Nikto for Aircrack-NGUI

Nikto has been added to Aircrack-NGUI. It can be located under Other Tools->Nikto. It has a graphical interface for all Nikto options and has profiles support as well. You can download the latest version of Aircrack-NGUI here, or download the minimalistic version of NGUI here.

Another Fresh Batch Of Updates!

...just like the kind my grandma used to make. Here's the latest updates on Aircrack-NGUI:

• Renamed the forms to remove the Aircrack-NGUI prefix.
The form names went on a diet and slimmed down! (Ironic with the cookie image associated with this post) The form's titles no longer say "Aircrack-NGUI - <form name>", and instead just say "<form name>", for easier location on the menu bar.
• Removed the button-and-menu layout and replaced with menus with hotkeys.
The button-and-menu layout is (mostly) gone! You now have a menu bar on the main page to navigate through the program and only open the windows you need. For example, opening a Ping window originally took several clicks and windows (Main Form->Other Tools (own window)->Basic Tools (own window)->Ping. You now click on the Other Tools menu, highlight on Basic Tools (another menu will pop up) and click Ping, so you're left with the main menu and the Ping window. I do have plans for the empty space on the main page, so just accept the eyesore for right now.
• Fixed the output of Replay/Inject packets so it would rewrite the line on carriage returns with no line feed.
Essentially, I made the Replay/Inject Packets window output resemble the aireplay-ng output. There are a few bugs with this with ARP request replay, fragmentation, and chop-chop, but I'm working on it.
• Added profiles option to Discover Networks.
This one's a big one. You can now create "profiles" in Discover Networks that save on your hard disk for you to pull up later. This is helpful if you have a certain setting in Discover Networks you want to use over-and-over but don't want to click on the checkboxes and fill out the text boxes each time. This is entirely optional and only saves profiles when you indicate so.
• Moved the scripts to a better-named folder.
Moved the scripts that NGUI relies on from "Scripts" to "RequiredScripts". Not much more than that.
• Added the Trace Route option
Trace Route! Woo hoo! You can now trace the route between your computer and an external (or internal) address. What makes this special? Well, Aircrack-NGUI displays it in a table which (you guessed it) you can right-click on individual rows and send data to other parts of the program. Very nice if you want to discover if a hop on a traceroute has ICMP echo responses enabled.
• Started on the Settings screen with Preferred Interfaces.
This is another start but I'm working on the Settings screen, which will include options such as deleting all profiles, specifying "preferred" interfaces (automatically selected when a new form is populated), and much, much more.
• Binaries.
The binaries to reflect the above updates as well.

Things are slowly improving and getting more user-friendly, especially with the release of profiles, which I plan to implement more across the system.

Click here to download the latest version of Aircrack-NGUI.

Happy hacking!

IP Tables, WPA Handshakes, and Metasploit, Oh My!

Another release for Aircrack-NGUI. Here's what this version entails:

• Allow user to delete iptable entries under the FORWARD profile
When you click "Check IP Tables" on the ARP Poison Routing page, it would just tell you whether your IP tables will allow forwarding of packets through the rules. Now, instead of it going "boo hoo, open a terminal and clear your FORWARD rules," it offers to display another window on clearing out the rules. You need just select one and click Delete. Click OK to close the window and check again if your rules pass for an ARP Poison Routing attack.
• Display captured WPA handshake in table
The Discover Networks page now has a HANDSHAKE column that will read "YES" when a handshake is captured for a network. Please note that until I can get a patched version of airodump-ng, networks with the same first 5 octets will read "YES" at the same time, even though a handshake may only be captured for one of them.
• Metasploit and Armitage feature in Other Tools.
Before I get a flame war started on this, I'm not actually incorporating a full-fledged Metasploit GUI built by yours truly. This is merely a "quick page" to do common functions with Metasploit. These being, run msfupdate, msfconsole, msfgui, and Armitage. That's all it does.

I hope you enjoy this latest release of Aircrack-NGUI!

