sensepost / snoopy-ng Goto Github PK

Snoopy v2.0 - modular digital terrestrial tracking framework

License: Other

Python 97.86% Shell 1.94% Smarty 0.20%

snoopy-ng's Introduction

 SensePost presents:
 
  /$$$$$$                                                   
 /$$__  $$                                                  
| $$  \__/ /$$$$$$$   /$$$$$$   /$$$$$$   /$$$$$$  /$$   /$$
|  $$$$$$ | $$__  $$ /$$__  $$ /$$__  $$ /$$__  $$| $$  | $$
 \____  $$| $$  \ $$| $$  \ $$| $$  \ $$| $$  \ $$| $$  | $$
 /$$  \ $$| $$  | $$| $$  | $$| $$  | $$| $$  | $$| $$  | $$
|  $$$$$$/| $$  | $$|  $$$$$$/|  $$$$$$/| $$$$$$$/|  $$$$$$$
 \______/ |__/  |__/ \______/  \______/ | $$____/  \____  $$
                                        | $$       /$$  | $$
                                        | $$      |  $$$$$$/
                                        |__/       \______/
                        
                                               Version: 2.0
Code:    [email protected] // @glennzw
Visit:   www.sensepost.com // @sensepost
License: Non-commercial use

Welcome to Snoopy Version 2.0!

Quick Setup ============== Strapped for time? Try this:

To install and setup Snoopy:

bash install.sh

To save data from the wireless, sysinfo, and heartbeat plugins locally:

snoopy -v -m wifi:mon=True -m sysinfo -m heartbeat -d myDrone -l London

To sync data from a client to a server:

Server:

snoopy_auth --create myDrone     # Create account
snoopy -v -m server              # Start server plugin

Client:

snoopy -v -m wifi:mon=True -s http://<server>:9001/ -d myDrone -l London -k <key>

INTRODUCTION AND OVERVIEW ============================= Snoopy is a distributed, sensor, data collection, interception, analysis, and visualization framework. It is written in a modular format, allowing for the collection of arbitrary data from various sources via Python plugins.

Architecture

Each Snoopy instance can run multiple plugins simultaneously. A plugin collects data, which is queried by the main Snoopy process and is written to a local database. Snoopy can sync data between clients (drones) and a server, and clients (drones) can also pull replicas of data from a server. Each Snoopy instance can run plugins appropriate for its position in the greater picture. Here's a diagram to depict one possible setup:

 Drone01                     Server01
 +---------------+           +--------------+
 | Plugins:      |           | Plugins:     |
 |   * WiFi      |           |  *Server     |
 |   * Bluetooth |====3G====>|              |<=========================\
 |   * GSM       |           |              |                          ||
 |   * FitBit    |           |              |                          ||
 +---------------+           +--------------+                          ||
                                                                       ||
 Drone02                      Server02               Server03          ||
 +---------------+            +--------------+       +-------------+   ||
 | Plugins:      |            | Plugins:     |       | Plugins:    |   ||
 |   * WiFi      |            |  * Server    |       |  * Server   |   ||
 |   * Cookie    |=====Xbee==>|  * Heartbeat |==3G==>|  * Wigle    |<==\
 |     thief     |   ||       |              |       |  * DataViz  |   ||
 |   * GPS       |   ||       |              |       |             |   ||
 +---------------+   ||       +--------------+       +-------------+   ||
                     ||                                             Internet
 Drone03             ||                             Laptop01           || 
 +---------------+   ||                            +--------------+    ||                                
 | Plugins:      |   ||                            | Plugins:     |    ||
 |   * Thermal   |   ||                            |  *RemotePull |    ||
 |   * Camera    |===/                             |              |====/
 |   * Heat      |                                 |  Run:        |
 |               |                                 |   *Maltego   |
 +---------------+                                 +--------------+

In the above illustration, there are three drones running and syncing their data to two separate servers. One syncs over 3G, the other two over Xbee. The second server syncs its data to a third server. Finally, a client (laptop) pulls all data from the first and third servers, and runs Maltego to explore the data.

Setup & Installation

Running 'sh install.sh' within the snoopy-ng.git directory will install all of the required packages. It offers to install aircrack from source, which is required for distros without this package (the aircrack suite is used for the wireless plugins).We cannot recommend Maltego enough for data exploration, a community edition (with some restrictions) can be downloaded for free from the Paterva website at http://paterva.com.

USAGE ========

Basic

To see all available flags and options, we have made two commands for you:

root@kali:~# snoopy --help (shorthand -h)

This command gives you all running options, such as which server to sync to, to the name of the drone and its location. In addition, it also introduces how one would run the various plugins.

root@kali:~# snoopy --list (shorthand -i)

This command lists all available plugins and the parameters required by each plugin to function correctly. To get more verbose information about each plugin, use '-ii' or '-iii'. To get information about one specific plugin use '-i -m '.

Plugins can be specified with the --plugin (or shorthand -m) option. Numerous plugins can be specified, and will be started in the order entered. Each plugin will be given 60 seconds to indicate its ready state, after which it times out and the next plugin will be initiated. This can be useful if subsequent plugins depend on actions of prior ones.

Each plugin can take numerous parameters (as indicated in the --list output) in the form of comma separated key value pairs. Below we use the 'example' plugin, which simply generates random numbers.

   snoopy --plugin example:x=1,v=True

If drone / location options are not supplied default values are supplied. Alternatively, they can be specified as below.

   snoopy --plugin example:x=1,v=True --drone myDrone --location Cansas

Data Synchronization

Data can be synchronized to a remote machine by supplying the --server (-s) option. The remote machine should be running the server plugin (--plugin server). A key should be generated for a drone name before hand. The below illustrates this.

Server

    root@server:~# snoopy_auth --create myDrone01 --verbose
    [+] Creating new Snoopy server sync account
    [+] Key for 'myDrone01' is 'GWWVF'
    [+] Use this value in client mode to sync data to a remote server.
    root@kali:~# snoopy --plugin server
    [+] Running webserver on '0.0.0.0:9001'
    [+] Plugin server caught data for 2 tables.

Client

    root@client:~# snoopy --plugin example:x=1 --drone myDrone --key GWWVF --server http://<server_ip>:9001/ --verbose
    [+] Starting Snoopy with plugins: example
    [+] Plugin example created new random number: 21
    [+] Snoopy successfully sunc 2 elements over 2 tables.

Remote Data Pull

Data can be pulled from a server using the local_sync plugin. For example, assume the server as above is running, and perform this operation from the client:

root@client:~# snoopy --plugin local_sync:server_url=http://<server_ip>:9001/ --drone myDrone --key GWWVF
[+] Plugin local_sync pulled 888 records from remote server.

Database Storage

The default behaviour is to store all data inside a SQLITE file snoopy.db. This can be overiden with the parameter --dbms. See the SQL Alchemy documentation on how to specify different database engines (http://docs.sqlalchemy.org/en/rel_0_9/dialects/index.html). As an example, below we use MySQL:

    root@client:~# snoopy -v --plugin example --dbms=mysql://glenn:secret@localhost/snoopy_db
    [+] Capturing local only. Saving to 'mysql://glenn:secret@localhost/snoopy_db'

It might be useful to use SQLITE storage on smaller devices, and have the server plugin saving to MySQL (or similar). A further example may be of use where we specify the file location to store data, such as on a removable media:

    root@client:~# snoopy -v --plugin example --dbms=sqlite:////media/USB01/snoopy.db

There is a --flush (-f) option to 'flush' data from local storage once it has been synchronized with an upstream server.

Starting Services on Boot

Snoopy can be started with an upstart script (see the ./setup/upstarts folder). Other sample upstart scripts are provided in the same directory - e.g. one to bring up a PPP connection from a 3G modem, and one to create a SSH remote command channel.

Debian based systems (e.g. Kali) don't seem to support upstart. In the interim, the suppied rc.local file can be used to start Snoopy and related services on boot.

