Friday, February 24, 2012

Kismet .CSV Log Report Generator

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will not work with all wireless cards, more information can be found here.

Depending on the area you are running kismet, you may find zero networks or hundreds. As more people set up networks, especially in their business areas, it is absolutely necessary to ensure strong encryption is used. It is always a good idea to go warwalking in your area to see which networks are running in your environment.

Kismet outputs 6 log files in the following formats: .xml, .csv, .dump, .network, .weak, and .cisco. Most of the output files are hard to interpret and give a lot of unneeded information for a basic warwalk. I wrote a python script to parse through the .csv log file and generate an .html report. The script ignores all networks with strong encryption or networks with no ssid. The report includes all networks that have WEP or no encryption, with identifying information about each one. This report is only for seeing which found networks are vulnerable.

Feel free to give this python script a try. The only thing needed is a .csv Kismet log file. Changes to the code can be easily made to change what information is included in the report.

Must be logged in to Google Docs:

import csv
import os, string, sys
from optparse import OptionParser

usage = "Usage: %s -i [inputfile] -o [outputfile]" % os.path.basename(sys.argv[0])
parser = OptionParser(usage=usage)
parser.add_option("-i", "--inputfile", dest="inputfile", help="Source file you want to parse. Should be a .csv file. Ex: kismet-output.csv")
parser.add_option("-o", "--outputfile", dest="outputfile", help="Name of the output file you want to create.  Should be a .html file. Ex: csv-parse-output.html")

(options, args) = parser.parse_args()

if ((not (options.inputfile)) or (not os.path.isfile(options.inputfile))) or not (options.outputfile):

outfile = open(options.outputfile, "w+")


print >>outfile, """
<title>Kismet Report</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15" />
<script type="text/javascript">

***END OF CODE SNIPPET - Download file for full code***

After running Kismet and receiving the output files, let's take a look at the .csv log file which contains all of the information found. In total there are 38 attributes that Kismet records when finding a single network.

Now let's run the Kismet Report Generator python script. This works cross platform and will print a nice report as long as the structure of the .csv file doesn't drastically change. If so, it is an easy fix inside the code by using the optparse module. The script takes in two arguments, the first is the .csv Kismet log input file, and the second is the .html output file. An example to run the script would be: -i kismet-log.csv -o kismet-report.html

After running our script we get a nice .html report that is easily readable. The Kismet information is printed into a template which can be changed within the python script. Columns can be sorted by clicking each one if Javascript is enabled.

Feel free to comment, question or criticize. Input is always welcome, thanks!


Post a Comment