Direct execution ================= Mirage allows to manipulate the framework directly from the bash environment by providing some parameters to the ``mirage`` binary. Listing the existing modules ----------------------------- The ``--list`` argument displays a list of the existing modules : :: $ mirage --list ┌Modules─────────────┬────────────┬────────────────────────────────────────────────────────────────────────────┐ │ Name │ Type │ Description │ ├────────────────────┼────────────┼────────────────────────────────────────────────────────────────────────────┤ │ wifi_info │ info │ Information module for Wifi interface │ │ ble_hijack │ attack │ Hijacking module for Bluetooth Low Energy Connections │ │ ble_pair │ action │ Pairing module for Bluetooth Low Energy devices │ │ esb_info │ info │ Information module for Enhanced ShockBurst interface │ │ mosart_scan │ scan │ Scanning module for Mosart devices │ │ ble_adv │ spoofing │ Spoofing module simulating a Bluetooth Low Energy advertiser │ │ mosart_keylogger │ attack │ Keystrokes logger module for Mosart keyboard │ │ mosart_inject │ action │ Injection module for Mosart devices │ │ mouse_visualizer │ tool │ Visualization module allowing to display mice movements │ │ ble_mitm │ attack │ Man-in-the-Middle module for Bluetooth Low Energy devices │ │ esb_sniff │ sniff │ Sniffing module for Enhanced ShockBurst communications │ │ wifi_rogueap │ spoofing │ Spoofing module simulating a fake Access Point │ │ zigbee_deauth │ attack │ Deauthentication module for Zigbee networks │ │ esb_scan │ scan │ Scan module for Enhanced ShockBurst Devices │ │ ble_sniff │ sniff │ Sniffing module for Bluetooth Low Energy devices │ │ bt_scan │ scan │ Scan module for Bluetooth Devices │ │ ble_scan │ scan │ Scan module for Bluetooth Low Energy devices │ │ zigbee_floodassoc │ attack │ Flooding module for Zigbee communications │ │ esb_inject │ action │ Injection module for Enhanced ShockBurst communications │ │ ble_discover │ discover │ Discovery module for Bluetooth Low Energy ATT / GATT layers │ │ zigbee_info │ info │ Information module for Zigbee interface │ │ wifi_deauth │ attack │ Deauthentication module for WiFi networks │ │ ble_monitor │ monitoring │ HCI Monitoring module for Blutooth Low Energy │ │ ble_jam │ attack │ Jamming module for Bluetooth Low Energy advertisements and connections │ │ esb_prx │ spoofing │ This module permits the User to simulate an Enhanced ShockBurst PRX device │ │ zigbee_inject │ action │ Injection module for Zigbee communications │ │ mosart_keyinjector │ attack │ Keystrokes injection module for Mosart keyboard │ │ mosart_info │ info │ Information module for Mosart interface │ │ ble_connect │ action │ Connection module for Bluetooth Low Energy devices │ │ esb_ptx │ spoofing │ This module permits the User to simulate an Enhanced ShockBurst PTX device │ │ ir_inject │ action │ Injection module for IR signals │ │ zigbee_sniff │ sniff │ Sniffing module for Zigbee communications │ │ bt_info │ info │ Information module for Bluetooth interface │ │ mosart_sniff │ sniff │ Sniffing module for Mosart devices │ │ zigbee_scan │ scan │ Scan module for Zigbee Devices │ │ ir_sniff │ sniff │ Sniffing module for IR signals │ │ ble_slave │ spoofing │ Spoofing module simulating a Bluetooth Low Energy slave │ │ ble_crack │ bruteforce │ Enumerates all possible values of PIN in order to find the Temporary Key │ │ wifi_scan │ scan │ Scan module for Wifi Access Point and Stations │ │ ble_master │ spoofing │ This module permits the User to interact with Bluetooth Low Energy slaves │ │ ble_info │ info │ Information module for Bluetooth Low Energy interface │ │ ir_info │ info │ Information module for IR interface │ └────────────────────┴────────────┴────────────────────────────────────────────────────────────────────────────┘ The ``--list`` argument allows to provide a filter, it permits to easily select some specific results : :: $ mirage --list=scan ┌Modules──────┬──────┬────────────────────────────────────────────────┐ │ Name │ Type │ Description │ ├─────────────┼──────┼────────────────────────────────────────────────┤ │ mosart_scan │ scan │ Scanning module for Mosart devices │ │ esb_scan │ scan │ Scan module for Enhanced ShockBurst Devices │ │ bt_scan │ scan │ Scan module for Bluetooth Devices │ │ ble_scan │ scan │ Scan module for Bluetooth Low Energy devices │ │ zigbee_scan │ scan │ Scan module for Zigbee Devices │ │ wifi_scan │ scan │ Scan module for Wifi Access Point and Stations │ └─────────────┴──────┴────────────────────────────────────────────────┘ Configuring and running a module --------------------------------- Loading and running a specific module is quite simple from the command line interface : :: $ mirage ble_info You can list the input parameters available for the selected module by using the ``--args`` argument : :: $ mirage ble_info --args [INFO] Module ble_info loaded ! ┌ble_info───┬───────┐ │ Name │ Value │ ├───────────┼───────┤ │ INTERFACE │ hci0 │ └───────────┴───────┘ If you want to modify the value of a parameter, just use the following syntax : :: $ mirage ble_info INTERFACE=hci1 Configuring and running a sequence of modules --------------------------------------------- Mirage provides a chaining operator ``|``, similar to the pipe UNIX operator. It runs multiple modules sequentially and propagates the output parameters of a given module to the input parameters of the next one. It allows to easily combine existing modules to describe complex attack workflows without writing a single line of code. Running a sequence of module is very similar to loading a single module : :: $ mirage "ble_connect|ble_discover" Please note that in a sequence of modules, input parameters are prefixed by the following pattern : ``.