DATA VISUALIZATION =====================

Maltego is the preferred tool to perform visualization. Instructions are below:

Open Maltego
Select 'Import Configuration'
Choose 'snoopy_entities.mtz' from the transforms folder

This should import both entities as well as transforms. To get started, drag the 'Base of Operations' entity from the Snoopy tab in the Palette menu onto a blank graph. As an example, perform the following operations on the entity:

Right click, select Transforms, Select 'Get Drones'
On desired drone, right click, select 'Get Location'
On desired location, right click, select 'Get Clients'
On desired clients, right click, select 'Get Observations'

Transforms exist to fetch domains and cookies (from passive monitoring), lookup SSID street addresses, and several are bidirectional (e.g. can lookup clients from Location, or Locations from client). It's best to play.

Database Specification

If not using the default sqlite format edit the following file to specify the location of the data:

    snoopy_ng/transforms/db_path.conf

Graph Sharing

The Snoopy graph can be shared by multiple analysts simultaneously by using Maltego's colaboration function. Select Collaboration, and 'Share Current Graph'.

COMMERCIAL USAGE =================== The license under which Snoopy is released forbids gaining financially (or otherwise) from its use (see LICENSE.txt). We have a separate license available for commercial use, which includes extra functionality such as:
- Syncing data via XBee
- Advanced plugins
- Extra/custom transforms
- Web interface
- Prebuilt drones

Get in contact ([email protected] / [email protected]) if you'd like to engage with us.

APPENDIX =========== Writing Plugins

See the plugins/example.py file to understand how plugins should be written. Any file placed in the plugins folder will be treated as a plugin, and should have the following properties:

Supply plugin information and optional paramter defintions.
Supply SQL table schema definitions for the data it will be collecting.
Return data in the format defined above when queried.

Otherwise, the plugin can do whatever you like.

Hardware

Snoopy will run on any Linux device with sufficient support to install files from the install.sh file. i.e. Python, and related packages. Hardware support will vary for what plugins are required, but for the most common scenario of collecting WiFi data and uploading via 3G, the following is recommended:

BeagleBone Black
Powered USB hub (with Y splitter to save on two plugs)
Alfa AWUS036h WiFi adapter
Huawei E160 Modem
BlueNext BN903S GPS
At least a 2A power adapter (will vary on what peripherals you have)

Operating System

Kali 1.05 and Ubuntu 12.04 have been tested. Similar systems should work.

Extra Notes:

You can run as many plugins at one as you like. Plugins initiate sequentially, in the order supplied on the command line.
The next plugin will only start initiating when the prior one has indicated that is is ready (with a 60 second timeout). This is useful if subsequant plugins depend on prior ones.
If you don't specify a drone or location, default ones will be provided.
You can run Snoopy with no plugins in order to only sync data.

Known Issues

An error condition occurs when collecinting data locally, sycning to a remote server, and then pulling a replica from the server. e.g.:

Server

    root@kali:~# snoopy -m server -m wigle:username=u,password=p,[email protected]
    [+] Running webserver on '0.0.0.0:9001'
    [+] Plugin server caught data for 2 tables.

Client

	root@client:~# snoopy -m wifi -m local_sync:server_url=http://1.1.1.1:9001/ -d myDrone -l London -k secretkey -s http://1.1.1.1:9001/

snoopy-ng's People

Contributors

Stargazers

Watchers

Forkers

hotelzululima tomzhang bytedeez glennzw cmlh molotof ocakgun th36r1m sonriab bobzilladev tourountzis felixekman thomsonit dr3t armuk a66829090 roobixx perrenialprick josephgregg stevenhorner 3arlybird o1oo1o1o sidtechnical r00tb0x jimbonet tyttvn clampz naptar scottobear hesterd lail3344 luffy1 yarthepirate eighthbyte harayz mattbrun esk1llz securextools systemik solidstorm carlesm yeahyeah751 vaginessa samuelwn qardeneden progamergov seamustuohy 4sp1r3 lucabongiorni wflk acalv scry3r songofhack shawnluxy elanii yueguangguang liangcongqq petuniaderel edlovesiraq k0a1adev alohau tygow050 szymonsel olivierh59500 jackbro thecallsign javarockstar developingchase dotslashtx erinbejta noobiedog pandaztaco jdwang001 coding4sec buntuuuu hacktest waveboy2u rvaughan thenukebr tuian forestnd davedacoda puppycodes heikipikker jaicie wisdark ericsukalac ykankaya tim1512 hfc971 rascyber jameszolljune 99ttz djeraseit zadew m4rkh0r ro9ueadmin rayipoiod fachinformatiker jonnylewis

snoopy-ng's Issues

cant find netifaces on startup

exits as soon as it tries to import netifaces module. I am using snoopy standalong on my local computer without a server.

root@kali:~/Desktop/snoopy-ng-master# ./snoopy.py

/ )( ( )( _ )( _ )( _ ( / )
* \ ) ( )()( )()( )_/ \ /
(/()_)()()() (*)
Version: 2.0
Code: [email protected] // @glennzw
Visit: www.sensepost.com // @sensepost
License: Non-commercial use

Traceback (most recent call last):
File "./snoopy.py", line 428, in
main()
File "./snoopy.py", line 353, in main
plugins = common.get_plugins()
File "/root/Desktop/snoopy-ng-master/includes/common.py", line 24, in get_plugins
m = import(plug, fromlist="Snoop").Snoop
File "/root/Desktop/snoopy-ng-master/plugins/rogueAP.py", line 17, in
from includes.rogee import *
File "/root/Desktop/snoopy-ng-master/includes/rogee.py", line 3, in
import netifaces
ImportError: No module named netifaces
root@kali:~/Desktop/snoopy-ng-master#

Exception in thread Wifi

I receive this error when attempting to load the wifi plugin

Exception in thread wifi:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 552, in bootstrap_inner
self.run()
File "/home/pi/snoopy-ng/plugins/wifi.py", line 134, in run
self.iface=mm.enable_monitor_mode(self.iface)
File "/home/pi/snoopy-ng/includes/monitor_mode.py", line 20, in enable_monitor_mode
proc = Popen(['airmon-ng'], stdout=PIPE, stderr=DN)
File "/usr/lib/python2.7/subprocess.py", line 679, in __init
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1259, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory

[+] Plugin 'wifi' ran out of time to indicate its ready state, moving on to next plugin.
[+] Done loading plugins, running...

Missing pyrite package after install

After successful install I ran the commands snoopy -i & snoopy -m server however I got the errors

snoopy -i:

Traceback (most recent call last):
  File "/usr/bin/snoopy", line 428, in <module>
    main()
  File "/usr/bin/snoopy", line 371, in main
    plugin_info = plug.get_parameter_list()
  File "/root/snoopy-ng-master/plugins/wifi.py", line 74, in get_parameter_list
    sub_plug = __import__(m, fromlist=['Snarf']).Snarf
  File "/root/snoopy-ng-master/plugins/mods80211/wpa.py", line 12, in <module>
    import cpyrit.pckttools
ImportError: No module named cpyrit.pckttools

snoopy -m server:

Traceback (most recent call last):
  File "/usr/bin/snoopy", line 428, in <module>
    main()
  File "/usr/bin/snoopy", line 425, in main
    options.key, options.location, options.flush, options.verbose)
  File "/usr/bin/snoopy", line 81, in __init__
    tbls = get_tables()
  File "/root/snoopy-ng-master/includes/common.py", line 31, in get_tables
    tbls = plug.get_tables()
  File "/root/snoopy-ng-master/plugins/wifi.py", line 66, in get_tables
    tbls = __import__(m, fromlist=['Snarf']).Snarf()
  File "/root/snoopy-ng-master/plugins/mods80211/wpa.py", line 12, in <module>
    import cpyrit.pckttools
ImportError: No module named cpyrit.pckttools

This was fixed by installing the package pyrit. No need to reinstall snoopy just ran the command snoopy -m server again and all was well.

