OUI (MAC address) lookup script
Every networking device contains a MAC address, in general these MAC addresses should be unique for each networking device (not taking into account spoofing at this moment). Each of these MAC addresses contains a OUI (Organizationally_Unique_Identifier) and each OUI that is used should refer to the company making the networking device.
While there are various places where you can lookup OUIs I couldn’t find an easy command line tool for this. So, to enable easier lookups of these OUIs I wrote a small Perl script, the script is made to be used on a BackTrack 4 installation, however it should work on other systems as well.
The script uses the OUI file which comes with the aircrack-ng suite. On BackTrack 4 this file is located at /usr/local/etc/aircrack-ng/airodump-ng-oui.txt, this variable ($ouifile) can be adjusted in the beginning of the script.
The script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
#!/usr/bin/env perl # MAC address OUI checker # Thijs (Thice) Bosschert # http://www.thice.nl # v0.4 25-06-2010 $ouifile = "/usr/local/etc/aircrack-ng/airodump-ng-oui.txt"; # Print header print "\n MAC address OUI checker v0.4\n". " by Thijs (Thice) Bosschert\n\n"; # Check if argument has been given if (!$ARGV[0]) { fatal_error(); } # Removing seperators from MAC address and uppercase chars my $OUI = uc($ARGV[0]); $OUI =~ s/[^0-9A-F]//g; # Get OUI from MAC if ($OUI =~ /^([0-9A-F]{6})/) { $OUI = $1; print " Checking OUI: ".$OUI."\n"; } else { fatal_error(); } # Open OUI file from aircrack-ng open(my $fh, "<", $ouifile) || die " Error: Can not access OUI file: $ouifile"; while (<$fh>) { ($checkoui,$company) = split(/\(hex\)/,$_); $checkoui =~ s/[-|\s]//g; # Check if OUI can be found in the list if ($OUI eq $checkoui) { $company =~ s/\t//g; chomp($company); # Output found OUI print " Found OUI: ".$OUI." - ".$company."\n\n"; exit; } } close($fh); # Show if OUI was not found print " Could not find OUI: ".$OUI."\n\n"; # Error messages sub fatal_error { print " Error: No MAC address or OUI specified or could not recognize it.\n"; if ($0 =~ /^\/bin\/(.*)/) { print " Usage: $1 \n"; } else { print " Usage: perl $0 \n"; } print " MAC can be submitted as:\n". " 001122334455\n". " 00:11:22:33:44:55\n". " 00-11-22-33-44-55\n". " OUI can be submitted as:\n". " 001122\n". " 00:11:22\n". " 00-11-22\n\n"; exit; } |
To have easier access to the script, you can install the script to the bin directory by the following two commands (as root or sudo):
|
1 2 |
cp OUI_lookup.pl /bin/OUI_lookup chmod +x /bin/OUI_lookup |
Some example outputs of the script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
thice@bt:~$ OUI_lookup MAC address OUI checker v0.4 by Thijs (Thice) Bosschert Error: No MAC address or OUI specified or could not recognize it. Usage: OUI_lookup MAC can be submitted as: 001122334455 00:11:22:33:44:55 00-11-22-33-44-55 OUI can be submitted as: 001122 00:11:22 00-11-22 |
|
1 2 3 4 5 6 7 |
thice@bt:~$ OUI_lookup 001122 MAC address OUI checker v0.4 by Thijs (Thice) Bosschert Checking OUI: 001122 Found OUI: 001122 - CIMSYS Inc |
|
1 2 3 4 5 6 7 |
thice@bt:~$ OUI_lookup 22-33-44 MAC address OUI checker v0.3 by Thijs (Thice) Bosschert Checking OUI: 223344 Could not find OUI: 223344 |
|
1 2 3 4 5 6 7 |
thice@bt:~$ OUI_lookup 00:11:00:22:00:33 MAC address OUI checker v0.3 by Thijs (Thice) Bosschert Checking OUI: 001100 Found OUI: 001100 - Schneider Electric |
To update the aircrack-ng OUI file you can run the command “airodump-ng-oui-update”
|
1 2 3 4 |
root@bt:~# airodump-ng-oui-update [*] Downloading IEEE OUI file... [*] Parsing OUI file... [*] Airodump-ng OUI file successfully updated |
Any feedback on this script is much appreciated, the script can be used and adjusted by anyone, as long as a reference to this site (Thice.nl) is included.
I hereby would like to thank user Gitsnik of the BackTrack Forums for providing me feedback and some improvements to my code.
Hey, I have been surfin around looking at wireless stuff, as I am taking my OSWP in less than 1 hour from now, and saw this on twitter. I have made one of these before, that pulled the data from the ieee site for OUI, which took a long time. I found that if I saved the file locally (which airodump-ng-oui-update does now) then called “cat” from Perl it’s actually faster than what Perl uses to read the file. Simply slurp the lines into an array and call foreach on the array, you see it’s much faster as cat is coded in C with no top level interpreter. Rather than do “open FLE || die; while () { stuff.. }” try this:
my @lines =
cat /usr/local/etc/aircrack-ng/airodump-ng-oui.txt;foreach (@lines) { stuff… }
@trevelyn
Thank you, I saw you made the OSWP exam as well, congrats to you too!
While a
catmight be faster I personally rather don’t use shell commands like that in this Perl script. And my script is quite fast already, there is no waiting for the answer, it comes up right away.Hey, a perl script from a guy that said that perl is for old men?
Anyway, nice, Thice
@The Dude
I never said Perl was for old men, Perl is for lazy men