debian/0000755000000000000000000000000011565174202007171 5ustar debian/changelog0000644000000000000000000000713111565174200011043 0ustar pyrit (0.4.0-2build1) oneiric; urgency=low * Rebuild for OpenSSL 1.0.0. -- Colin Watson Thu, 19 May 2011 12:01:19 +0100 pyrit (0.4.0-2) unstable; urgency=low * debian/control: - Bumped Standards-Version to 3.9.2 (no changes needed) * debian/build.config - Renamed to build.config.in and use a placeholder value for limit_ncpus * debian/rules: - Adapted to generate a pyrit config at build time which takes into account, if set, the value from DEB_BUILD_OPTIONS=parallel=N for the number of cores pyrit should use during build * debian/TODO: - Removed build-time config (see above) from list * debian/patches added: - 0014-performancecounter-handle-empty-result-gracefully Don't attempt to process nonexistent results. Closes: #620991 - 0015-increase-timeout-in-unittests In combination with the previous patch, this ensures that the affected test cases are nevertheless fully run on slower hosts -- Christian Kastner Sun, 17 Apr 2011 22:24:49 +0200 pyrit (0.4.0-1) unstable; urgency=low * New upstream version. * debian/control: - Upgraded Depends on python-all-dev to versioned dependency (>= 2.5) due to use of "with" statement - Added Depends on libpcap-dev (new upstream requirement) - Downgraded Depends for python-sqlalchemy to 0.5.6 (new upstream feature) - Don't start package description with article ("A" in this case) * debian/watch: - Simplified, as Google Code now provides hrefs in the Downloads list again debian/pyrit.1: - Sync'ed man page with upstream documentation for this version - Minor corrections * debian/patches dropped (implemented/included upstream): - 0001-Add-OpenSSL-linking-exception-from-upstream - 0002-Clean-up-after-unit-tests - 0004-Fixed-deprecation-warning-generated-by-sql-alchemy - 0005-Link-against-libcrypto-not-libssl - 0007-add-option-to-limit-cores - 0008-disable-optimizations-on-i386 - 0009-exception-handling-fix - 0010-Add-SHA1-licensing-update-from-upstream - 0011-fix-list-index-error - 0012-fix-SSE2-detection - 0013-FTBFS-on-failed-unit-tests -- Christian Kastner Mon, 04 Apr 2011 22:26:24 +0200 pyrit (0.3.0-2) unstable; urgency=low * debian/control: - Bump Standards-Version to 3.9.1 (no changes needed) - Updated package description, indicating that optimizations are detected at run-time (a result of dropping patch 0008 and adding 0012). * debian/patches: - Added 0012-fix-SSE2-detection Fixes a crash in run-time SSE2 detection on systems with MMX but no SSE2 - Added 0013-FTBFS-on-failed-unit-tests Unit test failures should result in a FTBFS so that issues such as #589995 are properly caught. Closes: #590520 - Dropped 0008-disable-optimizations-on-i386 Misguided patch; support for MMX/SSE2/VIA PADLOCK is detected at runtime -- Christian Kastner Tue, 24 Aug 2010 20:48:11 +0200 pyrit (0.3.0-1) unstable; urgency=low * Initial release (Closes: #570918) * debian/patches: - 0001-Add-OpenSSL-linking-exception-from-upstream - 0002-Clean-up-after-unit-tests - 0003-Add-man-page-for-pyrit-1 - 0004-Fixed-deprecation-warning-generated-by-sql-alchemy - 0005-Link-against-libcrypto-not-libssl - 0006-custom-config-file - 0007-add-option-to-limit-cores - 0008-disable-optimizations-on-i386 - 0009-exception-handling-fix - 0010-Add-SHA1-licensing-update-from-upstream - 0011-fix-list-index-error -- Christian Kastner Wed, 21 Jul 2010 23:53:59 +0200 debian/rules0000755000000000000000000000161711547660040010256 0ustar #!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 PYVERS = $(shell pyversions -r -v) # If DEB_BUILD_OPTIONS contains parallel=N, use N number of cores for the # unit tests as well. Whatever N is, pyrit won't use more than the number # of cores available. If unset, default to 1 NUMCORES = $(or $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))),1) %: dh $@ override_dh_auto_configure: dh_auto_configure sed -e 's,,$(NUMCORES),' debian/config.build.in > debian/config.build override_dh_auto_test: ifeq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) set -e ;\ for py in $(PYVERS); do \ LIB=$$(ls -d $(CURDIR)/build/lib.