Add SSL support for the sync web server

The Flask web server used to perform data sync could benefit from having SSL support so that the base64 encoded data can be transmitter over an encrypted connection.

Please let me know if you need a pull request for:

https://github.com/maximcherny/snoopy-ng/commit/8a4868b1e43e797950b70c753a99ebd357954f1a

Exception in thread wifi

This morning I made a fresh install of Ubuntu 12.04.5 LTS. The only thing I did before attempting to run install.sh was was apt-get install git. I encountered a few errors during the install process which I'll note for completeness, but my issue is actually below during execution:

Installation Steps
1) I then ran into the ntp issue which has been noted in prior issues but apt-get install ntp solved that.
2) Then I ran into an error which said "libxml/xmlversion.h: No such file or directory". I was able to resolve that with apt-get install python-lxml.
3) I also hit an error saying "fatal error: ffi.h: No such file or directory" but resolved that by apt-get install libffi-dev

Post Installation
1) The first error I ran into was "ImportError: No module named cyprit.pckttools" but that was solved by manually installing pyrit-0.3.0 which is documented in another issue. #9

Now I am running into a problem that I have not been able to get around. It looks like someone else had the same issue here but I'm unable to figure out how to tie that potential solution into this particular instance of the problem.

http://stackoverflow.com/questions/18962785/oserror-errno-2-no-such-file-or-directory-while-using-python-subprocess-in-dj

Here is the error message

Exception in thread wifi:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 551, in bootstrap_inner
self.run()
File "/home/sheridan/Projects/snoopy-ng/plugins/wifi.py", line 134, in run
self.iface=mm.enable_monitor_mode(self.iface)
File "/home/sheridan/Projects/snoopy-ng/includes/monitor_mode.py", line 20, in enable_monitor_mode
proc = Popen(['airmon-ng'], stdout=PIPE, stderr=DN)
File "/usr/lib/python2.7/subprocess.py", line 679, in __init
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1249, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory

Maltego

Kali Linux 64 bit 1.0.9
Maltego 3.4.5005-lkali1
When i do 'Import entities' and select the .mtz file from snoopy-ng i only can choose Entities, not transforms, machines, icons.

Tried in windows, same happen there, but if i rightclick on the .mtz file and open in Maltego, then i can import everything, But when i 'fetchDrones' i get an "The directory is invalid". dbpath is: sqlite:///c:\snoopy.db

Any ideas how i can i import transforms in kali? Probably this is a versioning conflict..

Alternative deployment methods?

How awesome would it be to have snoopy deployed using something like this?

https://resin.io/how-it-works/

Thoughts?

Plugin to allow probe request capture

Hi,

The original version of Snoopy (circa 2012) facilitated the ability to store the attributes of probe requests. The ng version only seems to capture aggregates via num_probes.

Is this a deliberate design decision?

Cheers

fetchSSIDLocations_live

I can't get the Live SSID location lookup transform to work. If I try it I get the error:
ERROR: Please supply Wigle credentials in the 'Property View' on the right --->

But there is nowhere to enter the credentials that I can find inside Maltego.

I tried altering the code in "fetchSSIDLocations_live.py" from

user = TRX.getVar("wigleUser")
passw = TRX.getVar("wiglePass")
email = TRX.getVar("wigleEmail")
proxy = TRX.getVar("wigleProxy")

to with my details inside the quotes

user = "wigleUser"
passw = "wiglePass"
email = "wigleEmail"
proxy = ""

But it still doesn't work, this time I just get:

"ERROR: Unable to login to Wigle with supplied wigle creds. Please check them"
I am providing the correct details within those quotes above though. Am I missing something obvious?

Wigle lookups exception

Periodically, I get:

Exception in thread wigle:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 810, in __bootstrap_inner
    self.run()
  File "/opt/snoopy-ng/plugins/wigle.py", line 112, in run
    if 'shun' in locations['error']:
TypeError: string indices must be integers

I suspect this happens when you eventually go over the daily query limit, but haven't been able to confirm. Have you seen this before?

Problems creating Drone account on server

When I run the following command to create a Drone account I get the error below:
snoopy_auth --create myDrone

Traceback (most recent call last):
File "/usr/bin/snoopy_auth", line 164, in
auth_ = auth('sqlite:////root/snoopy_api/snoopy.db')
File "/usr/bin/snoopy_auth", line 30, in init
self.metadata.reflect()
File "build/bdist.linux-x86_64/egg/sqlalchemy/schema.py", line 2497, in reflect
File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 2504, in table_names
File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/base.py", line 2490, in contextual_connect
File "build/bdist.linux-x86_64/egg/sqlalchemy/pool.py", line 224, in connect
File "build/bdist.linux-x86_64/egg/sqlalchemy/pool.py", line 387, in init
File "build/bdist.linux-x86_64/egg/sqlalchemy/pool.py", line 802, in _do_get
File "build/bdist.linux-x86_64/egg/sqlalchemy/pool.py", line 188, in _create_connection
File "build/bdist.linux-x86_64/egg/sqlalchemy/pool.py", line 270, in init
File "build/bdist.linux-x86_64/egg/sqlalchemy/pool.py", line 330, in __connect
File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/strategies.py", line 80, in connect
File "build/bdist.linux-x86_64/egg/sqlalchemy/engine/default.py", line 281, in connect
sqlalchemy.exc.OperationalError: (OperationalError) unable to open database file None None

I am now running sqlalchemy 0.7.8 after having problems with a newer version and seeing problems mentioned in the issues. I can start Snoopy as a server but can't create any Drone accounts. I just get the above error.

MTK error Not related to server

Full error.
Traceback (most recent call last):
File "fetchDrones.py", line 13, in
from transformCommon import *
File "/root/snoopy-ng/transforms/transformCommon.py", line 36, in
mtk = metadata.tables['mtk']
KeyError: 'mtk'

-I've tried running it -m server, and many variations with -m. It runs fine, the sqlite db is there and can be viewed with a sqlbrowser, but I still get that error.
-made sure the date encompassed the data pluss a day on either side.
-clean install of kali 1.1 (could that be the issue? it's running maltego tungston kali edition: I'll try to install carbon manually and see if that works but I don't see MTK as a field in the db so i think snoopy is failing to creat the right fields to be ingested? )
Wouldn't right if I hadn't tried everything I could think of.
Ed

Number of decimal places for GPS coordinates

Hi,

I am testing using a GlobalSat BU-353S4, which provides coordinates with 9 decimals precision.

I note that the gpsd plugin uses a standard Float() column definition to store the coordinate values.

This approach works fine when using SQLite as the data store, however, when using MySQL, the created columns use whatever the default is for the FLOAT data type (in my case, 3) and there is a possibility of significant precision loss.

We could specify an explicit precision of 9, which would cater for the majority of cases. Happy to send a pull request.

KeyError: 'mtk' in Maltego

When I try to run any transforms in Maltego I get a python error.

The full Debug output is:

File "fetchDrones.py", line 13, in
from transformCommon import *
File "/root/snoopy-ng/transforms/transformCommon.py", line 36, in
mtk = metadata.tables['mtk']
KeyError: 'mtk'

I am actually running this from a Kali-linux Live CD just to test it before doing a full install. Data is being written into the SQLite database I can see ssids in 'wifi_client_ssids' and data in a couple of other tables.

What is this 'mtk' table it doesn't exist in my SQLite DB. I can see that the line that follow 37 & 38 specify 'users' and 'sessions' they don't exist in my DB either or is this trying to create them.

Any help appreciated, it could be because I'm running on a live CD. I was kind of surprised it installed and appears to run fine except for the Maltego transforms.