Click here to download the hacking sensation that's sweeping the nation.

Bugs, Bugs, Gotta Love Bugs, BUUUUUGGGSSS!

I made a promise to myself that after I added Reaver to Aircrack-NGUI that I would try to work down the issues list. So, I have. We are currently down to 5 issues so that means it's time for a new release!

• Started code on setting a table row's background color.
There's an issue in the database right now that there's no way for a user to know if they caught a WPA handshake on a network they're monitoring. I've started the process by supplying a base code that allows for selected row background coloring. The feature isn't complete yet, but it's on its way.
• Fixed reliance on installed programs.
Aircrack-NGUI detects what programs you have installed and enables/disables buttons and features according to what you have. There was a bug where the entirety of Network Devices was disabled if you didn't have airmon-ng installed. I changed it to only the buttons being disabled and the feature only becomes disabled if you don't have ifconfig or iwconfig installed.
• Fixed issue where aireplay-ng process wouldn't be killed when the window was closed.
Nasty yet tiny little bug where if you closed the results from a running Replay/Inject Packets window, the aireplay-ng process in the background wouldn't terminate. So, you don't see it running and if you don't use the "ps" command in a terminal, you don't even know it's still running. This has been corrected so that when you close the window, it kills the process.
• Added feature to auto-populate the manufacturer section of a MAC address with search feature.
MAC Changer now allows you to click the ellipses next to the specify specific MAC address and it lets you type in the name of a manufacturer into the search. When you click Go, it will query MAC Changer for all MAC prefixes with that search term in the name. You can then select a MAC prefix and click OK, and it will populate the first three octets with the selected prefix with the next textbox auto-focused for you. Helpful if you need a MAC address from a certain vendor.
• Added hone in on network, hone in on network and capture IVS, and fixed the output of Replay/Inject packets.
You can now "hone-in" on a network (channel and network MAC specified for airodump-ng) and also hone-in and capture IVS on a network (same as "hone-in" but --ivs and -w "autocapture" specified). This lets you quickly set up a capture setting from Discover Networks instead of copying information and closing the results window and adjusting the settings. We're all about not having to copy information here, folks.

That's it for right now. I'm working on more bugs but after that comes the Metasploit and Armitage tool under the Other Tools setting.

Click here to download the latest copy of Aircrack-NGUI.

Reaver Added To NGUI

That's right, folks. The WPS-cracking tool has been added to the NGUI available functions. It's integrated into the Discover Networks feature, so if you perform a Wash scan and it reports that a network has WPS enabled, you can right-click it and select Attack Network->Reaver. It'll populate a new Reaver form with the network's BSSID. You can populate the information you want after that and click Start. Watch the magic unfold in the NGUI process result window. Happy hacking!

Download the latest version of Aircrack-NGUI here.

Spring-- er, Fall Cleaning!

I've greatly cleaned up the Aircrack-NGUI code so that functions are shorter and much more documented. I need to make one more pass-through for removing unused implemented Listeners on classes, but I need a quick sweep of the program to make sure everything's still working properly. I've updated the issues list on the repository page to show everything that's wrong with the current codebase. I'll work to knock those out but I can only do so much at a time. Also, the seeds of adding Reaver to the program have been sown. The "side-kick" to Reaver called Wash has been embedded into the Discover Networks scan. It will scan for WPS-enabled networks in the background while populating the data of airodump-ng and fixing the ESSIDs with an iw dev scan (which you now have the option to do a passive scan). The next step is to implement the actual Reaver page, which shouldn't take too long.

Fast Scanning and Network Graphing

Hello, all! Another update here for Aircrack-NGUI (I'm on fire this month). Got two new features for ya all packaged up in a new release:

Fast Scanning: The Discover Hosts section of NGUI now allows you to perform a fast scan (or the -F option in nmap) to scan fewer ports and get faster results. Just select the "Quick Scan (-F)" option under Scan Types in Discover Hosts to use this new feature.

