Add --reg-domain flag, fix 5GHz AP reg domain, fix tmux scanner/success UX

- Add --reg-domain <CC> CLI option to override the wireless regulatory
  domain used when starting the rogue AP on 5GHz channels; defaults to US
- Fix hostapd and airbase-ng using country BO (which blocks UNII-1/ch36-48);
  both AP services now use US by default via ${FLUXIONRegDomain:-US}
- Fix tmux foreground windows: use trap EXIT to write the done file so
  Ctrl+C on a scanner window no longer leaves the main window stuck
- Fix tmux scanner window not refocusing the main pane after closing,
  requiring the user to press a key to see the target list
- Fix chrome/printf ordering bug that left cmdScript non-executable
- Handshake Snooper: write handshake_success.flag on arbiter completion
  so the main window polling loop can show an inline success notice
- Captive Portal: stop all attack services immediately on credential
  capture and display credentials inline in the main window
- Bump revision to 6.22

attacks/Handshake Snooper/attack.sh

@@ -126,6 +126,10 @@ handshake_snooper_arbiter_daemon() {
   mv "$FLUXIONWorkspacePath/capture/recent.cap" \
     "$FLUXIONPath/attacks/Handshake Snooper/handshakes/$FluxionTargetSSIDClean-$FluxionTargetMAC.cap"
 
+  # Write success flag so the main window polling loop can detect completion
+  # and update its display without waiting for manual user input.
+  touch "$FLUXIONWorkspacePath/handshake_success.flag"
+
   # Signal parent process the verification terminated.
   kill -s SIGABRT $1
 }

fluxion.sh

@@ -22,7 +22,7 @@ readonly FLUXIONNoiseFloor=-90
 readonly FLUXIONNoiseCeiling=-60
 
 readonly FLUXIONVersion=6
-readonly FLUXIONRevision=21
+readonly FLUXIONRevision=22
 
 # Declare window ration bigger = smaller windows
 FLUXIONWindowRatio=4
@@ -112,7 +112,7 @@ source "$FLUXIONLibPath/WindowUtils.sh"
 # ============================================================ #
 if ! FLUXIONCLIArguments=$(
     getopt --options="vdk5rinmthb:e:c:l:a:r" \
-      --longoptions="debug,debug-log:,version,killer,5ghz,installer,reloader,help,airmon-ng,multiplexer,target,test,auto,bssid:,essid:,channel:,language:,attack:,ratio,skip-dependencies,scan-time:,scan-only,list-interfaces,interface:,jammer-interface:,ap-interface:,tracker-interface:,ap-service:,timeout:" \
+      --longoptions="debug,debug-log:,version,killer,5ghz,installer,reloader,help,airmon-ng,multiplexer,target,test,auto,bssid:,essid:,channel:,language:,attack:,ratio,skip-dependencies,scan-time:,scan-only,list-interfaces,interface:,jammer-interface:,ap-interface:,tracker-interface:,ap-service:,timeout:,reg-domain:" \
       --name="FLUXION V$FLUXIONVersion.$FLUXIONRevision" -- "$@"
   ); then
   echo -e "${CRed}Aborted$CClr, parameter error detected..."; exit 5
@@ -164,6 +164,7 @@ while [ "$1" != "" ] && [ "$1" != "--" ]; do
     --tracker-interface) FLUXIONTrackerInterface=$2; shift;;
     --ap-service) FLUXIONAPService=$2; shift;;
     --timeout) FLUXIONTimeout=$2; shift;;
+    --reg-domain) FLUXIONRegDomain=${2^^}; shift;;
   esac
   shift # Shift new parameters
 done
@@ -2549,6 +2550,7 @@ fluxion_run_attack() {
   # watcher does not immediately exit on a fresh attack cycle.
   rm -f "$FLUXIONWorkspacePath/status.txt" \
         "$FLUXIONWorkspacePath/authenticator_success.flag" \
+        "$FLUXIONWorkspacePath/handshake_success.flag" \
         2>/dev/null
 