Provide the ability to update the MAC vendor lookup listings

A quick comparison against the most recent Wirehsark OUI lookup file reveals the potential to add > 1000 additional entries to the mac_vendor.txt lookup file.

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf;hb=HEAD

While the origin of the mac_vendor.txt is not known to me, I assume it is based on a similar source (e.g. Wirehsark manuf file, IEEE OUI file or another derivative).

Using the Wirehsark manuf file is suggested as the basis as it incorporates data from multiple source and provides the short / long vendor names, as expected by the existing implementation.

The following features could be useful:

Manual refresh on demand
Optionally, automatic refresh as part of the WiFi plugin init
Optionally x2, the ability to retrospectively lookup vendors for devices previously marked as "Unknown"

This should minimise the potential shortcomings around being able to recognise vendors for recently manufactured devices.

Snoopy unable to connect to remote server (401 error) and can't detect or create monitor mode wifi interface on Debian Jessie

Hi I am encountering a couple of errors when I try and use the wifi module(s) from Debian Jessie and a remote server of Arch Linux, it seems Snoopy won't recognize a monitor mode interface when previously created with airmon-ng nor is it able to create one using the mon=False swatch, also I am getting a 401 error when trying to connect to the remote server, Am I doing something wrong? Attached is the out put of snoopy from the client I get no output from the server other then the confirmation that the plugins and server is running:

when I run sudo snoopy -m wifi:iface=wlan0,mon=False:wifi_aps:wifi_clients -d test01 -l homebase -k -s http://:9001/ I get this:
/ )( ( )( _ )( _ )( _ ( / )
* \ ) ( )()( )()( )_/ \ /
(/()_)()()() (*)
Version: 2.0
Code: [email protected] // @glennzw
Visit: www.sensepost.com // @sensepost
License: Non-commercial use

[+] Starting Snoopy with plugins: wifi
[+] Waiting for plugin 'wifi' to indicate it's ready
[+] Starting sniffing on interface 'mon0'
[!!] Scapy exception whilst sniffing. Will back off for 5 seconds, and try restart 'plugins.wifi' plugin
[!!] init() got an unexpected keyword argument 'stopperTimeout'
[+] Plugin 'wifi' has indicated it's ready.
[+] Done loading plugins, running...
[!!] Unable to upload 9 rows from table 'sessions'. Moving to next table (check logs for details).
[!!] No suitable monitor interface available. Will check every 5 seconds, but not display this message again.
[!!] Unable to upload 9 rows from table 'sessions'. Moving to next table (check logs for details).
^CCaught Ctrl+C! Saving data and shutting down...
[!!] Unable to upload 9 rows from table 'sessions'. Moving to next table (check logs for details).

Snoopy.log contains this:

2015-06-11 01:26:21 + snoopy: Starting Snoopy with plugins: wifi
2015-06-11 01:26:21 + snoopy: Waiting for plugin 'wifi' to indicate it's ready
2015-06-11 01:26:21 D monitor_mode.py: Enabling monitor mode on 'wlan0'
2015-06-11 01:26:22 D monitor_mode.py: Enabled monitor mode 'mon0'
2015-06-11 01:26:22 + wifi.py: Starting sniffing on interface 'mon0'
2015-06-11 01:26:22 !! wifi.py: Scapy exception whilst sniffing. Will back off for 5 seconds, and try restart 'plugins.wifi' plugin
2015-06-11 01:26:22 !! wifi.py: init() got an unexpected keyword argument 'stopperTimeout'
2015-06-11 01:26:23 + snoopy: Plugin 'wifi' has indicated it's ready.
2015-06-11 01:26:23 + snoopy: Done loading plugins, running...
2015-06-11 01:26:23 D snoopy: Not syncing table 'bluetooth_details' - no 'sunc' column
2015-06-11 01:26:24 D snoopy: Unable to upload data to 'http://:9001/' - Exception:'HTTP Error 401: UNAUTHORIZED'
2015-06-11 01:26:24 !! snoopy: Unable to upload 9 rows from table 'sessions'. Moving to next table (check logs for details).
2015-06-11 01:26:24 D snoopy: Not syncing table 'user_agents' - no 'sunc' column
2015-06-11 01:26:27 D monitor_mode.py: Disabling monitor mode on 'mon0'
2015-06-11 01:26:28 D monitor_mode.py: Enabling monitor mode on 'mon0'
2015-06-11 01:26:28 !! wifi.py: No suitable monitor interface available. Will check every 5 seconds, but not display this message again.
2015-06-11 01:26:28 D snoopy: Not syncing table 'bluetooth_details' - no 'sunc' column
2015-06-11 01:26:29 D snoopy: Unable to upload data to 'http://:9001/' - Exception:'HTTP Error 401: UNAUTHORIZED'
2015-06-11 01:26:29 !! snoopy: Unable to upload 9 rows from table 'sessions'. Moving to next table (check logs for details).
2015-06-11 01:26:29 D snoopy: Not syncing table 'user_agents' - no 'sunc' column
2015-06-11 01:26:32 D snoopy: Not syncing table 'bluetooth_details' - no 'sunc' column
2015-06-11 01:26:32 D snoopy: Unable to upload data to 'http://:9001/' - Exception:'HTTP Error 401: UNAUTHORIZED'
2015-06-11 01:26:32 !! snoopy: Unable to upload 9 rows from table 'sessions'. Moving to next table (check logs for details).
2015-06-11 01:26:32 D snoopy: Not syncing table 'user_agents' - no 'sunc' column

install failed on BBB / missing libxml/xmlversion.h

I'm running the most recent BBB Kali 1.09 ARM image on my BBB. I worked through the NTP issue, but then got an error compiling due to missing libxml/xmlversion.h file.

The install went perfectly on the Kali box that I plan to use as server.

[snip]
running build_ext

building 'lxml.etree' extension

creating build/temp.linux-armv7l-2.7

creating build/temp.linux-armv7l-2.7/src

creating build/temp.linux-armv7l-2.7/src/lxml

gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -I/tmp/pip_build_root/lxml/src/lxml/includes -I/usr/include/python2.7 -c src/lxml/lxml.etree.c -o build/temp.linux-armv7l-2.7/src/lxml/lxml.etree.o -w

In file included from src/lxml/lxml.etree.c:232:0:

/tmp/pip_build_root/lxml/src/lxml/includes/etree_defs.h:14:31: fatal error: libxml/xmlversion.h: No such file or directory

compilation terminated.

error: command 'gcc' failed with exit status 1

Cleaning up...
Command /usr/bin/python -c "import setuptools, tokenize;file='/tmp/pip_build_root/lxml/setup.py';exec(compile(getattr(tokenize, 'open', open)(file).read().replace('\r\n', '\n'), file, 'exec'))" install --record /tmp/pip-5GtU24-record/install-record.txt --single-version-externally-managed --compile failed with error code 1 in /tmp/pip_build_root/lxml
Traceback (most recent call last):
File "/usr/local/bin/pip", line 9, in
load_entry_point('pip==1.5.6', 'console_scripts', 'pip')()
File "/usr/local/lib/python2.7/dist-packages/pip-1.5.6-py2.7.egg/pip/init.py", line 185, in main
return command.main(cmd_args)
File "/usr/local/lib/python2.7/dist-packages/pip-1.5.6-py2.7.egg/pip/basecommand.py", line 161, in main
text = '\n'.join(complete_log)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 40: ordinal not in range(128)

Wifi Plugin Can't Find Suitable Wifi Device

I have a wifi dongle on monitor mode, yet Snoopy won't recognize it as valid. I've also tried in managed mode with the same results.

Using a Ralink/Mediatek RT7601STA Wifi Dongle, Raspberry Pi Raspbian 3.12.31+

This is the result I get, I've run iwconfig to show that my device is in monitor mode.

I've replaced any personal irrelevant info with REMOVED.