*-$$py) ;\ cd test ;\ PYRIT_CONFIG_FILE=../debian/config.build PYTHONPATH=$$LIB \ python$$py test_pyrit.py ;\ cd .. ;\ done endif override_dh_auto_clean: dh_auto_clean rm -f debian/config.build debian/watch0000644000000000000000000000016311532033044010212 0ustar version=3 http://code.google.com/p/pyrit/downloads/list \ http://pyrit.googlecode.com/files/pyrit-([0-9.]+).tar.gz debian/config.example0000644000000000000000000000202411532245376012016 0ustar # Sample configuration file for pyrit # # Lines starting with # are treated as comments and are ignored, as are blank # lines. The commented values represent the default settings. # # For detailed information on these options, see pyrit(1). ## Storage to use # default_storage = file:// ## Space-separated list of IP-addresses of nodes providing computational ## resources # rpc_knownclients = ## Whether to start an RPC server on TCP+UDP port 17935 or not ## This is required if you want to use rpc_knownclients above. # rpc_server = false ## Announce presence to knownclients via UDP-unicast # rpc_announce = true ## Announce presence to knownclients via UDP-broadcast # rpc_announce_broadcast = false ## Maximum size of workunits (a workunit is an ESSID and a list of passwords to ## check). This value is used by the internal scheduler when assigning jobs to ## individual cores. Upper limit is 1000000. # workunit_size = 75000 ## Limit the number of CPU cores used by Pyrit. 0 means use all available ## cores. # limit_ncpus = 0 debian/compat0000644000000000000000000000000211406734502010366 0ustar 7 debian/README.Debian0000644000000000000000000000171411541227743011240 0ustar pyrit for Debian ---------------- Pyrit consists of a standalone application and optional extensions for various GPGPU-technologies. This package provides the full-featured application, which will run on any system. It has built-in support for MMX, SSE2 and VIA PADLOCK; these are detected at runtime. python-scapy and python-sqlalchemy (as well as a back-end, e.g. python-sqlite) aren't strictly required, but you really want them if you're only going to use Pyrit on a single node. The optional extensions might be available as packages in the contrib section. These should be named "pyrit-*". The availability of these packages depends on whether they were released in time for the current Debian release, and whether your architecture is supported by these packages. If your system does not have these packages, you can alternatively get the source directly from upstream's homepage instead. -- Christian Kastner Wed, 19 May 2010 23:25:37 +0200 debian/source/0000755000000000000000000000000011552646230010472 5ustar debian/source/format0000644000000000000000000000001411406734502011676 0ustar 3.0 (quilt) debian/manpages0000644000000000000000000000001711532246415010705 0ustar debian/pyrit.1 debian/control0000644000000000000000000000265511547655277010624 0ustar Source: pyrit Section: net Priority: extra Maintainer: Python Applications Packaging Team Uploaders: Christian Kastner Build-Depends: debhelper (>= 7.0.50~), python-all-dev (>= 2.5), python-support (>= 0.90), python-scapy (>= 2.0), python-sqlalchemy (>= 0.5.6), libssl-dev, libpcap-dev Standards-Version: 3.9.2 Homepage: http://code.google.com/p/pyrit/ Vcs-Svn: svn://svn.debian.org/python-apps/packages/pyrit/trunk/ Vcs-Browser: http://svn.debian.org/viewsvn/python-apps/packages/pyrit/trunk/ Package: pyrit Architecture: any Depends: ${python:Depends}, ${misc:Depends}, ${shlibs:Depends} Recommends: python-scapy (>= 2.0), python-sqlalchemy (>= 0.5.6) Suggests: python-psycopg2 | python-pymssql | python-mysqldb Description: GPGPU-driven WPA/WPA2-PSK key cracker Pyrit allows one to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff. Exploiting