def main(self):
'''
The main() method
'''
global c
# parse cmd line args
cfg = self.__parseOptions(sys.argv[1:])
if cfg is False: return False
(errcode, errmsg) = self.__parseCmdLine(cfg)
if errcode > 0:
c.puts(errmsg)
return False
# check if we run as root
if os.getuid() != 0:
c.puts("[-] " + self.__progName + " must be run as root.")
return False
try:
# configure interfaces
if self.__ifaceMac != self.__ifaceOldMac:
if os.system("ip link set " + self.__iface + " address " +
self.__ifaceMac) > 0:
c.puts("[-] Unable to set MAC address " + self.__ifaceMac +
" for " + self.__iface + ".")
return False
# put self.__iface into promiscuous mode
if os.system("ip link set " + self.__iface + " promisc on") > 0:
c.puts("[-] Unable to put " + self.__iface +
" into promiscuous mode.")
return False
# reverse vlan id list to enable pop() from the list head
vlanList = []
vlanList.extend(self.__vlanIds)
vlanList.reverse()
# staggered vlan scan
while len(vlanList) > 0:
if TL.getAliveCount() < self.__threads:
v = vlanList.pop()
t = TL.createThread('active', v, self.__iface,
self.__ifaceMac)
TL.startThread(t)
# TODO: MOAR SOURCE CODE - COLLECT AND EVALUATE RESULTS
# scans have finished or an error has occurred
finally:
# put self.__iface back into non-promiscuous mode
os.system("ip link set dev " + self.__iface + " promisc off")
# Set MAC address to the old one
if self.__ifaceMac != self.__ifaceOldMac:
if os.system("ip link set " + self.__iface + " address " +
self.__ifaceOldMac) > 0:
c.puts("[-] Unable to set MAC address " +
self.__ifaceOldMac + " for " + self.__iface + ".")
return False
return
def stopThread(self):
global c
if self.__running:
self.__running = 0
os.system('ip link set ' + self.__vlanIface + ' down')
if os.system('ip link delete ' + self.__vlanIface) > 0:
c.puts('[-] Unable to remove vlan interface ' + self.__vlanIface)
else:
c.puts('[+] Removed interface ' + self.__vlanIface)
return True
return False
def stopThread(self):
global c
if self.__running:
self.__running = 0
os.system('ip link set ' + self.__vlanIface + ' down')
if os.system('ip link delete ' + self.__vlanIface) > 0:
c.puts('[-] Unable to remove vlan interface ' +
self.__vlanIface)
else:
c.puts('[+] Removed interface ' + self.__vlanIface)
return True
return False
def main(self):
'''
The main() method
'''
global c
# parse cmd line args
cfg = self.__parseOptions(sys.argv[1:])
if cfg is False: return False
(errcode, errmsg) = self.__parseCmdLine(cfg)
if errcode > 0:
c.puts(errmsg)
return False
# check if we run as root
if os.getuid() != 0:
c.puts("[-] " + self.__progName + " must be run as root.")
return False
try:
# configure interfaces
if self.__ifaceMac != self.__ifaceOldMac:
if os.system("ip link set " + self.__iface + " address " + self.__ifaceMac) > 0:
c.puts("[-] Unable to set MAC address " + self.__ifaceMac + " for " + self.__iface + ".")
return False
# put self.__iface into promiscuous mode
if os.system("ip link set " + self.__iface + " promisc on") > 0:
c.puts("[-] Unable to put " + self.__iface + " into promiscuous mode.")
return False
# reverse vlan id list to enable pop() from the list head
vlanList = []
vlanList.extend(self.__vlanIds)
vlanList.reverse()
# staggered vlan scan
while len(vlanList) > 0:
if TL.getAliveCount() < self.__threads:
v = vlanList.pop()
t = TL.createThread('active', v, self.__iface, self.__ifaceMac)
TL.startThread(t)
# TODO: MOAR SOURCE CODE - COLLECT AND EVALUATE RESULTS
# scans have finished or an error has occurred
finally:
# put self.__iface back into non-promiscuous mode
os.system("ip link set dev " + self.__iface + " promisc off")
# Set MAC address to the old one
if self.__ifaceMac != self.__ifaceOldMac:
if os.system("ip link set " + self.__iface + " address " + self.__ifaceOldMac) > 0:
c.puts("[-] Unable to set MAC address " + self.__ifaceOldMac + " for " + self.__iface + ".")