Linux REMOVED 3.12.31+ #718 PREEMPT Sat Oct 25 16:09:41 BST 2014 armv6l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Nov 6 23:57:22 2014 from REMOVED
pi@REMOVED~ $ iwconfig
ra0 Ralink STA ESSID:"" Nickname:"MT7601STA"
Mode:Monitor Frequency=2.457 GHz Access Point: REMOVED
Bit Rate=1 Mb/s
RTS thr:off Fragment thr:off
Link Quality=100/100 Signal level:8 dBm Noise level:8 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

lo no wireless extensions.

eth0 no wireless extensions.

pi@REMOVED ~ $ sudo snoopy -v -m wifi:iface=ra0,mon=True -m sysinfo -m heartbeat -d rapi -l peg

/ )( ( )( _ )( _ )( _ ( / )
* \ ) ( )()( )()( )_/ \ /
(/()_)()()() (*)
Version: 2.0
Code: [email protected] // @glennzw
Visit: www.sensepost.com // @sensepost
License: Non-commercial use

[+] Starting Snoopy with plugins: wifi, sysinfo, heartbeat
[+] Capturing local only. Saving to 'sqlite:///snoopy.db'
[+] Waiting for plugin 'wifi' to indicate it's ready
[!!] No suitable monitor interface available. Will check every 5 seconds, but not display this message again.
[+] Plugin 'wifi' ran out of time to indicate its ready state, moving on to next plugin.
[+] Waiting for plugin 'sysinfo' to indicate it's ready
[+] Plugin 'sysinfo' has indicated it's ready.
[+] Waiting for plugin 'heartbeat' to indicate it's ready
[+] Plugin 'heartbeat' has indicated it's ready.
[+] Done loading plugins, running...
[+] Plugin heartbeat had a beat ❤

I've ordered a Alfa Awus036h and I'm only using the Ralink dongle to test, but I'd like to know whether there is a problem with my setup or if I just have a incompatible device. I'd hate to get the Alfa and still find the same issue. Thanks for any help.

Run Fail

Running on fresh install of Kali 1.0.7

When running:

./snoopy.py --drone mac -l test -v -m wifi:mon0=True -m sysinfo -m heartbeat

This is the output:

Traceback (most recent call last):
File "./snoopy.py", line 428, in
main()
File "./snoopy.py", line 353, in main
plugins = common.get_plugins()
File "/root/snoopy-ng/includes/common.py", line 24, in get_plugins
m = import(plug, fromlist="Snoop").Snoop
File "/root/snoopy-ng/plugins/gpsd.py", line 15, in
from gps import *#gps, WATCH_ENABLE
ImportError: No module named gps
root@kali:~/snoopy-ng#

EAPOLAuthentication issue

After letting it run with a TPLink wireless adapter recommended for snoopy-ng on a BeagleBone Black It eventually fails with this error. I'm not sure if it is related to any of the previous mentioned issues.

Command ran:
./snoopy.py -vv -m wifi:mon=True -l test -d test

Error:
Traceback (most recent call last):
File “./snoopy.py”, line 428, in
main()
File “./snoopy.py”, line 425, in main
options.key, options.location, options.flush, options.verbose)
File “./snoopy.py”, line 91, in init
self.go()
File “./snoopy.py”, line 133, in go
self.get_data()
File “./snoopy.py”, line 154, in get_data
multidata = m.get_data()
File “/home/ubuntu/snoopy-ng/plugins/wfi.py”, line 178, in get_data
m.proc_packet(packet)
File “/home/ubuntu/snoopy-ng/plugins/mods80211/wpa.py”, line 50, in proc_packet
self.cp.parse_packet(p)
File “/usr/local/lib/python2.7/dist-packages/cpyrit/pcktools.py”, line 460, in parse_packet
self.new_auth_callback(auth)
File “/home/ubuntu/snoopy-ng/plugins/mods80211/wpa.py”, line 25, in auth_handler
tmp_eap = auth[1]
TypeError: “EAPOLAuthentication” object does not support indexing

Running snoopy_auth against latest sqlalchemy produces an error

>>> import sqlalchemy
>>> sqlalchemy.__version__ 
'0.9.7'

snoopy_auth -l
[+] Available drone accounts:
Traceback (most recent call last):
  File "/usr/bin/snoopy_auth", line 103, in <module>
    drones = auth_.manage_drone_account("foo", "list")
  File "/usr/bin/snoopy_auth", line 29, in manage_drone_account
    self.db.create(self.drone_tbl_def )
  File "<string>", line 2, in create
  File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/util/deprecations.py", line 106, in warned
    return fn(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/sqlalchemy/engine/interfaces.py", line 859, in create
    raise NotImplementedError()
NotImplementedError

This works correctly against 0.7.8.

Perhaps, a specific known working version needs to be requested by the installation script.

What is the version being developed against?

Capturing WPA Handshakes

The file /plugins/mods80211/wpa.py should capture WPA handshakes using Pyrit, extracting the following fields:

auth.station.mac
auth.station.ap.mac
auth.station.ap.essid
auth.anonce
auth.snonce
auth.keymic
auth.keymic_frame
auth.version
auth.quality
auth.spread

The logic is that we want to store the actual components of the WPA handshake to store in a database for cracking elsewhere (as opposed to capturing a raw PCAP file). Whilst the capturing used to work, Pyrit seems to be giving an error now

  File "/root/snoopy-ng/plugins/mods80211/wpa.py", line 25, in auth_handler
    if auth.station.ap.isCompleted():
AttributeError: 'tuple' object has no attribute 'station'

Two things:

Any ideas off hand on how to fix this error before I dive into Pyrit code?
Is there another library/method to capture WPA handshakes?

Error Wigle

Anyone see this error regarding fetchSSIDLocationsLive transform. When selecting the SSID and selecting the fetchSSIDLocationsLive im getting " Error: Please supply the wigle credentials in the property view on the right"

can't see anything that would allow placing the creds, even when i was looking a the script.

cpyrit.pckttools

Hello,

Saw your talk at defcon. Awesome stuff!

I installed your software following the instructions. When attempting to pull data from my WiFi card using the instructions provided in the quick setup section:

snoopy -v -m wifi:mon=True -m sysinfo -m heartbeat -d myDrone -l London

yields the following error:

ImportError: No module named cpyrit.pckttools installed

Do you have any advice as to how one might resolve this error? Thanks!

Bluetooth sniff with Ubertooth

How do one check if bluetooth sniffing is working ? I see no errors when starting Snoopy-ng with the bluetooth module but I also do not see any bluetooth data when working in Maltego ?

Regards Keld Norman

Raspberry Pi support for mitmproxy.py (lxml)

Raspberry Pi install crashes while attempting install.sh (disregarding ntp issues discussed earlier)

Raspberry Pi version B and B+

Install will crash during installation returning the following:

gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -I/tm
/pip_build_root/lxml/src/lxml/includes -I/usr/include/python2.7 -c src/lxml/lxml.etree.c -o
build/temp.linux-armv6l-2.7/src/lxml/lxml.etree.o -w

In file included from src/lxml/lxml.etree.c:232:0:

/tmp/pip_build_root/lxml/src/lxml/includes/etree_defs.h:14:31: fatal error: libxml/xmlversion.h: No such file or directory

compilation terminated.

error: command 'gcc' failed with exit status 1

Cleaning up...
Command /usr/bin/python -c "import setuptools, tokenize;file='/tmp/pip_build_root
/lxml/setup.py';exec(compile(getattr(tokenize, 'open', open)(file).read().replace('\r\n', '\n'), >file, 'exec'))" install --record /tmp/pip-ErT_gY-record/install-record.txt --single-version-
externally-managed --compile failed with error code 1 in /tmp/pip_build_root/lxml
Traceback (most recent call last):
File "/usr/local/bin/pip", line 9, in
load_entry_point('pip==1.5.6', 'console_scripts', 'pip')()
File "/usr/local/lib/python2.7/dist-packages/pip-1.5.6-py2.7.egg/pip/init.py", line 185, in main
return command.main(cmd_args)
File "/usr/local/lib/python2.7/dist-packages/pip-1.5.6-py2.7.egg/pip/basecommand.py", line 161, in >main
text = '\n'.join(complete_log)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 62: ordinal not in range(128)

Same error noted on Ubuntu, but fixed via "apt-get install libffi-dev"

Attempting to manually install libffi-dev, libxml2-dev, libxslt-dev on the pi have not resolved this issue.

pip install lxml==3.4.2 - same result as above, issue is with lxml per se, not snoopy-ng.