`` : :: $ mirage "ble_connect|ble_discover" --args [INFO] Module ble_connect loaded ! [INFO] Module ble_discover loaded ! ┌ble_connect1──────────────────┬───────────────────┐ │ Name │ Value │ ├──────────────────────────────┼───────────────────┤ │ ble_connect1.INTERFACE │ hci0 │ │ ble_connect1.TARGET │ fc:58:fa:a1:26:6b │ │ ble_connect1.TIMEOUT │ 3 │ │ ble_connect1.CONNECTION_TYPE │ public │ └──────────────────────────────┴───────────────────┘ ┌ble_discover2───────────────┬─────────────────────┐ │ Name │ Value │ ├────────────────────────────┼─────────────────────┤ │ ble_discover2.INTERFACE │ hci0 │ │ ble_discover2.START_HANDLE │ 0x0001 │ │ ble_discover2.END_HANDLE │ 0xFFFF │ │ ble_discover2.WHAT │ all │ │ ble_discover2.FILTER │ │ │ ble_discover2.FILTER_BY │ │ │ ble_discover2.ATT_FILE │ /tmp/discovered.ini │ │ ble_discover2.GATT_FILE │ /tmp/gatt.ini │ └────────────────────────────┴─────────────────────┘ If you want to modify the value of an attribute, you can use the following syntax : :: $ mirage "ble_connect|ble_discover" ble_connect1.INTERFACE=hci1 ble_discover2.WHAT=attributes Generating a module or a scenario --------------------------------- Mirage provides two commands allowing to easily generate a new module or a new scenario : ``--create_module`` and ``--create_scenario``. Use the ``--create_module`` parameter and answer the questions to generate a new module : :: $ mirage --create_module [QUESTION] Module's name : newmod [QUESTION] Module's description : Test module [QUESTION] Module's type : test [QUESTION] Module's technology [ble] : [QUESTION] Module's dependencies (separated by commas) : ble_sniff,ble_scan [QUESTION] Input parameter #1 (name) : INTERFACE [QUESTION] Input parameter #1 (default value) : hci0 [QUESTION] Input parameter #2 (name) : PARAM1 [QUESTION] Input parameter #2 (default value) : value1 [QUESTION] Input parameter #3 (name) : [SUCCESS] Module newmod successfully generated : /home/user/.mirage/modules/newmod.py It will generates the following code : :: from mirage.core import module from mirage.libs import utils,ble class newmod(module.WirelessModule): def init(self): self.technology = "ble" self.type = "test" self.description = "Test module" self.args = {'INTERFACE': 'hci0', 'PARAM1': 'value1'} self.dependencies = ["ble_sniff","ble_scan"] def run(self): # Enter your code here. return self.ok({}) Use the ``--create_scenario`` parameter and answer the questions to generate a new scenario : :: $ mirage --create_scenario [QUESTION] Scenario's name : test [SUCCESS] Scenario test successfully generated : /home/user/.mirage/scenarios/test.py It generates the following code : :: from mirage.core import scenario from mirage.libs import io,ble,bt,utils class test(scenario.Scenario): def onStart(self): return True def onEnd(self): return True def onKey(self,key): return True Modifying the verbosity level ----------------------------- Mirage allows you to control the verbosity level. Mirage uses multiple functions to print something on the standard output : +------------+----------------------------------+-------------------------------------+ | Function | Description | Example of output | +============+==================================+=====================================+ | io.info | indicates an information message | [INFO] new information message ! | +------------+----------------------------------+-------------------------------------+ | io.warning | indicates a warning message | [WARNING] new warning message ! | +------------+----------------------------------+-------------------------------------+ | io.success | indicates a success message | [SUCCESS] new success message ! | +------------+----------------------------------+-------------------------------------+ | io.fail | indicates a failure message | [FAIL] new failure message ! | +------------+----------------------------------+-------------------------------------+ Multiple levels of verbosity are available, allowing to display a subset of messages : +---------------------------------+---------------------------------+ | Verbosity level | Displayed type of messages | +=================================+=================================+ | NONE | | +---------------------------------+---------------------------------+ | NO_INFO_AND_WARNING | success, fail | +---------------------------------+---------------------------------+ | NO_INFO | warning, success, fail | +---------------------------------+---------------------------------+ | ALL | info, warning, success, fail | +---------------------------------+---------------------------------+ In order to change the verbosity level, use the ``--verbosity`` parameters : :: $ mirage --verbosity=NO_INFO_AND_WARNING List of available parameters ---------------------------- +-----------------------------------------------+-------------------------------------------------------------------------+ | Command | Description | +===============================================+=========================================================================+ | ``mirage`` | Launch Mirage in Command Line Interface mode | +-----------------------------------------------+-------------------------------------------------------------------------+ | ``mirage --list[=]`` | displays the list of existing modules (a filter pattern can be provided)| +-----------------------------------------------+-------------------------------------------------------------------------+ | ``mirage [PARAMETER_NAME=value]`` | loads with the provided input parameters | +-----------------------------------------------+-------------------------------------------------------------------------+ | ``mirage --args`` | displays the input parameters of | +-----------------------------------------------+-------------------------------------------------------------------------+ | ``mirage --create_module`` | generates a new module | +-----------------------------------------------+-------------------------------------------------------------------------+ | ``mirage --create_scenario`` | generates a new scenario | +-----------------------------------------------+-------------------------------------------------------------------------+ | ``mirage --verbosity=`` | changes the verbosity level | +-----------------------------------------------+-------------------------------------------------------------------------+