the computational power of many-core- and other platforms through ATI-Stream, Nvidia CUDA, OpenCL and VIA Padlock, it is currently by far the most powerful attack against one of the world's most used security-protocols. . This package contains the basic version of Pyrit, with support for MMX, SSE2 and VIA PADLOCK detected at run-time. Support for non-free technologies such as Nvidia CUDA can be added through extensions. debian/patches/0000755000000000000000000000000011552646230010621 5ustar debian/patches/0015-increase-timeout-in-unittests.patch0000644000000000000000000000172311552111630020140 0ustar From: Christian Kastner Date: Wed, 13 Apr 2011 21:22:42 +0200 Subject: Increase timeout in unit tests As suggested in the referenced bug report, the window timeout for some unit tests has been increased to ensure they are properly run on lower-performance architectures. Bug: http://code.google.com/p/pyrit/issues/detail?id=293 Forwarded: not-needed Last-Update: 2011-04-13 Index: pyrit-0.4.0/test/test_pyrit.py =================================================================== --- pyrit-0.4.0.orig/test/test_pyrit.py 2011-04-13 21:24:39.812009244 +0200 +++ pyrit-0.4.0/test/test_pyrit.py 2011-04-13 21:24:47.392002671 +0200 @@ -438,10 +438,10 @@ self.cli.print_help() def testSelfTest(self): - self.cli.selftest(timeout=3) + self.cli.selftest(timeout=60) def testBenchmark(self): - self.cli.benchmark(timeout=3) + self.cli.benchmark(timeout=60) @requires_pckttools() def testHandshakes(self): debian/patches/0014-performancecounter-handle-empty-result-gracefully.patch0000644000000000000000000000201211552645506024161 0ustar From: Christian Kastner Date: Wed, 13 Apr 2011 21:16:23 +0200 Subject: PerformanceCounter: handle empty result gracefully Handle cases in which no result is produced (eg: because of a window timeout) gracefully. Bug: http://code.google.com/p/pyrit/issues/detail?id=293 Bug-Debian: http://bugs.debian.org/620991 Origin: other, http://code.google.com/p/pyrit/issues/detail?id=293 Forwarded: not-needed Last-Update: 2011-04-17 Index: pyrit-0.4.0/cpyrit/util.py =================================================================== --- pyrit-0.4.0.orig/cpyrit/util.py 2011-04-13 21:21:49.063998293 +0200 +++ pyrit-0.4.0/cpyrit/util.py 2011-04-13 21:22:20.419996889 +0200 @@ -374,7 +374,7 @@ def __purge(self): t = time.time() - if t - self.datapoints[0][0] > self.window: + if len(self.datapoints) > 0 and t - self.datapoints[0][0] > self.window: self.datapoints = filter(lambda x: (t - x[0]) < self.window, \ self.datapoints) debian/patches/0006-custom-config-file.patch0000644000000000000000000000271211421403610015705 0ustar From: Christian Kastner Date: Tue, 6 Jul 2010 21:26:16 +0200 Subject: [PATCH] Support custom config file location This patch adds the ability to specify a custom config file via the environment variable PYRIT_CONFIG_FILE. Forwarded: yes Last-Update: 2010-07-06 Index: pyrit-0.3.0/cpyrit/config.py =================================================================== --- pyrit-0.3.0.orig/cpyrit/config.py 2010-07-06 21:25:49.757926753 +0200 +++ pyrit-0.3.0/cpyrit/config.py 2010-07-06 21:26:41.385840773 +0200 @@ -56,10 +56,18 @@ configpath = os.path.expanduser(os.path.join('~', '.pyrit')) default_configfile = os.path.join(configpath, 'config') -if os.path.exists(default_configfile): - cfg = read_configfile(default_configfile) +if 'PYRIT_CONFIG_FILE' in os.environ: + custom_config = os.environ['PYRIT_CONFIG_FILE'] + if not os.path.exists(custom_config): + print >> sys.stderr, \ + "WARNING: custom config file %s does not exist" % custom_config + else: + cfg = read_configfile(custom_config) else: - cfg = default_config() - if not os.path.exists(configpath): - os.makedirs(configpath) - write_configfile(cfg, default_configfile) + if os.path.exists(default_configfile): + cfg = read_configfile(default_configfile) + else: + cfg = default_config() + if not