Working around the issue, while losing some functionality.

go into install.sh and comment out

pip install mitimproxy.py

in directory /plugins/
rename mitimproxy.py > mitmproxy.bkp

Installing on the n900 ?

Is it possible to install on the Nokia N900? If so how ?

Memory error ?

Has anyone seen any memory errors? i see these sometimes when running snoopy either for a few minutes. if it doesn't populate it's usually after snoopy has been running for a longer duration.

Traceback (most recent call last):
File "/usr/bin/snoopy", line 428, in
main()
File "/usr/bin/snoopy", line 425, in main
options.key, options.location, options.flush, options.verbose)
File "/usr/bin/snoopy", line 91, in init
self.go()
File "/usr/bin/snoopy", line 133, in go
self.get_data()
File "/usr/bin/snoopy", line 154, in get_data
multidata = m.get_data()
File "/root/snoopy-ng/plugins/wifi.py", line 173, in get_data
for i in range(self.packet_buffer_size):
MemoryError
Exception in thread wifi:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 552, in bootstrap_inner
self.run()
File "/root/snoopy-ng/plugins/wifi.py", line 134, in run
self.iface=mm.enable_monitor_mode(self.iface)
File "/root/snoopy-ng/includes/monitor_mode.py", line 17, in enable_monitor_mode
disable_monitor_mode()
File "/root/snoopy-ng/includes/monitor_mode.py", line 39, in disable_monitor_mode
for device in get_monitor_iface():
File "/root/snoopy-ng/includes/monitor_mode.py", line 47, in get_monitor_iface
proc = Popen(['iwconfig'], stdout=PIPE, stderr=DN)
File "/usr/lib/python2.7/subprocess.py", line 679, in __init
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1244, in _execute_child
data = _eintr_retry_call(os.read, errpipe_read, 1048576)
File "/usr/lib/python2.7/subprocess.py", line 478, in _eintr_retry_call
return func(*args)
MemoryError

Install.sh skips if ntp is not located in /etc/init.d/

Fixed with a second

if [ -f /etc/init.d/ntp ]; then
    /etc/init.d/ntp start
fi

on line 20

Garbled SSID fail to sync

As mentioned in issue #14 Scapy fails to implement the FCS check, and therefore sometimes we get garbled SSIDs. This seems to affect syncing too. Unrelated to garbled SSIDs, this likely affects non-ASCII character sets.

e.g. Trying to sync [T>UEUX+nUd%vOnG'6h0ú>ьB ߧ0x9#)iY-u to a server results in the server outputting:

[!!] Exception whilst trying to insert data, will sleep for 5 seconds then continue. Exception was:
'latin-1' codec can't encode character u'\u044c' in position 29: ordinal not in range(256)
[!!] Offending table: wifi_AP_ssids
[!!] Data: [{u'sunc': 0, u'mac': u'50a733485398', u'ssid': u" \x07\x7f[T>U\x1dEUX+n\x13Ud\x15\x10%vOnG'6h0\xfa>\u044c\x04B \u07e70\x10xL\x08\x079#\x15)\x11i\x12Y-\x10u\x01\x1b", u'run_id': 1091695474}]

This feels like bad Unicode handling. I'll re-watch "Pragmatic Unicode, or, How do I stop the pain?"

Scapy exception whilst sniffing. Will back off for 5 seconds

So for some reason I keep getting this Scapy exception on a beagalbone i'm installing.. When I start snoopy in drone mode I see the below.

sudo snoopy -v -m wifi:iface=mon0,mon=False -m sysinfo -m heartbeat -d myDrone -l basement

[+] Starting Snoopy with plugins: wifi, sysinfo, heartbeat
[+] Capturing local only. Saving to 'sqlite:///snoopy.db'
[+] Waiting for plugin 'wifi' to indicate it's ready
[+] Starting sniffing on interface 'mon0'
=> [!!] Scapy exception whilst sniffing. Will back off for 5 seconds, and try restart 'plugins.wifi' plugin
=> [!!] init() got an unexpected keyword argument 'stopperTimeout'
[+] Plugin 'wifi' has indicated it's ready.
[+] Waiting for plugin 'sysinfo' to indicate it's ready
[+] Plugin 'sysinfo' has indicated it's ready.
[+] Waiting for plugin 'heartbeat' to indicate it's ready
[+] Plugin sysinfo will check device status every 1800 seconds.
[+] Plugin 'heartbeat' has indicated it's ready.
[+] Done loading plugins, running...
[+] Plugin heartbeat had a beat ❤
[+] Starting sniffing on interface 'mon0'
=> [!!] Scapy exception whilst sniffing. Will back off for 5 seconds, and try restart 'plugins.wifi' plugin
=> [!!] init() got an unexpected keyword argument 'stopperTimeout'
[+] Starting sniffing on interface 'mon0'
=> [!!] Scapy exception whilst sniffing. Will back off for 5 seconds, and try restart 'plugins.wifi' plugin
=> [!!] init() got an unexpected keyword argument 'stopperTimeout'
[+] Plugin sysinfo generated new data.
[+] Starting sniffing on interface 'mon0'
=> [!!] Scapy exception whilst sniffing. Will back off for 5 seconds, and try restart 'plugins.wifi' plugin
=> [!!] init() got an unexpected keyword argument 'stopperTimeout'
=> [!!] Restarting module '/home/debian/snoopy-ng/plugins/wifi.pyc' after 5 failed attempts
[+] Starting sniffing on interface 'mon0'
[!!] Scapy exception whilst sniffing. Will back off for 5 seconds, and try restart 'plugins.wifi' plugin
[!!] init() got an unexpected keyword argument 'stopperTimeout'
[!!] Restarting module '/home/debian/snoopy-ng/plugins/wifi.pyc' after 5 failed attempts
Ctrl+C! Saving data and shutting down...

Any advice would be appreciated.

Updates

just wondering if your going to add in any more plugins or other cool stuff like that.

n900 capabilities

Here are my thoughts on getting snoopy-ng working painlessly via an apt-get method. Before we can apt-get install snoopy-ng, we first have to answer some basic questions:

My thoughts are listed with Triple -'s. I changed all hashes to -, so it would post correct via markdown nonsense...

