Add support for including probe responses in AP detection and implement suspect SSID reporting

2025-05-01 14:20:17 -05:00 · 2025-05-01 14:20:17 -05:00 · fdc38e6413
commit fdc38e6413
parent baa3e864bb
1 changed files with 18 additions and 2 deletions
--- a/listener.py
+++ b/listener.py
@ -24,6 +24,7 @@ ap_clients = defaultdict(lambda: defaultdict(int))
 target_ap_bssid = None
 beacon_counts = defaultdict(int)
 current_channel = None
+include_probes = False

 # === Signal handling ===
 def stop_sniff(signum, frame):
@ -79,8 +80,8 @@ def handle_packet(pkt):
    a1 = dot11.addr1.lower() if dot11.addr1 else None
    a2 = dot11.addr2.lower() if dot11.addr2 else None

-    # === Detect APs via beacon frames only ===
-    if dot11.type == 0 and dot11.subtype == 8:
+    # === Detect APs via beacon (and optionally probe response) frames ===
+    if dot11.type == 0 and dot11.subtype in ([8, 5] if include_probes else [8]):
        if a2 and is_unicast(a2):
            beacon_counts[a2] += 1
            if beacon_counts[a2] > 1:
@ -168,6 +169,19 @@ def get_connected_bssid(interface):
    except Exception as e:
        print(f"[!] Failed to get connected BSSID for {interface}: {e}")
        return None
+    
+def print_suspect_aps():
+    print("\n[?] Suspect SSIDs (possibly printers, IoT, weird stuff):")
+    suspects = []
+    keywords = ("setup", "direct-", "hp", "epson", "canon", "brother", "smart", "wifi-", "printer")
+    for bssid, ssid in ssid_map.items():
+        if any(kw in ssid.lower() for kw in keywords):
+            suspects.append((bssid, ssid))
+    if suspects:
+        for bssid, ssid in suspects:
+            print(f"    - {bssid} (SSID: {ssid})")
+    else:
+        print("    None found (yet).")

 # === Main ===
 def main():
@ -176,6 +190,7 @@ def main():
    parser.add_argument("--monitor-iface", required=True, help="Monitor interface to sniff on")
    parser.add_argument("--outfile", required=True, help="CSV file to append metrics row")
    parser.add_argument("--channel", type=int, help="Channel to lock monitor interface to (overrides main iface)")
+    parser.add_argument("--include-probes", action="store_true", help="Include probe responses as valid APs")

    args = parser.parse_args()

@ -220,6 +235,7 @@ def main():
        ssid = ssid_map.get(bssid, "<unknown>")
        print(f"    - {bssid} (SSID: {ssid})")
    print(f"[+] Total APsOnChannel: {len(aps)}")
+    print_suspect_aps()

    reset_interface(args.monitor_iface)