os.path.exists(configpath): + os.makedirs(configpath) + write_configfile(cfg, default_configfile) debian/patches/series0000644000000000000000000000020411552111630012021 0ustar 0006-custom-config-file.patch 0014-performancecounter-handle-empty-result-gracefully.patch 0015-increase-timeout-in-unittests.patch debian/copyright0000644000000000000000000000602511532245170011124 0ustar Format-Specification: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?op=file&rev=166 Upstream-Name: Pyrit Upstream-Maintainer: Lukas Lueg Source: http://code.google.com/p/pyrit/ Files: * Copyright: 2008-2011, Lukas Lueg License: GPL-3+ with OpenSSL exception Files: cpyrit/_cpyrit_cpu_sse2.S Copyright: 2005, Simon Marechal 2008-2009, Alvaro Salmador 2009-2011, Lukas Lueg License: GPL-3+ with OpenSSL exception Files: debian/* Copyright: 2010-2011, Christian Kastner License: GPL-3+ Files: debian/patches/* Copyright: 2010-2011, Christian Kastner License: GPL-3+ with OpenSSL exception License: GPL-3+ This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the complete text of the GNU General Public License version 3 can be found in `/usr/share/common-licenses/GPL-3'. License: GPL-3+ with OpenSSL exception This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA . Additional permission under GNU GPL version 3 section 7 . OpenSSL linking exception -------------------------- If you modify this Program, or any covered work, by linking or combining it with the OpenSSL project's "OpenSSL" library (or a modified version of that library), containing parts covered by the terms of OpenSSL/SSLeay license, the licensors of this Program grant you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of the OpenSSL library used as well as that of the covered work. . On Debian systems, the complete text of the GNU General Public License version 3 can be found in `/usr/share/common-licenses/GPL-3'. debian/pyrit.10000644000000000000000000004166111544214722010431 0ustar .TH PYRIT 1 "2011-03-28" "pyrit" PYRIT .SH NAME pyrit \- A GPGPU-driven WPA/WPA2-PSK key cracker .SH SYNOPSIS .B pyrit .RI [ options ] .I command .SH DESCRIPTION Pyrit exploits the computational power of many-core- and GPGPU-platforms to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time tradeoff. It is a powerful attack against one of the world's most used security-protocols. .sp This document tries to describe and explain all functions the commandline-client \fBpyrit\fP provides. One or more \fBoptions\fP may be given on the commandline to customize a \fBcommand\fP. The exact behaviour of \fBoptions\fP depends on the \fBcommand\fP. .sp At the time of this writing, cowpatty is not available in Debian. References to cowpatty and its commands are nevertheless preserved for the sake of completeness. .SH OPTIONS Pyrit recognizes the following options: .TP .BR \-b " BSSID" Specifies a BSSID. Can be used to restrict commands to certain Access-Points. .TP .BR \-e " ESSID" Specifies the ESSID. Commands usually refer to all ESSIDs in the database when this option is omitted. .TP .BR \-i " infile" Specifies a filename to read from; the special filename "-" can be used for \fBstdin\fP. The file may be gzip-compressed in which case its name must end in \fB.gz\fP for transparent decompression. .TP .BR \-o " outfile" Specifies a filename to write to; the special filename "-" can be used for \fBstdout\fP. Filenames that end in \fB.gz\fP cause \fBpyrit\fP to gzip-compress the file on the fly. .TP .BR \-r " capture-file" Specifies a packet-capture file in pcap format (possibly gzip-compressed) or a device (e.g.: "wlan0") to capture from. .TP .BR \-u " URL" Specifies the URL of the storage-device in the form of .sp .RS 12 .nf driver://username:password@host:port/database .fi .RE .sp .RS Pyrit can use the filesystem, a remote Pyrit-Relay-Server and, if the package \fBpython-sqlalchemy\fP is installed, SQL-Databases as storage. The driver \fIfile://\fP refers to Pyrit's own filesystem-based