return False
return
def __parseOptions(self, myargs):
'''
Parse the command line options
'''
global c
argParser = argparse.ArgumentParser(formatter_class = argparse.ArgumentDefaultsHelpFormatter)
argParser.add_argument("-i", "--iface", dest = "iface", default = "eth0", help = "The hardware network interface to scan.", metavar = "NIC")
argParser.add_argument("-m", "--mac", dest = "mac", help = "Use MAC as hardware address on NIC.", metavar = "MAC")
argParser.add_argument("-t", "--threads", type = int, dest = "threads", default = 10, help = "Scan NUM_THREADS vlan ids concurrently.", metavar = "NUM_THREADS")
argParser.add_argument("vlanIds", help = "The vlan ids to scan. Format: 1,70-150,42", metavar = "VLAN-IDs")
argParser.add_argument("-v", "--version", action = "version", version = self.__progVersion)
try:
cfg = argParser.parse_args(myargs)
if DBG: c.puts(str(cfg))
except SystemExit:
return False
except:
return None
return cfg
def __parseOptions(self, myargs):
'''
Parse the command line options
'''
global c
argParser = argparse.ArgumentParser(
formatter_class=argparse.ArgumentDefaultsHelpFormatter)
argParser.add_argument("-i",
"--iface",
dest="iface",
default="eth0",
help="The hardware network interface to scan.",
metavar="NIC")
argParser.add_argument("-m",
"--mac",
dest="mac",
help="Use MAC as hardware address on NIC.",
metavar="MAC")
argParser.add_argument("-t",
"--threads",
type=int,
dest="threads",
default=10,
help="Scan NUM_THREADS vlan ids concurrently.",
metavar="NUM_THREADS")
argParser.add_argument(
"vlanIds",
help="The vlan ids to scan. Format: 1,70-150,42",
metavar="VLAN-IDs")
argParser.add_argument("-v",
"--version",
action="version",
version=self.__progVersion)
try:
cfg = argParser.parse_args(myargs)
if DBG: c.puts(str(cfg))
except SystemExit:
return False
except:
return None
return cfg
def run(self):
global c
if self.__running:
if os.system('ip link add link ' + self.__nic + ' name ' +
self.__vlanIface + ' type vlan id ' +
self.__vlan) > 0:
c.puts('[-] Unable to create vlan interface ' +
self.__vlanIface)
self.stopThread()
return False
else:
os.system('ip link set ' + self.__vlanIface + ' up')
c.puts('[+] Created interface ' + self.__vlanIface)
c.puts("[*] Scanning VLAN: " + str(self.__vlan))
# TODO: MOAR SOURCE CODE - DO A SCAN
# time.sleep(random.randint(1, 5))
dhcpThread = DhcpDiscover(self.__vlanIface, self.__mac,
self.__resultDict, self.__resultDictLock)
dhcpThread.start()
# start more scans
dhcpThread.join()
self.stopThread()
return True
def dhcpClient(self, response):