   start_attack
@@ -2613,12 +2615,54 @@ fluxion_run_attack() {
     # This keeps us in normal code flow (no signal tricks) so that the
     # success display in fluxion_handle_exit works as a plain function call.
     local _attackSucceeded=0
+    local _handshakeNotified=0
+    local _captiveNotified=0
     while true; do
-      if [ -f "$FLUXIONWorkspacePath/status.txt" ] || \
-         [ -f "$FLUXIONWorkspacePath/authenticator_success.flag" ]; then
-        _attackSucceeded=1
-        IOQueryChoice="${choices[1]}"
-        break
+      # Handshake Snooper: arbiter daemon writes this flag on success.
+      # Redraw once with a success notice; then keep waiting for the user
+      # to choose the next step (another attack or exit).
+      if [ $_handshakeNotified -eq 0 ] && \
+         [ -f "$FLUXIONWorkspacePath/handshake_success.flag" ]; then
+        _handshakeNotified=1
+        rm -f "$FLUXIONWorkspacePath/handshake_success.flag"
+        fluxion_header
+        echo -e "$FLUXIONVLine $HandshakeSnooperArbiterSuccededNotice"
+        echo
+        _ci=1
+        for _c in "${choices[@]}"; do
+          echo -e "\t${CRed}[${CSYel}${_ci}${CClr}${CRed}]${CClr} ${_c}${CClr}"
+          _ci=$((_ci + 1))
+        done
+        echo
+        echo -ne "$IOUtilsPrompt"
+      fi
+      # Captive Portal: authenticator writes status.txt when credentials are
+      # verified. Stop all attack services immediately (rogue AP, DNS, DHCP,
+      # web server, deauth jammer), then redraw showing the credentials and
+      # wait for the user to choose the next step.
+      if [ $_captiveNotified -eq 0 ] && \
+         [ -f "$FLUXIONWorkspacePath/status.txt" ]; then
+        _captiveNotified=1
+        fluxion_target_tracker_stop
+        stop_attack
+        local _captivePwd
+        _captivePwd=$(cat "$FLUXIONWorkspacePath/candidate.txt" 2>/dev/null)
+        fluxion_header
+        echo -e "  ${CSGrn}+-----------------------------------------------+${CClr}"
+        echo -e "  ${CSGrn}|           ATTACK SUCCESSFUL                   |${CClr}"
+        echo -e "  ${CSGrn}+-----------------------------------------------+${CClr}"
+        echo -e "  ${CGrn}  Network  :${CClr} ${CSWht}$FluxionTargetSSID${CClr}"
+        echo -e "  ${CGrn}  BSSID    :${CClr} ${CSWht}$FluxionTargetMAC${CClr}"
+        echo -e "  ${CYel}  Password :${CClr} ${CSYel}$_captivePwd${CClr}"
+        echo -e "  ${CSGrn}+-----------------------------------------------+${CClr}"
+        echo
+        _ci=1
+        for _c in "${choices[@]}"; do
+          echo -e "\t${CRed}[${CSYel}${_ci}${CClr}${CRed}]${CClr} ${_c}${CClr}"
+          _ci=$((_ci + 1))
+        done
+        echo
+        echo -ne "$IOUtilsPrompt"
       fi
       local _inp=""
       if read -t 1 -r _inp 2>/dev/null && [ -n "$_inp" ]; then

lib/HelpUtils.sh

@@ -80,6 +80,11 @@ fluxion_help(){
                 airbase-ng automatically since hostapd requires driver
                 radar/CAC support that USB adapters lack.
 
