PAW / PAWS is a wardialing software in python. It is designed to scan for ISDN (PAWS only) and "modern" analog modems (running at 9.6kbit/s or higher). Wardialing tools are - despite their martialic naming - used to find nonauthorized modems so one can disable those and as result make access to the internal network harder.
For PAW list all numbers you want to be dialed into the (text) file "dial.lst", one in each line - numbers only, no spaces, plus signs, dashes or slashes please.
For PAWS the numbers are accompanied by the ISDN modes to be tested in the (text) file "dial.lst" in the exact format you find in the example file (you can delete individual ISDN types, though), one in each line - numbers only, no spaces, plus signs, dashes or slashes please. A syntax check of any kind is effectively non-existant, so be careful.
Make sure the device your modem is attached to is set correctly in paw.py in the variable "tty" at the top of the file.
Then simply call "./paw.py" or "./paws.py" and watch - a verbatim full log will be written into paw_dialing.log where CR, LF and TAB will be translated into readable equivalents. For PAW an additional summary will be written as CSV file in paw_dialing.csv
...because if you need more help, support or have special requests? Then please contact me for a competitive consultant/service offer. Wardialing and modem pentesting is - after the first brainless dial-robot-run - more an art than a quickly taught run-down recipe, especially since things can break if not handled carefully.
This tool is designed to be used by knowledgeable people and for lawful purposes *ONLY*. Even then it can cause considerable damage - especially when disconnecting complete campuses by accident (ever crashed an INAX, anyone?). If it is not 100% clear to you and your client/victim what you are about to do and what can happen - do not use this program!
When performing a wardialing make damn sure that you have a request/order or at least permission of the line owners to do so. Otherwise you might have to face criminal charges (trespassing, sabotage, DoS, etc).
Additionally make sure the client has all contact details of pen testers so the client can contact them during the test in case something goes wrong. I once wardialed a client who was not aware that his telephone system relayed each and every non-valid number and/or service to the front desk. 50.000 numbers dialed where only 20% were connected. 4 wardialers each running at ~30second intervals. Effectively DoSed the client.
|Roadmap / Contributing|
Please check the website for updates prior to submitting patches!
Other ISDN Wardialers scanning all ISDN modes|
(HLDC, transparent, audio and the X.75 variants)
|VoIP-based/-capable Wardialers for Unix|
|Modem-based Wardialers for Unix|
|Modem-based Wardialers for MS-DOS (and emulations)|
|Other Wardialers for MS-Windows|