storage, \fIhttp://\fP connects to a Pyrit-Relay-Server and all other URLs are passed directly to \fBpython-sqlalchemy\fP, if available. The default storage-URL can also be specified by the key \fBdefaultstorage\fP in \fBpyrit\fP's configuration file (see \fBFILES\fP below). .RE .TP .BR \-\-all\-handshakes The commands \fBattack_batch\fP, \fBattack_db\fP, \fBattack_cowpatty\fP and \fBattack_passthrough\fP automatically use the single handshake of highest quality only. In some cases even this handshake may have been wrongfully reconstructed from the captured data, rendering the attack futile. In case more than one EAPOL-handshake is reconstructed from the capture-file, the option \fB\-\-all\-handshakes\fP may be used to attack all handshakes reconstructable from the captured data. Exact behaviour of the commands affected by this option is described below. .SH COMMANDS .TP .B analyze Parse one or more packet-capture files (in pcap-format, possibly gzip-compressed) given by the option \fB\-r\fP and try to detect Access-Points, Stations and EAPOL-handshakes. For example: .sp .RS 12 .nf pyrit \-r "test*.pcap" analyze .fi .RE .sp .RS Pyrit shows a list of Access-Points, associated Stations and EAPOL-handshakes that could be identified from the captured data. Handshakes are shown ordered by their "quality": .sp .RS 12 \fBGood:\fP The handshake includes the challenge from the Access-Point, the response from the Station and the confirmation from the Access-Point. \fBWorkable:\fP The handshake includes the response from the Station and the confirmation from the Access-Point. The challenge was not captured. \fBBad:\fP The handshake includes the challenge from the Access-Point and the response from the Station. The confirmation was not captured. Handshakes of the same quality are ordered by how close the packets that make up the handshake are to each other. .RE .TP .B attack_batch Attack an EAPOL-handshake found in the packet-capture file(s) given by the option \fB\-r\fP using the Pairwise Master Keys and passwords stored in the database. The options \fB\-b\fP and \fB\-e\fP can be used to specify the Access-Point to attack; it is picked automatically if both options are omitted. The password is written to the filename given by the option \fB\-o\fP if specified. For example: .sp .RS 12 .nf pyrit \-r test.pcap \-e MyNetwork \-b 00:de:ad:c0:de:00 \\ \-o MyNetworkPassword.txt attack_batch .fi .RE .sp .RS Pairwise Master Keys that previously have been computed and stored in the database are taken from there; all other passwords are translated into their respective Pairwise Master Keys and added to the database for later re-use. ESSIDs are created automatically in the database if necessary. Pyrit works down the list of reconstructed EAPOL-handshakes in case the option \fB\-\-all\-handshakes\fP is supplied. .RE .TP .B attack_cowpatty Attack an EAPOL-handshake found in the packet-capture file(s) given by the option \fB\-r\fP using Pairwise Master Keys from a cowpatty-like file (e.g. generated by ``genpmk'' from cowpatty, or \fBexport_cowpatty\fP below) given by the option \fB\-f\fP. The options \fB\-b\fP and \fB\-e\fP can be used to specify the Access-Point to attack; it is picked automatically if both options are omitted. The password is written to the filename given by the option \fB\-o\fP if specified. The cowpatty-file may be gzip-compressed and must match the chosen ESSID. For example: .sp .RS 12 .nf pyrit \-r test.pcap \-e MyOwnNetwork \\ \-i MyOwnNetwork.cow.gz \-o \- attack_cowpatty .fi .RE .sp .RS Pyrit's own database is not touched by \fBattack_cowpatty\fP. Pyrit attacks all EAPOL-handshakes at the same time if the option \fB\-\-all\-handshakes\fP is supplied. This will reduce througput (e.g.: 33% throughout in case of three handshakes). .RE .TP .B attack_db Attack an EAPOL-handshake found in the packet-capture file(s) given by the option \fB\-r\fP using the Pairwise Master Keys