Beispiel #1
0
    def main(self):
        '''
    The main() method
    '''
        global c
        # parse cmd line args
        cfg = self.__parseOptions(sys.argv[1:])
        if cfg is False: return False
        (errcode, errmsg) = self.__parseCmdLine(cfg)
        if errcode > 0:
            c.puts(errmsg)
            return False
        # check if we run as root
        if os.getuid() != 0:
            c.puts("[-] " + self.__progName + " must be run as root.")
            return False
        try:
            # configure interfaces
            if self.__ifaceMac != self.__ifaceOldMac:
                if os.system("ip link set " + self.__iface + " address " +
                             self.__ifaceMac) > 0:
                    c.puts("[-] Unable to set MAC address " + self.__ifaceMac +
                           " for " + self.__iface + ".")
                    return False
            # put self.__iface into promiscuous mode
            if os.system("ip link set " + self.__iface + " promisc on") > 0:
                c.puts("[-] Unable to put " + self.__iface +
                       " into promiscuous mode.")
                return False
            # reverse vlan id list to enable pop() from the list head
            vlanList = []
            vlanList.extend(self.__vlanIds)
            vlanList.reverse()
            # staggered vlan scan
            while len(vlanList) > 0:
                if TL.getAliveCount() < self.__threads:
                    v = vlanList.pop()
                    t = TL.createThread('active', v, self.__iface,
                                        self.__ifaceMac)
                    TL.startThread(t)

            # TODO: MOAR SOURCE CODE - COLLECT AND EVALUATE RESULTS

            # scans have finished or an error has occurred
        finally:
            # put self.__iface back into non-promiscuous mode
            os.system("ip link set dev " + self.__iface + " promisc off")
            # Set MAC address to the old one
            if self.__ifaceMac != self.__ifaceOldMac:
                if os.system("ip link set " + self.__iface + " address " +
                             self.__ifaceOldMac) > 0:
                    c.puts("[-] Unable to set MAC address " +
                           self.__ifaceOldMac + " for " + self.__iface + ".")
                    return False

        return
Beispiel #2
0
 def stopThread(self):
   global c
   if self.__running: 
     self.__running = 0
     os.system('ip link set ' + self.__vlanIface + ' down')
     if os.system('ip link delete ' + self.__vlanIface) > 0:
       c.puts('[-] Unable to remove vlan interface ' + self.__vlanIface)
     else:
       c.puts('[+] Removed interface ' + self.__vlanIface)
     return True
   return False
Beispiel #3
0
 def stopThread(self):
     global c
     if self.__running:
         self.__running = 0
         os.system('ip link set ' + self.__vlanIface + ' down')
         if os.system('ip link delete ' + self.__vlanIface) > 0:
             c.puts('[-] Unable to remove vlan interface ' +
                    self.__vlanIface)
         else:
             c.puts('[+] Removed interface ' + self.__vlanIface)
         return True
     return False
Beispiel #4
0
 def main(self):
   '''
   The main() method
   '''
   global c
   # parse cmd line args
   cfg = self.__parseOptions(sys.argv[1:])
   if cfg is False: return False
   (errcode, errmsg) = self.__parseCmdLine(cfg)
   if errcode > 0: 
     c.puts(errmsg)
     return False
   # check if we run as root
   if os.getuid() != 0:
     c.puts("[-] " + self.__progName + " must be run as root.")
     return False
   try:
     # configure interfaces
     if self.__ifaceMac != self.__ifaceOldMac:
       if os.system("ip link set " + self.__iface + " address " + self.__ifaceMac) > 0:
         c.puts("[-] Unable to set MAC address " + self.__ifaceMac + " for " + self.__iface + ".")
         return False
     # put self.__iface into promiscuous mode
     if os.system("ip link set " + self.__iface + " promisc on") > 0:
       c.puts("[-] Unable to put " + self.__iface + " into promiscuous mode.")
       return False
     # reverse vlan id list to enable pop() from the list head
     vlanList = []
     vlanList.extend(self.__vlanIds)
     vlanList.reverse()
     # staggered vlan scan
     while len(vlanList) > 0:
       if TL.getAliveCount() < self.__threads:
         v = vlanList.pop()
         t = TL.createThread('active', v, self.__iface, self.__ifaceMac)
         TL.startThread(t)
         
