How to Conduct Wireless Recon on Bluetooth, Wi-Fi & GPS with Sparrow-wifi

If you're ever in a situation where you need to take a peek at the wireless spectrum, whether it's for Blueto

توسط PATRIS-MUSIC در 25 مرداد 1399

If you're ever in a situation where you need to take a peek at the wireless spectrum, whether it's for Bluetooth or Wi-Fi devices, there's a fascinating Python 3-based tool called Sparrow-wifi you should check out. It's cross-platform, easy to use, and has an impressive GUI that shows you the signal strength of nearby devices.

Sparrow-wifi, branded as a "next-generation" analysis tool for wireless reconnaissance and surveillance, is simple to install. There's just a bunch of Python libraries you need, and then no matter what system you're on, it should be pretty easy to use. It works great on a Raspberry Pi, and just as good on Kali Linux.

What You Could Do with Sparrow-Wifi

Ghostop14 created Sparrow-wifi to be installed on a Raspberry Pi attached to a drone or rover for war-flying or wardriving use cases. It was even tested out on a 3DR Solo aerial drone, and you can read more about their experience using Sparrow-wifi on Raspberry Pi and drone on the GitHub page. We'll just be using it on a Kali Linux system running on a laptop, but it'll be similar for a Pi-based project.

Before getting into using Sparrow-wifi, it's good to show what all it can do. Being a "next-generation 2.4 GHz and 5 GHz Wifi spectral awareness tool," it has Wi-Fi capabilities, a software-defined radio, advanced Bluetooth options, and GPS capabilities (which can also be connected to the GPS on drones and rovers). The most prominent features worth pointing out today include but aren't limited to:

  • Overlay 2.4 GHz and 5 GHz spectrums in real-time on top of the Wi-Fi spectrum.
  • Identify SSID information for nearby devices over Wi-Fi.
  • Identify nearby Bluetooth and Bluetooth LE devices.
  • Track Bluetooth LE advertisement sources (iBeacons) with a telemetry window.
  • Send out your own iBeacon advertisements.
  • War-fly or wardrive using a Raspberry Pi on a drone or rover using GUI-controlled or autonomous scan and record modes.
  • Import or export from or to a CSV file or JSON file.
  • See Google Maps locations from GPS coordinates provided by discovered SSID or Bluetooth devices, which can be helpful to plot the Wi-Fi telemetry over time.

What You Need to Get Started

You'll need a wireless network adapter that can be put into monitor mode. Aside from that, you'll need a computer to run it on that has Python 3, and that's it.

Step 1: Update & Upgrade Kali

Before installing anything, it's good to use update to resync and update package index files on the system from their sources, as well as upgrade to update all of the tools that have newer versions found in the update. The upgrade might take a while, depending on how many packages are out of date.

~$ sudo apt update && sudo apt upgrade Hit:1 http://kali.download/kali kali-rolling InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
17 packages can be upgraded. Run 'apt list --upgradable' to see them.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required: fonts-glyphicons-halflings gir1.2-appindicator3-0.1 libappindicator3-1 libboost-iostreams1.67.0 libboost-system1.67.0 libboost-thread1.67.0 libgdal26 libicu63 libmpdec2 libprotobuf22 libpython3.7-minimal libpython3.7-stdlib libqhull7 libre2-6 libx264-155 libx265-179 php7.3-mysql python3-flask-session python3-pcapfile python3.7 python3.7-minimal ruby-did-you-mean
Use 'sudo apt autoremove' to remove them.
The following packages have been kept back: crackmapexec gcc-10-base lib32gcc-s1 lib32stdc++6 libatomic1 libcc1-0 libgcc-s1 libgfortran5 libgomp1 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libtsan0 libubsan1 php-common
0 upgraded, 0 newly installed, 0 to remove and 17 not upgraded.

Step 2: Install the Needed Dependencies

Now, we need to install some of the Python 3 and GPS tools needed, including python3-pip, gpsd, gpsd-clients, python3-tk, and python3-setuptools. Use the following command to do so.