stored in the database. The options \fB\-b\fP and \fB\-e\fP can be used to specify the Access-Point to attack; it is picked automatically if both options are omitted. The password is written to the filename given by the option \fB\-o\fP if specified. For example: .sp .RS 12 .nf pyrit \-r test.pcap \-e MyOtherNetwork attack_db .fi .RE .sp .RS Only Pairwise Master Keys that have been computed previously and are stored in the database are used by \fBattack_db\fP. Pyrit works down the list of reconstructed EAPOL-handshakes in case the option \fB\-\-all\-handshakes\fP is supplied. .RE .TP .B attack_passthrough Attack an EAPOL-handshake found in the packet-capture file(s) given by the option \fB\-r\fP using the passwords read from the file given by the option \fB\-i\fP. The options \fB\-b\fP and \fB\-e\fP can be used to specify the Access-Point to attack; it is picked automatically if both options are omitted. The password is written to the filename given by the option \fB\-o\fP if specified. For example: .sp .RS 12 .nf pyrit \-r test.pcap \-b 00:de:ad:be:ef:00 \\ \-i words.txt attack_passthrough .fi .RE .sp .RS This command circumvents Pyrit's database and should only be used if storage-space is a problem (e.g. on LiveCDs). You should consider using \fBattack_batch\fP otherwise. Pyrit attacks all EAPOL-handshakes at the same time if the option \fB\-\-all\-handshakes\fP is supplied. .RE .TP .B batch .br Start to translate all passwords in the database into their respective Pairwise Master Keys and store the results in the database. The option \fB\-e\fP may be used to restrict this command to a single ESSID; if it is omitted, all ESSIDs are processed one after the other in undefined order. For example: .sp .RS 12 .nf pyrit \-e NETGEAR batch .fi .RE .sp .RS The option \fB\-o\fP can be used to specify a filename the results should additionally be written to in cowpatty's binary format. The option \fB\-e\fP becomes mandatory and the ESSID is automatically created in the database if necessary. Pairwise Master Keys that previously have been computed and stored in the database are exported from there without further processing. Pyrit stops and exits if an \fBIOError\fP is raised while writing to the specified file. This makes it very convenient to pipe results directly to other programs but also keep them for later use. For example: .RE .sp .RS 12 .nf pyrit \-e NETGEAR \-o \- batch | \\ cowpatty \-d \- \-r wpatestcapture.cap \-s NETGEAR .fi .RE .TP .B benchmark Determine the peak-performance of the available hardware by computing dummy-results. For example: .sp .RS 12 .nf pyrit benchmark .fi .RE .TP .B check_db Unpack the entire database and check for errors like data corruption or reference errors. This function does not check the value of computed results (see \fBverify\fP). For example: .sp .RS 12 .nf pyrit check_db .fi .RE .TP .B create_essid Add new ESSIDs to the database. A single ESSID may be given by the option \fB\-e\fP. Multiple ESSIDs can be created by supplying a file (one per line) via the option \fB\-i\fP. Re-creating an existing ESSID does not result in an error. For example: .sp .RS 12 .nf pyrit \-e NETGEAR create_essid .fi .RE .TP .B delete_essid Delete the ESSID given by \fB\-e\fP from the database. This includes all results that may have been stored for that particular ESSID. For example: .sp .RS 12 .nf pyrit \-e NETGEAR delete_essid .fi .RE .TP .B eval .br Count all available passwords, all ESSIDs and their respective results in the database. For example: .sp .RS 12 .nf pyrit eval .fi .RE .TP .B export_passwords Write all passwords that are currently stored in the database to a new file given by \fB\-o\fP. Passwords are terminated by a single newline-character ("\\n"). Existing files are overwritten without confirmation. For example: .sp .RS 12 .nf pyrit \-o myword.txt.gz export_passwords .fi .RE .TP .B export_cowpatty Write all results for the ESSID given by \fB\-e\fP to