         
     # TODO: MOAR SOURCE CODE - COLLECT AND EVALUATE RESULTS
         
         
     # scans have finished or an error has occurred
   finally:
     # put self.__iface back into non-promiscuous mode
     os.system("ip link set dev " + self.__iface + " promisc off")
     # Set MAC address to the old one
     if self.__ifaceMac != self.__ifaceOldMac:
       if os.system("ip link set " + self.__iface + " address " + self.__ifaceOldMac) > 0:
         c.puts("[-] Unable to set MAC address " + self.__ifaceOldMac + " for " + self.__iface + ".")
         return False
   
   return
Beispiel #5
0
 def __parseOptions(self, myargs):
   '''
   Parse the command line options
   '''
   global c
   argParser = argparse.ArgumentParser(formatter_class = argparse.ArgumentDefaultsHelpFormatter)
   argParser.add_argument("-i", "--iface", dest = "iface", default = "eth0", help = "The hardware network interface to scan.", metavar = "NIC")
   argParser.add_argument("-m", "--mac", dest = "mac", help = "Use MAC as hardware address on NIC.", metavar = "MAC")
   argParser.add_argument("-t", "--threads", type = int, dest = "threads", default = 10, help = "Scan NUM_THREADS vlan ids concurrently.", metavar = "NUM_THREADS")
   argParser.add_argument("vlanIds", help = "The vlan ids to scan. Format: 1,70-150,42", metavar = "VLAN-IDs")
   argParser.add_argument("-v", "--version", action = "version", version = self.__progVersion)
   try:
     cfg = argParser.parse_args(myargs)
     if DBG: c.puts(str(cfg))
   except SystemExit:
     return False
   except:
     return None
   return cfg
Beispiel #6
0
 def __parseOptions(self, myargs):
     '''
 Parse the command line options
 '''
     global c
     argParser = argparse.ArgumentParser(
         formatter_class=argparse.ArgumentDefaultsHelpFormatter)
     argParser.add_argument("-i",
                            "--iface",
                            dest="iface",
                            default="eth0",
                            help="The hardware network interface to scan.",
                            metavar="NIC")
     argParser.add_argument("-m",
                            "--mac",
                            dest="mac",
                            help="Use MAC as hardware address on NIC.",
                            metavar="MAC")
     argParser.add_argument("-t",
                            "--threads",
                            type=int,
                            dest="threads",
                            default=10,
                            help="Scan NUM_THREADS vlan ids concurrently.",
                            metavar="NUM_THREADS")
     argParser.add_argument(
         "vlanIds",
         help="The vlan ids to scan. Format: 1,70-150,42",
         metavar="VLAN-IDs")
     argParser.add_argument("-v",
                            "--version",
                            action="version",
                            version=self.__progVersion)
     try:
         cfg = argParser.parse_args(myargs)
         if DBG: c.puts(str(cfg))
     except SystemExit:
         return False
     except:
         return None
     return cfg
Beispiel #7
0
    def run(self):
        global c
        if self.__running:
            if os.system('ip link add link ' + self.__nic + ' name ' +
                         self.__vlanIface + ' type vlan id ' +
                         self.__vlan) > 0:
                c.puts('[-] Unable to create vlan interface ' +
                       self.__vlanIface)
                self.stopThread()
                return False
            else:
                os.system('ip link set ' + self.__vlanIface + ' up')
                c.puts('[+] Created interface ' + self.__vlanIface)
            c.puts("[*] Scanning VLAN: " + str(self.__vlan))

            # TODO: MOAR SOURCE CODE - DO A SCAN
            # time.sleep(random.randint(1, 5))
            dhcpThread = DhcpDiscover(self.__vlanIface, self.__mac,
                                      self.__resultDict, self.__resultDictLock)
            dhcpThread.start()