~$ sudo apt install python3-pip gpsd gpsd-clients python3-tk python3-setuptools Reading package lists... Done
Building dependency tree
Reading state information... Done
python3-setuptools is already the newest version (46.1.3-1).
python3-setuptools set to manually installed.
The following additional packages will be installed: gpsd-tools libgps26 python-pip-whl python3-gps python3-wheel
Suggested packages: tix python3-tk-dbg
The following NEW packages will be installed: gpsd gpsd-clients gpsd-tools libgps26 python-pip-whl python3-gps python3-pip python3-wheel
The following packages will be upgraded: python3-tk
1 upgraded, 8 newly installed, 0 to remove and 824 not upgraded.
Need to get 3,533 kB of archives.
After this operation, 7,755 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://kali.download/kali kali-rolling/main amd64 libgps26 amd64 3.20-12 [98.6 kB]
Get:2 http://kali.download/kali kali-rolling/main amd64 gpsd amd64 3.20-12 [413 kB]
Get:3 http://kali.download/kali kali-rolling/main amd64 gpsd-tools amd64 3.20-12 [299 kB]
Get:4 http://kali.download/kali kali-rolling/main amd64 python3-gps amd64 3.20-12 [105 kB]
Get:5 http://kali.download/kali kali-rolling/main amd64 gpsd-clients amd64 3.20-12 [432 kB]
Get:6 http://kali.download/kali kali-rolling/main amd64 python-pip-whl all 20.0.2-5kali1 [1,842 kB]
Get:7 http://kali.download/kali kali-rolling/main amd64 python3-wheel all 0.34.2-1 [24.0 kB]
Get:8 http://kali.download/kali kali-rolling/main amd64 python3-pip all 20.0.2-5kali1 [211 kB]
Get:9 http://kali.download/kali kali-rolling/main amd64 python3-tk amd64 3.8.5-1 [109 kB]
Fetched 3,533 kB in 1s (2,563 kB/s)
Reading changelogs... Done
Selecting previously unselected package libgps26:amd64.
(Reading database ... 287092 files and directories currently installed.)
Preparing to unpack .../0-libgps26_3.20-12_amd64.deb ...
Unpacking libgps26:amd64 (3.20-12) ...
Selecting previously unselected package gpsd.
Preparing to unpack .../1-gpsd_3.20-12_amd64.deb ...
Unpacking gpsd (3.20-12) ...
Selecting previously unselected package gpsd-tools.
Preparing to unpack .../2-gpsd-tools_3.20-12_amd64.deb ...
Unpacking gpsd-tools (3.20-12) ...
Selecting previously unselected package python3-gps.
Preparing to unpack .../3-python3-gps_3.20-12_amd64.deb ...
Unpacking python3-gps (3.20-12) ...
Selecting previously unselected package gpsd-clients.
Preparing to unpack .../4-gpsd-clients_3.20-12_amd64.deb ...
Unpacking gpsd-clients (3.20-12) ...
Selecting previously unselected package python-pip-whl.
Preparing to unpack .../5-python-pip-whl_20.0.2-5kali1_all.deb ...
Unpacking python-pip-whl (20.0.2-5kali1) ...
Selecting previously unselected package python3-wheel.
Preparing to unpack .../6-python3-wheel_0.34.2-1_all.deb ...
Unpacking python3-wheel (0.34.2-1) ...
Selecting previously unselected package python3-pip.
Preparing to unpack .../7-python3-pip_20.0.2-5kali1_all.deb ...
Unpacking python3-pip (20.0.2-5kali1) ...
Preparing to unpack .../8-python3-tk_3.8.5-1_amd64.deb ...
Unpacking python3-tk:amd64 (3.8.5-1) over (3.8.2-2) ...
dpkg: warning: unable to delete old directory '/usr/lib/python3.7/tkinter': Directory not empty
Setting up libgps26:amd64 (3.20-12) ...
Setting up gpsd-tools (3.20-12) ...
Setting up python3-tk:amd64 (3.8.5-1) ...
Setting up python3-wheel (0.34.2-1) ...
Setting up python-pip-whl (20.0.2-5kali1) ...
Setting up python3-gps (3.20-12) ...
Setting up gpsd (3.20-12) ...
Creating/updating gpsd user account...
gpsd.socket is a disabled or a static unit, not starting it.
gpsd.service is a disabled or a static unit, not starting it.
gpsd.socket is a disabled or a static unit, not starting it.
Setting up gpsd-clients (3.20-12) ...
Setting up python3-pip (20.0.2-5kali1) ...
Processing triggers for desktop-file-utils (0.24-1) ...
Processing triggers for mime-support (3.64) ...
Processing triggers for libc-bin (2.30-4) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for kali-menu (2020.2.2) ...

Before installing the next batch of tools that are needed, you should upgrade pip3 first to prevent errors that others have experienced when installing the other dependencies. Use the following command to do it.