the file given by \fB\-o\fP in cowpatty's binary format. Existing files are overwritten without confirmation. For example: .sp .RS 12 .nf pyrit \-o NETGEAR.cow \-e NETGEAR export_cowpatty .fi .RE .TP .B export_hashdb Write all results currently stored in the database to the airolib-ng-database given by \fB\-o\fP. The database is created with a default table layout if the file does not yet exist. The option \fB\-e\fP can be used to limit the export to a single ESSID. For example: .sp .RS 12 .nf pyrit \-o NETGEAR.db \-e NETGEAR export_hashdb .fi .RE .TP .B import_passwords Read the file given by \fB\-i\fP and import one password per line to the database. The passwords may contain all characters (including NULL-bytes) apart from the terminating newline-character ("\\n"). Passwords that are not suitable for being used with WPA-/WPA2-PSK are ignored. Pyrit's storage-implementation guarantees that all passwords remain unique throughout the entire database. For example: .sp .RS 12 .nf pyrit \-i dirty_words.txt import_passwords .fi .RE .TP .B import_unique_passwords Read the file given by \fB\-i\fP and import one password per line to the database. The passwords may contain all characters (including NULL-bytes) apart from the terminating newline-character ("\\n"). Passwords that are not suitable for being used with WPA-/WPA2-PSK are ignored. This command does not check if there are duplicate passwords within the file or between the file and the database; it should be used with caution to prevent the database from getting poisoned with duplicated passwords. This command however can be much faster than \fBimport_passwords\fP. For example: .sp .RS 12 .nf pyrit \-i dirty_words.txt import_unique_passwords .fi .RE .TP .B list_cores Show a list of all available hardware modules Pyrit currently uses. For example: .sp .RS 12 .nf pyrit list_cores .fi .RE .TP .B list_essids Show a list of all ESSIDs currently stored in the database. This function is faster than \fBeval\fP in case you don't need to know the number of computed results. For example: .sp .RS 12 .nf pyrit list_essids .fi .RE .TP .B passthrough .br Read passwords from the file given by \fB\-i\fP and compute their Pairwise Master Keys for the ESSID given by \fB\-e\fP. The results are written to the file specified by \fB\-o\fP in cowpatty's binary format and are not stored in the database for later use. This command therefor circumvents the entire database and should only be used if storage-space is a problem (e.g. when using Pyrit on a LiveCD). The \fBbatch\fP-command provides exactly the same functionality as \fBpassthrough\fP but can give much better performance as results may be read from the database instead of recomputing them. For example: .sp .RS 12 .nf pyrit \-i dirty_words.txt.gz \-e NETGEAR \\ \-o \- passthrough | cowpatty \-d \- \\ \-r wpatestcapture.cap \-s NETGEAR .fi .RE .TP .B relay .br Start a server to relay another storage device via XML-RPC; other Pyrit-clients can use the server as storage-device. This allows one to have network-based access to storage source that don't provide network-access on their own (like \fIfile://\fP and \fIsqlite://\fP) or hide a SQL-database behind a firewall and let multiple clients access that database only via Pyrit's RPC-interface. The TCP-port 17934 must be open for this function to work. For example, on the server (where the database is): .sp .RS 12 .nf pyrit \-u sqlite://var/local/pyrit.db relay .fi .RE .sp .RS and the client (where the big GPU is): .RE .sp .RS 12 .nf pyrit \-u http://192.168.0.100:17934 batch .fi .RE .TP .B selftest Run an extensive selftest for about 60 seconds. This test includes the entire scheduling-mechanism and all cores that are listed by \fBlist_cores\fP. You can use this function to detect broken hardware-modules or malicious network-clients. For example: .sp .RS 12 .nf pyrit selftest .fi .RE .TP .B serve .br Start a server that provides access to the local