--- Concentrate on PURE basic functionality for the time being
--- ./snoopy.py -v -m wifi:iface=wlan0mon -d USER -l LOCATION -k 2PNL0CVEZIDGWVK

set -e

In case this is the seconds time user runs setup, remove prior symlinks:
rm -f /usr/bin/sslstrip_snoopy
rm -f /usr/bin/snoopy
rm -f /usr/bin/snoopy_auth
rm -f /etc/transforms

--- ntpdate is going to require some work
--- Definately want synchronization
--- For the time being, can this be a "goal" and not a need?
apt-get install ntpdate --force-yes --yes
-if ps aux | grep ntp | grep -qv grep; then
if [ -f /etc/init.d/ntp ]; then
/etc/init.d/ntp stop
else
- Needed for Kali Linux build on Raspberry Pi
apt-get install ntp
/etc/init.d/ntp stop
fi
echo "[+] Setting time with ntp"
ntpdate ntp.ubuntu.com
/etc/init.d/ntp start

--- Timezones will revolve around ntpdate? We must be careful when mucking about on the n900.
--- The n900 is prone to seizures when mucking about with files...
--- Maemo, while cool, is a stupid style filing system... Look at how they "optimized" stuff to see what I mean
echo "[+] Setting timzeone..."
echo "Etc/UTC" > /etc/timezone
dpkg-reconfigure -f noninteractive tzdata

--- Will want to .deb this
echo "[+] Installing sakis3g..."
cp ./includes/sakis3g /usr/local/bin

--- apt-get will work for NON python stuff. We use two pythons on v3, 2.5 and 2.7. 2.5 is a living breathing thing on the n900, so we must explicitly call python2.7 when we want to invoke ie.
--- Anything meant for 2.7, must be explicitly built via pip or preferably .deb
--- The basic idea for now would be to only have to install what is needed for the CORE function of sniffing and storing data to the snoopy.db file
--- The bandwidth on an n900 sucks anyways, it's best to be used as a drop and later retrieve drone
--- The functionality to UPLOAD snoopy.db data is cool, and we definately want it, but we can focus on that as we mature this for the n900
--- Can we notate what packages listed here via apt, are PURELY required for the BASIC functionality of:
--- ./snoopy.py -v -m wifi:iface=wlan0mon -d USER -l LOCATION -k 2PNL0CVEZIDGWVK

Packages
echo "[+] Installing required packages..."
apt-get install --force-yes --yes python-setuptools autossh python-psutil python2.7-dev libpcap0.8-dev python-sqlalchemy ppp tcpdump python-serial sqlite3 python-requests iw build-essential python-bluez python-flask python-gps python-dateutil python-dev libxml2-dev libxslt-dev pyrit

--- We will use pip for the time being, but as we mature, move this pip stuff to .deb
--- This is so that snoopy-ng can become a .deb itself and no longer use this install.sh approach

Python packages

--- Why easy_install versus pip for smspdu?
easy_install smspdu

--- What pip stuff is required for the basic functionality:
--- ./snoopy.py -v -m wifi:iface=wlan0mon -d USER -l LOCATION -k 2PNL0CVEZIDGWVK
pip uninstall requests -y
pip install -Iv https://pypi.python.org/packages/source/r/requests/requests-0.14.2.tar.gz #Wigle API built on old version
pip install httplib2
pip install BeautifulSoup
pip install publicsuffix
pip install mitmproxy
pip install pyinotify
pip install netifaces
pip install dnslib

--- How is this different from 0.9 sslstrip?
-Install SP sslstrip
cp -r ./setup/sslstripSnoopy/ /usr/share/
ln -s /usr/share/sslstripSnoopy/sslstrip.py /usr/bin/sslstrip_snoopy

--- need to .deb

Download & Installs
echo "[+] Installing pyserial 2.6"
pip install https://pypi.python.org/packages/source/p/pyserial/pyserial-2.6.tar.gz

--- Already a .deb
echo "[+] Downloading pylibpcap..."
pip install https://sourceforge.net/projects/pylibpcap/files/latest/download?source=files#egg=pylibpcap

--- Need to deb
echo "[+] Downloading dpkt..."
pip install https://dpkt.googlecode.com/files/dpkt-1.8.tar.gz

--- Why patched?
--- How's it different
--- Does it break/change any core functionality of current scapy?
--- What features does it add
--- If only + and no delta/change, then let's just .deb it
echo "[+] Installing patched version of scapy..."
pip install ./setup/scapy-latest-snoopy_patch.tar.gz

--- bwhahahahaha, good luck here =)
--- teh aircrack-ng is as good as it will get on an n900

Only run this on your client, not server:
-read -r -p "[ ] Do you want to download, compile, and install aircrack? [y/n] " response
-if [[ $response =~ ^([yY][eE][sS]|[yY])$ ]]
-then
echo "[+] Downloading aircrack-ng..."
wget http://download.aircrack-ng.org/aircrack-ng-1.2-beta1.tar.gz
tar xzf aircrack-ng-1.2-beta1.tar.gz
cd aircrack-ng-1.2-beta1
make
echo "[-] Installing aircrack-ng"
make install
cd ..
rm -rf aircrack-ng-1.2-beta1*
-fi

--- We're going to .deb all the below....
echo "[+] Creating symlinks to this folder for snoopy.py."

echo "sqlite:///pwd/snoopy.db" > ./transforms/db_path.conf

ln -s pwd/transforms /etc/transforms
ln -s pwd/snoopy.py /usr/bin/snoopy
ln -s pwd/includes/auth_handler.py /usr/bin/snoopy_auth
chmod +x /usr/bin/snoopy
chmod +x /usr/bin/snoopy_auth
chmod +x /usr/bin/sslstrip_snoopy

echo "[+] Done. Try run 'snoopy' or 'snoopy_auth'"
echo "[I] Ensure you set your ./transforms/db_path.conf path correctly when using Maltego"

Garbled data in 802.11 management frames - missing FCS check?

It appears that sometimes (rarely, bit still often enough to be inconvenient) Scapy-based probes and beacons sniffing engine is fed garbled data. By garbled I am referring to:

SSIDs that contain invalid char sequences
MAC addresses that cannot be matched to a known vendor (even when using the most up-to-date - refer to #6)

While I assume the root cause is external to Scapy itself - e.g. noise / interference, Scapy does not offer a mechanism to ensure that only the frames that pass the Frame Control Sequence (FCS) check are processed.

There is a proposed patch dating back some years here:

http://bb.secdev.org/scapy/issue/109/incorrect-parsing-of-80211-frame-with

I haven't tested the patch myself, but first of all would be interested to find out whether you share this concern.

Being able to capture reliable (read - discard garbled) data is a must-have requirement for me, which means I am facing the possibility of switching to a custom tshark-based 802.11 frame capture plugin. Unfortunately, this also means more CPU + memory usage to run an additional process.

Have you experienced this issue throughout your data collection?

snoopy-ng git does not ship with or create a instance of snoopy.db

While the installer does a great job of installing dependencies and even telling snoopy-ng where to look for snoopy.db snoopy-ng does not come with a empty instance of snoopy.db nor does the installer create one. causing the following issues when snoopy is run with out arguments or with -iii :
Traceback (most recent call last):
File "/usr/bin/snoopy", line 428, in
main()
File "/usr/bin/snoopy", line 353, in main
plugins = common.get_plugins()
File ""/snoopy-ng/includes/common.py", line 24, in get_plugins
m = import(plug, fromlist="Snoop").Snoop
File ""/snoopy-ng/plugins/server.py", line 17, in
from includes import webserver
File "snoopy-ng/includes/webserver.py", line 27, in
auth_ = auth()
File ""snoopy-ng/includes/auth_handler.py", line 46, in init
self.db.create(drone_tbl_def)
File "", line 2, in create
File "/usr/lib/python2.7/site-packages/sqlalchemy/util/deprecations.py", line 106, in warned
return fn(_args, *_kwargs)
File "/usr/lib/python2.7/site-packages/sqlalchemy/engine/interfaces.py", line 924, in create
raise NotImplementedError()
NotImplementedError

The solution is to add either a empty snoopy.db file to the git repo or have the installer create one and populate it with the tables it needs. I guess having a empty snoopy.db in the git repo would be a easier fix then adding logic to do it to the installer script.

ntp time update

when installing the script stops after updating time using ntp.
removed that part of the script and install began fine.

install fail

server install failed using ubuntu server 12.04 32 bit
File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 828, in install_eggs

return self.build_and_install(setup_script, setup_base)

File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 1105, in build_and_install

self.run_setup(setup_script, setup_base, args)

File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 1096, in run_setup

raise DistutilsError("Setup script exited with %s" % (v.args[0],))

distutils.errors.DistutilsError: Setup script exited with error: command 'gcc' failed with exit status 1

Cleaning up...
Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_root/cryptography
Storing debug log for failure in /root/.pip/pip.log

