forked from 0x90/lan-warz
/
dnet_addr.py
executable file
·79 lines (63 loc) · 1.83 KB
/
dnet_addr.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#!/usr/bin/env python
# ARP Scanner beta 1
# Geordie (aka themacuser/t3h/gm2)
import dnet
import sys
import socket
import time
def getmac(theaddr):
return dnet.arp().get(dnet.addr(theaddr))
def printUsage():
print """Usage: %s <interface name> <address range> <scan range>
Example: %s en1 192.168.0. 0-255""" % (sys.argv[0], sys.argv[0])
try:
ifname = sys.argv[1]
addr_range = sys.argv[2]
host_range = sys.argv[3]
addr = host_range.split("-", 2)
start = int(addr[0])
end = int(addr[1])
except:
printUsage()
sys.exit()
if ((start > 255 or end > 255) or (start < 0 or end < 0) or end < start):
printUsage()
sys.exit()
scanrange = range(start,end+1)
try:
interface = dnet.eth(ifname)
except:
print "Error opening interface. You probably aren't running as root, or the interface doesn't exist."
def ip_header(dst,src,type):
packet = dst + src + str(type)
return packet
def arp_header(hdr,op,sha,spa,tha,tpa):
packet = hdr + op + sha + spa + tha + tpa
return packet
def arp_request(ipaddr):
sha_str = str(dnet.intf().get(ifname)['link_addr'])
sha = dnet.eth_aton(sha_str)
spa_str = str(dnet.intf().get(ifname)['addr']).split("/")[0]
spa = dnet.ip_aton(spa_str)
tha = dnet.ETH_ADDR_BROADCAST
tpa = dnet.ip_aton(ipaddr)
pkt = ip_header(tha,sha,'\x08\x06')
pkt += arp_header('\x00\x01\x08\x00\x06\x04','\x00\x01', sha, spa, '\x00\x00\x00\x00\x00\x00', tpa)
interface.send(pkt)
print("Sending ARP Requests:")
for addr in scanrange:
arp_request(addr_range + str(addr))
if ((addr % 10) == 0):
sys.stdout.write(".")
sys.stdout.flush()
print ("\nWaiting for replies:")
waitrange = range(5)
for wait in waitrange:
sys.stdout.write(".")
sys.stdout.flush()
time.sleep(0.2)
print("\nQuerying ARP table:")
for addr in scanrange:
result = getmac(addr_range + str(addr))
if result:
print "%s @ %s" % (result, addr_range + str(addr))