [area codes and] prefixes for the city # the following lines/loop counts how many prefixes there are # this is purely to let the user know how much longer the process will take COUNT=0 # COUNT will be the total amount of prefixes to generate CURRENT=0 # CURRENT keeps track of which prefix we are currently working on while read Line; do # go through every line in the prefix file COUNT=$((COUNT + 1)) # increment counter done < /tmp/page2.txt # stop at the end of the file # loop through every areacode/prefix while read Line do # if we are passing through to aircrack and we've cracked it, stop! if [[ ! "$CAP" == "" ]] && [[ -f "aircrack.txt" ]]; then break fi # sometimes the website returns only 3 digits (invalid numbers) # i hit this error briefly, might have been isolated, but still gonna check for it! if [[ "${STYLE}" -lt "4" ]] && [[ ${#Line} -eq 3 ]]; then continue # move onto the next one fi CURRENT=$((CURRENT + 1)) # increment counter of how many prefixes we've done # format the line to fit the style if [ $STYLE = '1' ]; then # Style: (###)###-@@@@ Line="(${Line:0:3})${Line:3}-" LEN=13 elif [ $STYLE = '2' ]; then # Style: ###-###-@@@@ Line="${Line:0:3}-${Line:3}-" LEN=12 elif [ $STYLE = '3' ]; then # Style: ######@@@@ Line=${Line} #nothing changes LEN=10 elif [ $STYLE = '4' ]; then # Style: ###-@@@@ Line="${Line}-" LEN=8 elif [ $STYLE = '5' ]; then # Style: ###@@@@ LEN=7 fi # now that we know the format, see if we are passing through to aircrack or OUTFILE if [[ ! "$CAP" == "" ]]; then # cap file exists, need to pass through to aircrack echo -e "\E[32m[+] \E[39mPassing through to aircrack-ng: \E[32m${Line}####\E[39m..." if [[ HAS_CRUNCH = '1' ]]; then ${CRUNCH} $LEN $LEN 0123456789 -t ${Line}@@@@ | aircrack-ng -l aircrack.txt -w - -e ${ESSID} ${CAP} else ${CRUNCH} "${Line}" | aircrack-ng -l aircrack.txt -w - -e ${ESSID} ${CAP} fi else # no cap file, just output to OUTFILE # if user didn't supply any arguments (we're in verbose mode) if [[ $# -eq 0 ]]; then echo -e "\E[32m[+] \E[39mGenerating phone numbers: \E[32m${Line}####\E[39m... (${CURRENT}/${COUNT})" if [[ HAS_CRUNCH -eq 1 ]]; then ${CRUNCH} $LEN $LEN 0123456789 -t ${Line}@@@@ >> "${OUTFILE}" else ${CRUNCH} "${Line}" >> "${OUTFILE}" fi else # user supplied arguments, ONLY OUTPUT VALID NUMBERS! if [[ HAS_CRUNCH -eq 1 ]]; then ${CRUNCH} $LEN $LEN 0123456789 -t ${Line}@@@@ else ${CRUNCH} "${Line}" fi fi fi done < /tmp/page2.txt # at this point, we're done generating! # delete temporary file containing area codes/prefixes rm /tmp/page2.txt if [[ ! "$CAP" == "" ]]; then # if we were trying to passthrough echo -n -e "\E[32m[!]\E[39m Finished! " if [[ -f "aircrack.txt" ]]; then # if we cracked it echo -e "\E[32mPassword found: " + $(cat aircrack.txt) echo -e "\E[32m[!] Saved to 'aircrack.txt'" else # if we didn't crack it echo -e "\E[31mPassword not found." fi else # if we were just generating phone numbers if [[ $# -eq 0 ]]; then echo "" echo -e "\E[32m[!] Finished;\E[39m results are saved in \E[32m${OUTFILE}\E[39m" fi fi # if we used the crunch script, delete it if [[ $HAS_CRUNCH -eq 0 ]]; then rm -rf f0ne-crunch.sh fi # print out a single white line so the next lines the user types/sees will be white (normal) if [[ $# -eq 0 ]]; then echo -e "\E[39m" fi exit 0