~$ sudo pip3 install --upgrade pip Collecting pip Downloading pip-20.2.2-py2.py3-none-any.whl (1.5 MB) |████████████████████████████████| 1.5 MB 1.0 MB/s
Installing collected packages: pip Attempting uninstall: pip Found existing installation: pip 20.0.2 Not uninstalling pip at /usr/lib/python3/dist-packages, outside environment /usr Can't uninstall 'pip'. No files were found to uninstall.
Successfully installed pip-20.2.2

Finally, install the last batch of dependencies needed for Sparrow-wifi, which include QScintilla, PyQtChart, gps3, dronekit, manuf, python-dateutil, numpy, and matplotlib.

~$ sudo pip3 install QScintilla PyQtChart gps3 dronekit manuf python-dateutil numpy matplotlib Collecting QScintilla Downloading QScintilla-2.11.5-cp35.cp36.cp37.cp38-abi3-manylinux2014_x86_64.whl (2.6 MB) |████████████████████████████████| 2.6 MB 1.0 MB/s
Collecting PyQtChart Downloading PyQtChart-5.15.0-5.15.0-cp35.cp36.cp37.cp38-abi3-manylinux2014_x86_64.whl (1.2 MB) |████████████████████████████████| 1.2 MB 7.2 MB/s
Collecting gps3 Downloading gps3-0.33.3-py2.py3-none-any.whl (29 kB)
Collecting dronekit Downloading dronekit-2.9.2-py3-none-any.whl (56 kB) |████████████████████████████████| 56 kB 5.9 MB/s
Collecting manuf Downloading manuf-1.1.1-py3-none-any.whl (539 kB) |████████████████████████████████| 539 kB 10.4 MB/s
Requirement already satisfied: python-dateutil in /usr/lib/python3/dist-packages (2.8.1)
Requirement already satisfied: numpy in /usr/lib/python3/dist-packages (1.17.4)
Requirement already satisfied: matplotlib in /usr/lib/python3/dist-packages (3.2.1)
Requirement already satisfied: PyQt5>=5.10.1 in /usr/lib/python3/dist-packages (from QScintilla) (5.14.2)
Collecting PyQt5-sip<13,>=12.8 Downloading PyQt5_sip-12.8.0-cp38-cp38-manylinux1_x86_64.whl (293 kB) |████████████████████████████████| 293 kB 11.2 MB/s
Collecting pymavlink>=2.2.20 Downloading pymavlink-2.4.9.tar.gz (3.6 MB) |████████████████████████████████| 3.6 MB 8.2 MB/s
Collecting monotonic>=1.3 Downloading monotonic-1.5-py2.py3-none-any.whl (5.3 kB)
Requirement already satisfied: future in /usr/lib/python3/dist-packages (from pymavlink>=2.2.20->dronekit) (0.18.2)
Requirement already satisfied: lxml in /usr/lib/python3/dist-packages (from pymavlink>=2.2.20->dronekit) (4.5.0)
Building wheels for collected packages: pymavlink Building wheel for pymavlink (setup.py) ... done Created wheel for pymavlink: filename=pymavlink-2.4.9-cp38-cp38-linux_x86_64.whl size=3695087 sha256=91c89fc1e95245a57d461a2cb23fcbd10c7319249cf782eb575c17fbe1e3ffa0 Stored in directory: /root/.cache/pip/wheels/3b/26/1c/5500a65a7d7ac54cade1db721eefce7b5c6e451862a21423bb
Successfully built pymavlink
Installing collected packages: PyQt5-sip, QScintilla, PyQtChart, gps3, pymavlink, monotonic, dronekit, manuf
Successfully installed PyQt5-sip-12.8.0 PyQtChart-5.15.0 QScintilla-2.11.5 dronekit-2.9.2 gps3-0.33.3 manuf-1.1.1 monotonic-1.5 pymavlink-2.4.9
PyQtChart gps3 dronekit manuf python-dateutil numpy matplotlib

Step 3: Install Sparrow-wifi

Now, we're ready to install Sparrow-wifi, which you can clone from its GitHub repository. It's that easy, and we can start diving into what it has to offer and how to use it for wireless recon.

~$ git clone https://github.com/ghostop14/sparrow-wifi Cloning into 'sparrow-wifi'...
remote: Enumerating objects: 75, done.
remote: Counting objects: 100% (75/75), done.
remote: Compressing objects: 100% (53/53), done.
remote: Total 593 (delta 42), reused 53 (delta 22), pack-reused 518
Receiving objects: 100% (593/593), 2.13 MiB | 3.14 MiB/s, done.
Resolving deltas: 100% (397/397), done.