computing hardware to help other Pyrit clients. The server's IP-address should be added to the client's configuration file (see \fBFILES\fP) as a space-separated list under \fBknown_clients\fP. The client's \fBrpc_server\fP-setting must also be set to 'true'. The TCP- and UDP-Port 17935 must be accessible. For example, on the server (where the GPU is): .sp .RS 12 .nf pyrit serve .fi .RE .sp .RS and on the client (the server's IP-address has been added to \fBknown_clients\fP and \fBrpc_server\fP is set to 'true'): .RE .sp .RS 12 .nf pyrit \-r test.pcap \-b 00:de:ad:be:ef:00 \\ \-i words.txt attack_passthrough .fi .RE .TP .B strip .br Parse one or more packet-capture files given by the option \fB\-r\fP, extract only packets that are necessary for EAPOL-handshake detection and write a new dump to the filename given by the option \fB\-o\fP. The options \fB\-e\fP and \fB\-b\fP can be used to filter certain Access-Points. For example: .sp .RS 12 .nf pyrit \-r "large_dumps_*.pcap" \-e MyNetwork \\ \-o tiny_compressed_dump_MyNetwork.dump.gz strip .fi .RE .TP .B stripLive Parse a packet-capture file given by the option \fB\-r\fP, extract only packets that are necessary for EAPOL-handshake detection and write a new dump to the file given by the option \fB\-o\fP. This command differs from \fBstrip\fP as the capture-file can be any character device including sockets and other pseudo-files that \fIlook like\fP files in pcap-format. \fBstripLive\fP writes relevant packets to the new file given by \fB\-o\fP as they arrive instead of trying to read the entire capture-file first. .sp .RS 12 .nf pyrit \-r /temp/kismet_dump \-o small_dump.pcap stripLive .fi .RE .TP .B verify .br Randomly pick 10% of the results stored in the database and verify their value by recomputation. You need this function if you suspect broken hardware or malicious network-clients. For example: .sp .RS 12 .nf pyrit \-e NETGEAR verify .fi .RE .SH EXIT STATUS If \fBcommand\fP succeeds, \fBpyrit\fP's process exit status is set to 0; otherwise it is set to 1 and (usually) an error message or a python-traceback is written to stderr. The following commands also indicate an error condition in certain cases: .RS 12 \fBanalyze:\fP Not at least one valid EAPOL-handshake could be detected. \fBattack_passthrough, attack_batch, attack_db and attack_cowpatty:\fP The password could not be found. \fBverify\fP At least one workunit contained invalid results. \fBcheck_db\fP Errors in the database were found (and possibly fixed). .SH FILES .TP .I ~/.pyrit/config The \fBpyrit\fP configuration file. You can find a documented example in \fI/usr/share/doc/pyrit/examples/config.example\fP. .SH NOTES The author does not encourage or support using \fBpyrit\fP for the infringement of people's communication-privacy. The exploration and realization of the technology discussed here motivate as a purpose of their own; this is documented by the open development, strictly sourcecode-based distribution and 'copyleft'-licensing. .SH AUTHOR \fBpyrit\fP was written by Lukas Lueg . .PP This manual page was written by Christian Kastner for the Debian project (but may be used by others). debian/TODO0000644000000000000000000000037211552112017007653 0ustar Concerning upstream sources --------------------------- No TODOs at this time. Concerning Debian packaging --------------------------- 2010-07-04 (CK): At a later point, revisit the issue of whether the Python modules could be made private. debian/docs0000644000000000000000000000000711406734502010040 0ustar README debian/pyversions0000644000000000000000000000000511406734502011327 0ustar 2.5- debian/examples0000644000000000000000000000002611414151117010721 0ustar debian/config.example debian/config.build.in0000644000000000000000000000023711547656270012100 0ustar default_storage = file:// rpc_announce = true rpc_announce_broadcast = false rpc_knownclients = rpc_server = true workunit_size = 75000 limit_ncpus =