Confused on how snoopy.db is created

Hi the Readme does not make this clear but how exactly does one create the snoopy.db sqlite file used to store data? I first tried passing it the path to a non existent snoopy.db file in the path I wanted it in hoping it would create such a file but it Crashed, so then I tried creating a empty sqlite database thinking snoopy would populate it with the appropriate tables but I got the same error message.
How am I supposed to create snoopy.db? I encountered this on stock debian and arch linux with SQLAlchemy version 0.7.8 The error message can be found below:

[+] Starting Snoopy with plugins: server
[+] Capturing local only. Saving to 'sqlite:///path/to/snoopy/snoopy-ng/snoopy.db'
Traceback (most recent call last):
File "./snoopy.py", line 428, in
main()
File "./snoopy.py", line 425, in main
options.key, options.location, options.flush, options.verbose)
File "./snoopy.py", line 86, in init
if not self.db.dialect.has_table(self.db.connect(), tbl.name):
File "/usr/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 2013, in connect
return self._connection_cls(self, **kwargs)
File "/usr/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 72, in init
if connection is not None else engine.raw_connection()
File "/usr/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 2099, in raw_connection
self.pool.unique_connection, _connection)
File "/usr/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 2073, in _wrap_pool_connect
e, dialect, self)
File "/usr/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 1403, in _handle_dbapi_exception_noconnection
exc_info
File "/usr/lib/python2.7/site-packages/sqlalchemy/util/compat.py", line 199, in raise_from_cause
reraise(type(exception), exception, tb=exc_tb)
File "/usr/lib/python2.7/site-packages/sqlalchemy/engine/base.py", line 2069, in _wrap_pool_connect
return fn()
File "/usr/lib/python2.7/site-packages/sqlalchemy/pool.py", line 318, in unique_connection
return _ConnectionFairy._checkout(self)
File "/usr/lib/python2.7/site-packages/sqlalchemy/pool.py", line 708, in _checkout
fairy = _ConnectionRecord.checkout(pool)
File "/usr/lib/python2.7/site-packages/sqlalchemy/pool.py", line 480, in checkout
rec = pool._do_get()
File "/usr/lib/python2.7/site-packages/sqlalchemy/pool.py", line 1140, in _do_get
return self._create_connection()
File "/usr/lib/python2.7/site-packages/sqlalchemy/pool.py", line 323, in _create_connection
return _ConnectionRecord(self)
File "/usr/lib/python2.7/site-packages/sqlalchemy/pool.py", line 449, in init
self.connection = self.__connect()
File "/usr/lib/python2.7/site-packages/sqlalchemy/pool.py", line 602, in __connect
connection = self.__pool._invoke_creator(self)
File "/usr/lib/python2.7/site-packages/sqlalchemy/engine/strategies.py", line 97, in connect
return dialect.connect(_cargs, *_cparams)
File "/usr/lib/python2.7/site-packages/sqlalchemy/engine/default.py", line 377, in connect
return self.dbapi.connect(_cargs, *_cparams)
sqlalchemy.exc.OperationalError: (sqlite3.OperationalError) unable to open database file

RogueAP network crashing

Running Raspberry Pi Kali and Alfa Awus036h. I can run rogueAP, with run_dhcp and local_nat, and connect if I have my eth0 interface down but, then my rogueAP has no internet access. If I have eth0 up when I start Snoopy and I connect to the rogue access point the network goes down and my mon0 interface disappears. If I start Snoopy with eth0 down I can connect to the access point without internet access but, the moment I bring up eth0 it shuts down the network and gets rid of mon0.

Traceback error every 30 to 60 minutes

This has been going on for a few days now. I was hoping it would go away. Any ideas?

Traceback (most recent call last):
File "snoopy.py", line 428, in
main()
File "snoopy.py", line 425, in main
options.key, options.location, options.flush, options.verbose)
File "snoopy.py", line 91, in init
self.go()
File "snoopy.py", line 133, in go
self.get_data()
File "snoopy.py", line 154, in get_data
multidata = m.get_data()
File "/root/src/snoopy-ng/plugins/wifi.py", line 178, in get_data
m.proc_packet(packet)
File "/root/src/snoopy-ng/plugins/mods80211/wpa.py", line 49, in proc_packet
self.cp.parse_packet(p)
File "/usr/lib/pymodules/python2.7/cpyrit/pckttools.py", line 660, in parse_packet
self._add_keypckt(sta, 0, pckt)
File "/usr/lib/pymodules/python2.7/cpyrit/pckttools.py", line 564, in _add_keypckt
self.new_auth_callback((station, auth))
File "/root/src/snoopy-ng/plugins/mods80211/wpa.py", line 25, in auth_handler
if auth.station.ap.isCompleted():
AttributeError: 'tuple' object has no attribute 'station'

shadow keys?

I just updated to Maltego Chlorine and now whenever I try to run a transform on the base of operations it is asking me for a shadow key. I'm obviously missing something basic. Any guidance on this?

wifi_AP_obs signal strength

Anyone managed to add signal strength of AP to the wifi_AP_obs table? I seem to remember someone getting it working for client probes. In the plugins> mods80211 folder there is reference to sig_str = p.dBm_AntSignal in wifi_aps.py but havent got any further than adding the column to the table. Any thoughts/tips appreciated.

Not scanning across wifi channels

I am running 1.09 kali image on raspberry pi with Alfa awus051nh (dualband) and have found that I only appear to detect APs and clients on one channel. when i run kismet or wifi analyser on another device I detect lots more APs/clients in the same location.
I have tried wifi:mon=True and false and also tried placing alfa into monitor mode before running snoopy but still no joy.

It seems like snoopy locks on one channel when it runs rather than hopping. I have ran airodump-ng on same pi and it scans all the channels so do think its a driver issue.

Any thoughts?

note: I had to comment out mitmproxy in install.sh and remove the mitmproxy.py to compile without errors

netgulb

how would i use netglub instead of maltego? http://www.netglub.org/

libffi-dev required

Hello,

This package is required on rapsbian or the install will fail.

BR,
mamouth.

Maltego fetchDrones error

On Kali 1.0.7 - pristine distro and fresh snoopy-ng install.

When performing:

Open Maltego
Select 'Import Configuration'
Choose 'snoopy_entities.mtz' from the transforms folder
Drag the 'Base of Operations' entity from the Snoopy tab in the Palette menu onto a blank graph
Right click, select Transforms, Select 'fetchDrones'

Traceback (most recent call last):
  File "fetchDrones.py", line 13, in <module>
    from transformCommon import *
  File "/media/psf/Home/Dev/snoopy-ng/transforms/transformCommon.py", line 80, in <module>
    s = select([proxs], and_(*filters))
NameError: name 'proxs' is not defined

Fetch Drones Fail

Could be me but when I follow the instructions on github.
After starting snoopy on Kali 1.0.8 clean install, maltego cant fetch any drones.

Drone is Kali 1.0.8 VM in virtualbox with connected wifi via usb.
running "python snoopy.py -d test -v -m wifi -l test"
According to the output when ran "-m wifi" will just cause snoopy to use all interfaces.

I open maltego on the same kali VM in another desktop view.
I import 'snoopy_entities.mtz' from the Transforms folder.
I drag the 'Base of Operations' entity on to the graph.
Right click the 'Base of Operations' entity and select fetchDrones.
The Transform output on maltego says it returns:
"Transform fetchdone returned with 0 entities"

The guide says to select the transform "Get Drones" but that doesn't exist.
I just assume you meant fetchDrones.

Is there something I am doing wrong here or is there some other config issue that needs addressed? Thanks.

-> fetchDrones: "The directory is invalid".

dbpath is: sqlite:///c:\snoopy\snoopy.db
(changed this in the config)

Importing the .mtz etc into Maltego went without any errors.

Any ideas?

Thx in advance.

Mart