Step 4: Run Sparrow-wifi

With Sparrow-wifi installed, let's change into its directory:

~$ cd sparrow-wifi ~/sparrow-wifi$

And see what's inside:

~/sparrow-wifi$ ls docs sparrowhackrf.py
images sparrowmap.py
__init__.py sparrowrpi.py
LICENSE sparrow-screenshot.png
README.md sparrowtablewidgets.py
rpi.setup_prerequisites.sh sparrowwifiagent.cfg.sample
scripts sparrowwifiagent.py
sparrowbluetooth.py sparrow-wifi.py
sparrowcommon.py spectrum-screenshot.png
sparrowdialogs.py telemetry.py
sparrowdrone.py telemetry-screenshot.png
sparrow-elastic.py wifi_icon.png
sparrowgps.py wirelessengine.py

Today, we just want to use the main sparrow-wifi.py script; run that using:

~/sparrow-wifi$ sudo ./sparrow-wifi.py WARNING: CPU random generator seem to be failing, disable hardware random number generation
WARNING: RDRND generated: 0xffffffff 0xffffffff 0xffffffff 0xffffffff
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'

Step 5: Use Sparrow-wifi for Recon

That last command should open the GUI for Sparrow-wifi. Once it's up, we can select an interface that we want to scan on in the Local Interface drop-down menu. Then, press the "Scan" button next to it.

It will immediately start scanning for nearby devices, showing their SSIDs, MAC addresses, vendor names, security protocols, channels, frequencies, signal strengths, bandwidths, and more. It'll even show when the devices were first and last seen.

While I don't have GPS activated, you can click the GPS icon in the top right of the window to open XGPS, which will show you the satellites being used to derive the GPS lock, as well as other useful data.

Let's go over the menus real quick. In the "Agent" menu, you'll be able to connect to a remote agent, enable remote recordings, and perform agent discovery and configuration. We're not interested in any of this right now.

Next up, we have "Geo," which will show us some tools for GPS. For instance, there's GPS coordinate monitoring, which will tell us the last valid coordinates. We can also launch XGPS from here, just like before, when clicking the GPS icon. We've also got a way to create an access point map, which you can attempt to use to see where everything relates to you. There's also an option to create an SSID map from telemetry, which is more about the signal strength and other data.

Now for the "Bluetooth" menu. If you have Bluetooth enabled, you can create an iBeacon or scan for existing ones, provided that a Bluetooth device is advertising. That's not always the case since Bluetooth devices are dissimilar to Wi-Fi in terms of the way they advertise themselves and how you can discover them. For instance, they hop frequencies, so they'll never look Wi-Fi the 2.4 GHz graph, which makes them hard to track. Unfortunately, you also cannot scan for both Bluetooth and Bluetooth LE devices at the same time.

In the "Spectrum" menu item, you can adjust the spectrum analyzer gain, but we're not interested in that for our purposes today.

Next to the "Scan"/"Stop scanning" button, you can choose a different Scan Mode from the drop-down. We were on "Normal," but if we switch it to "Hunt," select a channel that we want to narrow it down to, then rescan to hunt a particular network.

There's also an option available to remove any network that hasn't been seen in the last three minutes, which is excellent to get rid of all the junk you don't want after starting a hunt scan.

Now, in the left-bottom 2.4 GHz pane, we can see which spectrums are being utilized and where they are. So that if we wanted to focus on a particular thing, we could click on one of the results.

Once a result is highlighted, you can go up to the "Telemetry" menu, and choose "Telemetry For Selected Network."

That'll open a new window with a tracker active. We can see the signal strength relative to this device, and if you have GPS enabled, you would be able to see the signal strength compared to the longitude and latitude changes as you move around. You could also point a directional antenna around to use the telemetry tracker to close in on the device.

I'm not actually moving, so you're not going to see a big jump in signal strength in my screenshots, but if you move your directional antenna around and point it in the right direction, you'll see a big spike in strength in the top left pane. You can see spikes like that in our guides on choosing the right antenna for Wi-Fi hacking and hunting down Wi-Fi devices with a directional antenna. But setting up Wireshark is a lot more complicated than just firing up Sparrow-wifi.

Sparrow-wifi Is Definitely Worth a Look

Sparrow wifi is a quick and easy way to throw up a GUI interface and see what's around you, whether you're looking for Bluetooth or Wi-Fi devices. Now, it's not exactly as advanced as something like Kismet, which can show you all sorts of detailed information about everything, but it's a really great Python tool to get started. It can even be mounted on a drone, which is pretty impressive.

Want to start making money as a white hat hacker? Jump-start your white-hat hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from ethical hacking professionals.

Buy Now (90% off) >

Cover photo and screenshots by Retia/Null Byte


tinyurlis.gdclck.ruulvis.netshrtco.de
آخرین مطالب
مقالات مشابه
نظرات کاربرن