            # start more scans

            dhcpThread.join()
            self.stopThread()
        return True
 def dhcpClient(self, response):
   global c
   # Implements a rudimentary DHCP client to spoof DHCP DISCOVER messages.
   # if response is None, then send a DHCP DISCOVER.
   if response is None:
     packet = self.__buildDhcpDiscover()
     c.puts("[*] Sending a DHCP DISCOVER with xid = " + hex(packet[BOOTP].xid) + " on " + self.__iface)
     # sendp(packet, iface = self.__iface, inter = 1, count = 3, verbose = 0)
     sendp(packet, iface = self.__iface, verbose = 0)
     return
   # a packet has been received. check if it is a DHCP packet.
   if response.haslayer(DHCP):
     # dissect and analyze...
     if response[DHCP].options[0][1] == 2:
       dhcpServerIpAddress = response[BOOTP].siaddr
       dhcpServerMacAddress = response[Ether].src
       dhcpOfferedAddress = response[BOOTP].yiaddr
       dhcpOpts = response[DHCP].options[1:response[DHCP].options.index('end')]
       with self.__resultDictLock:
         self.__resultDict[(self.__iface, 'DHCP')] = {'dhcpServerIpAddress': dhcpServerIpAddress,
                                                      'dhcpServerMacAddress': dhcpServerMacAddress,
                                                      'dhcpOfferedAddress': dhcpOfferedAddress,
                                                      'dhcpOpts': dhcpOpts}
       c.puts("[*] Got DHCP OFFER from: " + dhcpServerMacAddress + ", DHCP server: " + response[BOOTP].siaddr + ", offered IP: " + response[BOOTP].yiaddr + ", xid: " + hex(response[BOOTP].xid))
       msg = "   [+] DHCP options:"
       for dhcpOpts in response[DHCP].options:
         msg += "\n"
         if dhcpOpts == 'end' or dhcpOpts == 'pad': break
         key = dhcpOpts[0]
         val = dhcpOpts[1:]
         msg += "   [+] " + key + ": " + str(val)
       c.puts(msg)
       return 
   return
Beispiel #9
0
 def dhcpClient(self, response):
     global c
     # Implements a rudimentary DHCP client to spoof DHCP DISCOVER messages.
     # if response is None, then send a DHCP DISCOVER.
     if response is None:
         packet = self.__buildDhcpDiscover()
         c.puts("[*] Sending a DHCP DISCOVER with xid = " +
                hex(packet[BOOTP].xid) + " on " + self.__iface)
         # sendp(packet, iface = self.__iface, inter = 1, count = 3, verbose = 0)
         sendp(packet, iface=self.__iface, verbose=0)
         return
     # a packet has been received. check if it is a DHCP packet.
     if response.haslayer(DHCP):
         # dissect and analyze...
         if response[DHCP].options[0][1] == 2:
             dhcpServerIpAddress = response[BOOTP].siaddr
             dhcpServerMacAddress = response[Ether].src
             dhcpOfferedAddress = response[BOOTP].yiaddr
             dhcpOpts = response[DHCP].options[1:response[DHCP].options.
                                               index('end')]
             with self.__resultDictLock:
                 self.__resultDict[(self.__iface, 'DHCP')] = {
                     'dhcpServerIpAddress': dhcpServerIpAddress,
                     'dhcpServerMacAddress': dhcpServerMacAddress,
                     'dhcpOfferedAddress': dhcpOfferedAddress,
                     'dhcpOpts': dhcpOpts
                 }
             c.puts("[*] Got DHCP OFFER from: " + dhcpServerMacAddress +
                    ", DHCP server: " + response[BOOTP].siaddr +
                    ", offered IP: " + response[BOOTP].yiaddr + ", xid: " +
                    hex(response[BOOTP].xid))
             msg = "   [+] DHCP options:"
             for dhcpOpts in response[DHCP].options:
                 msg += "\n"
                 if dhcpOpts == 'end' or dhcpOpts == 'pad': break
                 key = dhcpOpts[0]
                 val = dhcpOpts[1:]
                 msg += "   [+] " + key + ": " + str(val)
             c.puts(msg)
             return
     return
Beispiel #10
0
 def run(self):
   global c
   if self.__running:
     if os.system('ip link add link ' + self.__nic + ' name ' + self.__vlanIface + ' type vlan id ' + self.__vlan) > 0:
       c.puts('[-] Unable to create vlan interface ' + self.__vlanIface)
       self.stopThread()
       return False
     else:
       os.system('ip link set ' + self.__vlanIface + ' up')
       c.puts('[+] Created interface ' + self.__vlanIface)
     c.puts("[*] Scanning VLAN: " + str(self.__vlan))
     
     
     
     # TODO: MOAR SOURCE CODE - DO A SCAN
     # time.sleep(random.randint(1, 5))
     dhcpThread = DhcpDiscover(self.__vlanIface, self.__mac, self.__resultDict, self.__resultDictLock)
     dhcpThread.start()
     
     # start more scans
     
     dhcpThread.join()
     self.stopThread()
   return True