Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion wifite/tools/dependency.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
# -*- coding: utf-8 -*-

import os
import shlex
import shutil
import subprocess

Expand Down Expand Up @@ -79,7 +80,7 @@ def install(cls, package_name):
return False, 'No supported package manager found'
try:
result = subprocess.run(
cmd, shell=True, capture_output=True, text=True, timeout=300
shlex.split(cmd), shell=False, capture_output=True, text=True, timeout=300
)
output = (result.stdout + '\n' + result.stderr).strip()
return result.returncode == 0, output
Expand Down
6 changes: 3 additions & 3 deletions wifite/util/color.py
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,9 @@ def clear_line():

@staticmethod
def clear_entire_line():
import os
(rows, columns) = os.popen('stty size', 'r').read().split()
Color.p('\r' + (' ' * int(columns)) + '\r')
import shutil
columns = shutil.get_terminal_size(fallback=(80, 24)).columns
Color.p('\r' + (' ' * columns) + '\r')

@staticmethod
def pattack(attack_type, target, attack_name, progress):
Expand Down
50 changes: 46 additions & 4 deletions wifite/util/logger.py
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,10 @@ def _sanitize_message(cls, message: str) -> str:
- Known wpa-sec API key from Configuration.wpasec_api_key
- Command-line API key arguments like "-k <value>" and "--key <value>"
- MAC addresses in standard hex notation (aa:bb:cc:dd:ee:ff)
- WPA/WEP keys from aircrack "KEY FOUND! [ <key> ]" output
- Live passphrase progress "Current passphrase: <value>"
- Hashcat cracked output "hash*bssid*station*essid:<password>"
- Generic PSK/passphrase/password keyword-value pairs
"""
try:
# Import lazily to avoid circular imports during module initialization
Expand All @@ -121,10 +125,10 @@ def _sanitize_message(cls, message: str) -> str:
# Never let sanitization break logging
pass

import re

# Mask common CLI key patterns: "-k <value>" and "--key <value>"
try:
import re

def _mask_cli_key(match):
flag = match.group(1)
return f"{flag} ****"
Expand All @@ -136,8 +140,6 @@ def _mask_cli_key(match):

# Mask MAC addresses: aa:bb:cc:dd:ee:ff -> aa:bb:cc:**:**:**
try:
import re

def _mask_mac(match):
full = match.group(0)
parts = full.split(":")
Expand All @@ -149,6 +151,46 @@ def _mask_mac(match):
except Exception:
pass

# Mask aircrack "KEY FOUND! [ <key> ]" output
try:
sanitized = re.sub(r"(KEY FOUND!\s*\[)\s*\S.*?\s*(\])", r"\1 **** \2", sanitized)
except Exception:
pass

# Mask aircrack live progress "Current passphrase: <value>"
try:
sanitized = re.sub(
r"(Current\s+passphrase\s*:)\s*\S.*",
r"\1 ****",
sanitized,
flags=re.IGNORECASE,
)
except Exception:
pass

# Mask hashcat cracked output: trailing :<password> after PMKID/hash lines
# Format: hash*bssid*station*essid:password or hash:password
try:
sanitized = re.sub(
r"([0-9a-fA-F\*]{20,}:[^:\n]{0,64}):[^\n]+$",
r"\1:****",
sanitized,
flags=re.MULTILINE,
)
except Exception:
pass

# Mask generic keyword-value pairs: password/passphrase/psk followed by
# a delimiter (=, :, space) and a value
try:
sanitized = re.sub(
r"(?i)(password|passphrase|psk|wpa_psk|wpa_passphrase)\s*[=:]\s*\S+",
r"\1=****",
sanitized,
)
except Exception:
pass

return sanitized

@classmethod
Expand Down
14 changes: 6 additions & 8 deletions wifite/util/scanner.py
Original file line number Diff line number Diff line change
Expand Up @@ -218,10 +218,10 @@ def found_target(self):
@staticmethod
def clr_scr():
import platform
import os
import subprocess

cmdtorun = 'cls' if platform.system().lower() == "windows" else 'clear'
os.system(shlex_quote(cmdtorun))
subprocess.run([cmdtorun], check=False)

def print_targets(self):
"""Prints targets selection menu (1 target per row)."""
Expand Down Expand Up @@ -290,15 +290,13 @@ def print_targets(self):

@staticmethod
def get_terminal_height():
import os
(rows, columns) = os.popen('stty size', 'r').read().split()
return int(rows)
import shutil
return shutil.get_terminal_size(fallback=(24, 80)).lines

@staticmethod
def get_terminal_width():
import os
(rows, columns) = os.popen('stty size', 'r').read().split()
return int(columns)
import shutil
return shutil.get_terminal_size(fallback=(24, 80)).columns

def select_targets(self):
"""
Expand Down
Loading