+         --reg-domain <CC>
+                Override the wireless regulatory domain used when bringing
+                up the rogue AP on 5 GHz channels (e.g. US, DE, JP).
+                Default is US. The original domain is restored on exit.
+
          --timeout <minutes>
                 Maximum duration in minutes for the attack in auto mode.
                 After this time the attack is stopped and fluxion exits.

lib/WindowUtils.sh

@@ -73,20 +73,24 @@ fluxion_window_open() {
 	elif [ "$FLUXIONDisplayMode" = "tmux" ]; then
 		# Write command to a temp script to avoid all quoting issues with tmux.
 		local cmdScript="$FLUXIONWorkspacePath/.cmd_${FLUXIONWindowCounter}.sh"
-		printf '#!/usr/bin/env bash\n%s\n' "$command" > "$cmdScript"
-		chmod +x "$cmdScript"
 
 		if [ -z "$pidVar" ]; then
 			# Foreground/blocking: create window, poll until command finishes.
 			local doneFile="$FLUXIONWorkspacePath/.window_done_${FLUXIONWindowCounter}"
 			rm -f "$doneFile"
 
+			# Use a trap so the done file is written even if the window is
+			# closed via Ctrl+C (SIGINT kills the process group before the
+			# shell can run a trailing "; echo done" suffix).
+			printf '#!/usr/bin/env bash\ntrap '"'"'echo done > "%s"'"'"' EXIT\n%s\n' \
+				"$doneFile" "$command" > "$cmdScript"
+			chmod +x "$cmdScript"
+
 			if [ "$FLUXIONDebug" ]; then
 				tmux new-window -n "$windowName" \
-					"$cmdScript; echo done > \"$doneFile\"; echo 'Press enter to close...'; read"
+					"$cmdScript; echo 'Press enter to close...'; read"
 			else
-				tmux new-window -n "$windowName" \
-					"$cmdScript; echo done > \"$doneFile\""
+				tmux new-window -n "$windowName" "$cmdScript"
 			fi
 
 			# Poll until the command finishes.
@@ -95,8 +99,14 @@ fluxion_window_open() {
 			done
 			rm -f "$doneFile"
 			rm -f "$cmdScript"
+
+			# Refocus the main pane so the caller's output is immediately
+			# visible without the user having to switch tmux windows manually.
+			[ "$TMUX_PANE" ] && tmux select-pane -t "$TMUX_PANE" 2>/dev/null
 		else
 			# Background: create detached window, get PID.
+			printf '#!/usr/bin/env bash\n%s\n' "$command" > "$cmdScript"
+			chmod +x "$cmdScript"
 			tmux new-window -d -n "$windowName" "$cmdScript"
 
 			if [ "$FLUXIONDebug" ]; then

lib/ap/airbase-ng.sh

@@ -72,7 +72,7 @@ function ap_service_prep() {
     local __iw=$(command -v iw 2>/dev/null || echo /usr/sbin/iw)
     if [ -x "$__iw" ]; then
       APServiceOrigRegDomain=$("$__iw" reg get 2>/dev/null | grep -m1 "^country" | sed 's/country \([A-Z0-9]*\).*/\1/')
-      "$__iw" reg set BO 2>/dev/null
+      "$__iw" reg set "${FLUXIONRegDomain:-US}" 2>/dev/null
       sleep 0.5
     fi
   fi

lib/ap/hostapd.sh

@@ -78,7 +78,7 @@ function ap_service_prep() {
     local __iw=$(command -v iw 2>/dev/null || echo /usr/sbin/iw)
     if [ -x "$__iw" ]; then
       APServiceOrigRegDomain=$("$__iw" reg get 2>/dev/null | grep -m1 "^country" | sed 's/country \([A-Z0-9]*\).*/\1/')
-      "$__iw" reg set BO 2>/dev/null
+      "$__iw" reg set "${FLUXIONRegDomain:-US}" 2>/dev/null
       sleep 0.5
     fi
   fi
@@ -88,7 +88,7 @@ function ap_service_prep() {
   local __extraConf=""
   if [ "$APServiceChannel" -gt 14 ] 2>/dev/null; then
     __hwMode="a"
-    __extraConf="country_code=BO
+    __extraConf="country_code=${FLUXIONRegDomain:-US}
 ieee80211d=1"
   fi