global c
# Implements a rudimentary DHCP client to spoof DHCP DISCOVER messages.
# if response is None, then send a DHCP DISCOVER.
if response is None:
packet = self.__buildDhcpDiscover()
c.puts("[*] Sending a DHCP DISCOVER with xid = " + hex(packet[BOOTP].xid) + " on " + self.__iface)
# sendp(packet, iface = self.__iface, inter = 1, count = 3, verbose = 0)
sendp(packet, iface = self.__iface, verbose = 0)
return
# a packet has been received. check if it is a DHCP packet.
if response.haslayer(DHCP):
# dissect and analyze...
if response[DHCP].options[0][1] == 2:
dhcpServerIpAddress = response[BOOTP].siaddr
dhcpServerMacAddress = response[Ether].src
dhcpOfferedAddress = response[BOOTP].yiaddr
dhcpOpts = response[DHCP].options[1:response[DHCP].options.index('end')]
with self.__resultDictLock:
self.__resultDict[(self.__iface, 'DHCP')] = {'dhcpServerIpAddress': dhcpServerIpAddress,
'dhcpServerMacAddress': dhcpServerMacAddress,
'dhcpOfferedAddress': dhcpOfferedAddress,
'dhcpOpts': dhcpOpts}
c.puts("[*] Got DHCP OFFER from: " + dhcpServerMacAddress + ", DHCP server: " + response[BOOTP].siaddr + ", offered IP: " + response[BOOTP].yiaddr + ", xid: " + hex(response[BOOTP].xid))
msg = " [+] DHCP options:"
for dhcpOpts in response[DHCP].options:
msg += "\n"
if dhcpOpts == 'end' or dhcpOpts == 'pad': break
key = dhcpOpts[0]
val = dhcpOpts[1:]
msg += " [+] " + key + ": " + str(val)
c.puts(msg)
return
return
def dhcpClient(self, response):
global c
# Implements a rudimentary DHCP client to spoof DHCP DISCOVER messages.
# if response is None, then send a DHCP DISCOVER.
if response is None:
packet = self.__buildDhcpDiscover()
c.puts("[*] Sending a DHCP DISCOVER with xid = " +
hex(packet[BOOTP].xid) + " on " + self.__iface)
# sendp(packet, iface = self.__iface, inter = 1, count = 3, verbose = 0)
sendp(packet, iface=self.__iface, verbose=0)
return
# a packet has been received. check if it is a DHCP packet.
if response.haslayer(DHCP):
# dissect and analyze...
if response[DHCP].options[0][1] == 2:
dhcpServerIpAddress = response[BOOTP].siaddr
dhcpServerMacAddress = response[Ether].src
dhcpOfferedAddress = response[BOOTP].yiaddr
dhcpOpts = response[DHCP].options[1:response[DHCP].options.
index('end')]
with self.__resultDictLock:
self.__resultDict[(self.__iface, 'DHCP')] = {
'dhcpServerIpAddress': dhcpServerIpAddress,
'dhcpServerMacAddress': dhcpServerMacAddress,
'dhcpOfferedAddress': dhcpOfferedAddress,
'dhcpOpts': dhcpOpts
}
c.puts("[*] Got DHCP OFFER from: " + dhcpServerMacAddress +
", DHCP server: " + response[BOOTP].siaddr +
", offered IP: " + response[BOOTP].yiaddr + ", xid: " +
hex(response[BOOTP].xid))
msg = " [+] DHCP options:"
for dhcpOpts in response[DHCP].options:
msg += "\n"
if dhcpOpts == 'end' or dhcpOpts == 'pad': break
key = dhcpOpts[0]
val = dhcpOpts[1:]
msg += " [+] " + key + ": " + str(val)
c.puts(msg)
return
return
def run(self):
global c
if self.__running:
if os.system('ip link add link ' + self.__nic + ' name ' + self.__vlanIface + ' type vlan id ' + self.__vlan) > 0:
c.puts('[-] Unable to create vlan interface ' + self.__vlanIface)
self.stopThread()
return False
else:
os.system('ip link set ' + self.__vlanIface + ' up')
c.puts('[+] Created interface ' + self.__vlanIface)
c.puts("[*] Scanning VLAN: " + str(self.__vlan))
# TODO: MOAR SOURCE CODE - DO A SCAN
# time.sleep(random.randint(1, 5))
dhcpThread = DhcpDiscover(self.__vlanIface, self.__mac, self.__resultDict, self.__resultDictLock)
dhcpThread.start()
# start more scans
dhcpThread.join()
self.stopThread()
return True