def scan(ip):
arp_request = ARP(pdst=ip)
broadcast = Ether(dst="ff:ff:ff:ff:ff:ff")
arp_broadcast_request = broadcast / arp_request
(valid_list, not_valid_list) = srp(arp_broadcast_request,
verbose=False,
timeout=10)
network_node_list = []
for valid in valid_list:
network_node_list.append({"ip": valid[1].psrc, "mac": valid[1].hwsrc})
return network_node_list
def get_mac(ip):
"""
Gets the MAC address of the IP address.
:param ip: IP address to get the MAC of.
:return: MAC address of IP OR None
"""
# Send the ARP request packet asking for the owner of the IP address
# If IP is down ie. unused returns None
ans, _ = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip), timeout=3, verbose=0)
if ans:
return ans[0][1].src
def scan(ip):
arp_request = ARP(pdst=ip)
broadcast = Ether(dst="ff:ff:ff:ff:ff:ff")
arp_req_broad = broadcast / arp_request
answered_l = srp(arp_req_broad, timeout=1, verbose=False)[0]
client_l = []
for element in answered_l:
client_d = {"ip": element[1].psrc,"mac": element[1].hwsrc}
client_l.append(client_d)
return client_l
def scan(ip):
arp = ARP(pdst=ip)
ether = Ether(dst='ff:ff:ff:ff:ff:ff')
pkt = ether / arp
res = srp(pkt, timeout=3, verbose=False)[0]
clients = []
for sent, recv in res:
clients.append({
'ip': recv.psrc,
'mac': recv.hwsrc,
'vendor': manf(recv.hwsrc)
})
return clients
def scan(ip): # Función que dado una IP o un rango de IP escanea una subred
# Creamos un objeto ARP con la dirección IP objetivo
arp_request = scapy.ARP(pdst=ip)
# Lo vamos a enviar por broadcast, por eso ponemos como mac todo 1
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast / arp_request
# scapy.srp() envía el paquete arp_request_broadcast y mete en answered_list las respuestas
# [0] permite listar solo las respuestas
answered_list = scapy.srp(arp_request_broadcast, timeout=1,
verbose=False)[0]
clients_list = []
for element in answered_list:
client_dict = {"ip": element[1].psrc, "mac": element[1].hwsrc}
clients_list.append(client_dict)
return clients_list
def get_ip_mac_pinged(ip):
pinged = True
mac = None
packet = srp(Ether(dst='ff:ff:ff:ff:ff:ff') / ARP(
pdst=ip
) / Padding(
load=
'\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'
),
timeout=2,
verbose=False)
try:
mac = packet[0][0][1].hwsrc.upper()
except IndexError:
mac = None
return (ip, mac, pinged)
def network_scan(network):
'''
Detect the MAC addresses of all the devices connected in
the local network, using ARP protocol, and display them.
Args:
network (str): Network IP address to be evaluated
'''
#Create ARP request
arp_head = ARP(pdst=network)
ether_head = Ether(dst=BROADCAST_MAC)
request = ether_head/arp_head
#Send ARP request and wait for response
responses_list = srp(request, timeout=1)[0]
cprint(' ______________________________________', 'red')
cprint("|", 'red', end='')
cprint(" {:^15} ".format('IP address'), 'blue', 'on_green', end='')
cprint("|", 'red', end='')
cprint(" {:^18} ".format('MAC address'), 'blue', 'on_yellow', end='')
cprint("|", 'red')
#Check all the responses for sent packets
for response in responses_list:
#response[0]= packet sent
#response[1]= response
#print(response.show()) to see all fields of the response packet
cprint("|", 'red', end='')
cprint(" {:^15} ".format(response[1].psrc), 'green', end='')
cprint("|", 'red',end='')
cprint(" {:^18} ".format(response[1].hwsrc), 'yellow', end='')
cprint("|", 'red')
cprint('|_________________|____________________|', 'red', end='\n\n')
"""
scapy -H
"""
# ether = Ether(type=0x0806)
ether = Ether(type=ETH_P_ARP)
ether.show()
arp = Ether() / ARP()
arp.show()
# ----------------------------------------------------------------------
# ARP Ping 在本地以太网络上最快速地发现主机的方法
answer, unanswer = srp(Ether(dst="ff:ff:ff:ff:ff:ff") /
ARP(pdst="192.168.0.0/24"),
timeout=2)
answer.summary(lambda s, r: r.sprintf("%Ether.src% %ARP.psrc%"))
# 以上两个命令相当于
arping("192.168.0.*", timeout=2)
# ----------------------------------------------------------------------
# ARP 缓存投毒 这种攻击可以通过 VLAN 跳跃攻击投毒 ARP 缓存,使得其他客户端无法加入真正的网关地址。
# 经典的 ARP 缓存投毒:
arp = Ether(dst="9c:bc:f0:12:3d:4d") / ARP(
op="who-has", psrc="192.168.0.1", pdst="192.168.0.101")
arp.show()
from scapy.layers.l2 import Ether, ARP, srp
import scapy.packet
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst="192.168.1.0/24"),
timeout=2)
ans.summary(lambda sr: sr[1].sprintf("%Ether.src% %ARP.psrc%"))
def get_mac_address(ip):
arp_request = ARP(pdst=ip)
broadcast = Ether(dst="ff:ff:ff:ff:ff:ff")
arp_broadcast_request = broadcast / arp_request
valid_list = srp(arp_broadcast_request, verbose=False, timeout=10)[0]
return valid_list[0][1].hwsrc