_ _ _ _ ___ /_\ (_)_ __ __| |_ __ ___ _ __ /\ \ \/ _ \ //_\\| | '__/ _` | '__/ _ \| '_ \ _____ / \/ / /_\/ / _ \ | | | (_| | | | (_) | |_) |_____/ /\ / /_\\ \_/ \_/_|_| \__,_|_| \___/| .__/ \_\ \/\____/ |_| README Airdrop-ng is a rule based Deauth Tool Readme Written by Mubix & TheX1le ##################################################### # Dependencies and Installation # ##################################################### Requires python 2.7 for the installer to work, unless you edit it and remove the "--prefix " part. Dependencies: [*] lorcon [*] Pylorcon2 [*] A lorcon supported wireless card (mac80211 drivers) with monitor mode and injection ********************** * Installing lorcon * ********************** You can get lorcon source from: [*] git clone https://code.google.com/p/lorcon/ trunk Then you will have to compile it: [*] cd trunk && ./configure &&make && make install Next compile Pylorcon2 source [*] wget http://pylorcon2.googlecode.com/files/PyLorcon2-0.1.tar.gz Untar the file [*] tar -xvaf PyLorcon2-0.1.tar.gz Build and install the souce [*] cd PyLorcon2-0.1 && python setup.py install If pylorcon reports import errors you need to run the following command: [*] ln -s /usr/local/lib/liborcon-2.0.0.so /usr/lib This will create a symlink to the directory that pylorcon looks in for liborcon. If you are on ubuntu you will also need to install the python-dev package as they do not include the headers ##################################################### # Usage and Options # ##################################################### -t Airodump-ng CSV file location. It is highly recommended that you have Airodump-ng ACTIVELY RUNNING before and while you run Airdrop-ng. You should run Airodump-ng with the following options: # airodump-ng --write --output-format csv # EXAMPLE: airodump-ng wlan0 -w capture --output-format csv # this will write capture-01.csv to the current working directory -r Rule set config file location. docs/dropRules.conf.example contains several examples on how construct your rules please take a look at this file. The Rules are the core of what makes airdrop-ng so special and determine what clients get a kick and which ones are saved. Rules are run cascading order so make sure your allows are written before your denys. Adding a # to the front of a line comments out the line NOTE: The a/any|any rule... This rule currently causes the program to exit with a error message. This is by design as the tool allows by default. NOTE: By default if no rule exist for a client or ap airdrop-ng assumes that you wish to allow it. This can be changed by putting a d/any|any ##################################################### # Advanced Rule Writing # ##################################################### Rules based on OUI: Currently it only supports the company name or a single OUI, the format is as follows: Company name a or d /bssid or any|company name;company name; company name EXAMPLE: d/any|apple This example attacks only devices with OUI's matching "Apple" Notice the ; as a delimiter for company names this is because many company names contain comas. When writing rules make sure you check the oui.txt file in the support directory. There isn't a standard for company names. For example "Apple" has 11 unique names in the file. If you check the Apple.sample.txt file in the support directory you can see a list of each one of them. For all OUIs to be used you would need to write a rule that contained each company name. A newer and easier way is to use the built in regex function. Airdrop-ng will attempt to find all of company names for you a sample rule using this is: d/any|Sony Corporation or even better: d/any|sony The same can be done in the bssid field d/sony|any d/broadcom|apple The above example would kick any apple device off a broadcom radio AP The regular expression function is NOT case sensitive. This option while much faster only works well with companies that support proprietary hardware like Apple or Sony. This is not to say it wont work with others but it works best on proprietary hardware. Rules written in this manner will match all OUI's found for that company name Matching a single OUI Example: d/00:50:E4|any This rule will match any bssid that 00:50:E4 as an OUI and kick any clients attached to it The same can be done in the client field d/any|00:50:E4 Note: doing a single OUI will match only that OUI. Note: You can mix and match rule types IE d/apple|00:21:E9:3D:EB:45,00:17:AB:5C:DE:3A,00:1B:63:00:60:C4 Or a/00:1B:63:00:60:C4|apple However it is not wise to try to mix and match rule types for example d/apple|00:21:E9:3D:EB:45,00:17:AB:5C:DE:3A,sony this confuses the current parser and makes it unhappy You can complete the same thing with two rules IE d/apple|00:21:E9:3D:EB:45,00:17:AB:5C:DE:3A d/apple|sony Airdrop-ng works in a loop Each time the program finishes sending packets it re-parses the airodump file for changes as well as the rule file. This means that it possible to update rules while the program is running. Happy hacking!