Network Graphing: The Graph Network section of NGUI is now available! Run a Discover Networks scan with the "Write Results To File" option selected and a location selected. Stop the network scan and then open up the resultant .csv file in Graph Networks. Specify an output location (.png file extension) and a graph type. Then, an image will pop up with the results of your scan.

A More Managed List Of Updates

Here's a list of commits and their explanations from BitBucket:

1. Fixed non-standard function calls
I believe it was only the ARP Poison Routing attack page that did this. It was referencing its own function for determining the interface's IP address and subnet mask instead of CAircrackUtilities's globally-used functions that do the same thing.
2. Allowed interfacing with outside forms (Discover Networks and Discover Hosts)
This allows programmers to auto-set certain fields before displaying a form. As the commit says, used mostly by Discover Networks and Discover Hosts. This is how the data "auto-populates" into a new form.
3. Deleted files
Naming convention on Replay/Inject Packets folder created two folders, "Replay" and "Inject Packets", which was inside of Replay. Changed to Replay-Inject Packets and deleted the old folders.
4. Added option for finding a row index by a column value (needed for Discover Networks)
Pretty self-explanatory. Finds a row index in a CTable by specifying a column and the value to search on.
5. GUI and back-end changes
Mainly for the main page and MAC Changer. For the main page, it no longer requires you to put an interface into monitor mode when launching Discover Networks. For MAC Changer, it removed the Permanent MAC and Permanent Manufacturer labels since BackTrack 5's version of MAC changer doesn't let you view the permanent information, just the current.
6. HUGE graphics and functionality overhaul on Discover Networks
And I mean HUGE. The clunky two-screen system with just the output of airodump-ng and filtered output from iwlist is gone. Replaced with two tables, one for networks and one for stations. You can right-click the networks or stations and send their data to other parts of the system. As the grayed-out options indicate, this screen isn't done yet, but to the point where it's usable.
7. Binaries update
The binaries to reflect the mentioned-above updates.

A Plethora Of Updates

The major changes to the latest commit to Aircrack-NGUI would be the Network Devices and Discover Hosts pages. Network Devices now lets you do more than just bringing an interface up and starting monitor mode. You can now change the IP address, subnet mask, set to modes besides monitor (including Master and Repeater), and quickly copy information to the clipboard. The Discover Hosts page now lets you "send" information to other parts in the system. You can discover a computer on a network and with a right-click and a left-click, start a De-Authentication attack on it.

WPA Dictionary Feature Added!

The WPA Dictionary section of Aircrack-NGUI's initial release is finished! It allows you to use the airolib-ng function in a graphical interface. It allows you to view the database stats, execute sql, verify and clean the database, batch process, import and export the SQLite database.

Crack WEP/WPA Keys Feature Added!

The Crack WEP/WPA Keys section of Aircrack-NGUI's initial release is finished! It allows you to use the .ivs or .cap files that is generated by airodump-ng (Discover Networks feature) and attempt to strip a password out of it (WEP), or brute-force it with password dictionary (WPA/WPA2). Please note: I do not condone the use of this feature on networks that you do not have approval to crack. If you do, it is illegal and you could face criminal penalties. You have been warned. Enjoy this section of Aircrack-NGUI! Next up, building and manipulating network dictionary databases (airolib-ng)!

Discover Hosts Feature Added!

The Discover Hosts section of Aircrack-NGUI's initial release is finished! It allows for three different scan modes (Standard, SYN, and OS (Operating System)). It shows all the commonly needed information (Device Type, Host Name, IP Address, MAC Address, Manufacturer, Latency, and Open Ports). It still has a lot of work to do on it, but good enough at this point to be usable.

Aircrack-NGUI Is Now On BitBucket!

The Aircrack-NGUI source code is now available on BitBucket! Just go to the following address:

https://bitbucket.org/pbromwelljr/aircrack-ngui/

Follow the steps on the site to getting your repository set up. Happy coding!