def __init__(self):
self.base = Base()
self.eth = Ethernet_raw()
self.arp = ARP_raw()
self.rawSocket = socket(AF_PACKET, SOCK_RAW, htons(0x0003))
self.results = []
self.unique_results = []
self.mac_addresses = []
self.mac_prefixes_file = "mac-prefixes.txt"
self.vendor_list = []
self.retry_number = 3
self.timeout = 0
parser.add_argument('-S',
'--sender_ip',
type=str,
required=True,
help='Set sender IP address (required)')
args = parser.parse_args()
# endregion
# region Set global variables
current_network_interface = None
sender_mac_address = None
target_mac_address = None
eth = Ethernet_raw()
arp = ARP_raw()
# endregion
# region Get your network settings
if args.interface is None:
Base.print_warning(
"Please set a network interface for send ARP reply packets ...")
current_network_interface = Base.netiface_selection(args.interface)
your_mac_address = Base.get_netiface_mac_address(current_network_interface)
if your_mac_address is None:
Base.print_error("Network interface: ", current_network_interface,
" does not have MAC address!")
exit(1)
# endregion
parser.add_argument('-a', '--src_ip', type=str, help='Set src ip address (not required)', default=None)
parser.add_argument('-p', '--src_port', type=int, help='Set src port (not required)', default=None)
parser.add_argument('-M', '--target_mac', type=str, help='Set dst mac address (not required)', default=None)
parser.add_argument('-A', '--target_ip', type=str, required=True, help='Set target IP address')
parser.add_argument('-P', '--target_port', type=int, required=True, help='Set target port')
parser.add_argument('-d', '--data', type=str, help='Set TCP payload data (default="GET / HTTP/1.1\\r\\n\\r\\n")',
default="GET / HTTP/1.0\r\n\r\n")
args = parser.parse_args()
ip = IP_raw()
tcp = TCP_raw()
eth = Ethernet_raw()
arp = ARP_raw()
if args.interface is None:
current_network_interface = Base.netiface_selection()
else:
current_network_interface = args.interface
if args.src_mac is None:
src_mac_address = Base.get_netiface_mac_address(current_network_interface)
else:
src_mac_address = args.src_mac
if args.src_ip is None:
src_ip_address = Base.get_netiface_ip_address(current_network_interface)
else:
src_ip_address = args.src_ip
from raw_packet.Scanners.arp_scanner import ArpScan # endregion # region Import libraries from argparse import ArgumentParser from socket import socket, AF_PACKET, SOCK_RAW from ipaddress import IPv4Address from time import sleep from prettytable import PrettyTable # endregion # region Check user, platform and create threads Base = Base() Base.check_user() Base.check_platform() arp = ARP_raw() # endregion # endregion # region Authorship information __author__ = 'Vladimir Ivanov' __copyright__ = 'Copyright 2019, Raw-packet Project' __credits__ = [''] __license__ = 'MIT' __version__ = '0.0.4' __maintainer__ = 'Vladimir Ivanov' __email__ = '*****@*****.**' __status__ = 'Production' # endregion
class ArpScan:
# region Set variables
base = None
eth = None
arp = None
rawSocket = None
network_interface = None
your_mac_address = None
your_ip_address = None
target_ip_address = None
results = None
unique_results = None
mac_addresses = None
mac_prefixes_file = None
vendor_list = None
retry_number = 0
timeout = 0
# endregion
# region Init
def __init__(self):
self.base = Base()
self.eth = Ethernet_raw()
self.arp = ARP_raw()
self.rawSocket = socket(AF_PACKET, SOCK_RAW, htons(0x0003))
self.results = []
self.unique_results = []
self.mac_addresses = []
self.mac_prefixes_file = "mac-prefixes.txt"
self.vendor_list = []
self.retry_number = 3
self.timeout = 0
# endregion
# region Sniffer
def sniff(self):
while True:
packets = self.rawSocket.recvfrom(2048)
for packet in packets:
# Parse Ethernet header
ethernet_header = packet[0:14]
ethernet_header_dict = self.eth.parse_header(ethernet_header)
# Success parse Ethernet header
if ethernet_header_dict is not None:
# 2054 - Type of ARP packet (0x0806)
if ethernet_header_dict['type'] == 2054:
# Destination MAC address is your MAC address
if ethernet_header_dict['destination'] == self.your_mac_address:
# Parse ARP packet
arp_header = packet[14:42]
arp_header_dict = self.arp.parse_packet(arp_header)
# Success parse ARP packet
if arp_header_dict is not None:
# ARP opcode == 2 (2 - ARP reply)
if arp_header_dict['opcode'] == 2:
# ARP target MAC address is your MAC address
if arp_header_dict['target-mac'] == self.your_mac_address:
# ARP target IP address is your IP address
if arp_header_dict['target-ip'] == self.your_ip_address:
# Parameter Target IP address is None
if self.target_ip_address is None:
self.results.append({
"mac-address": arp_header_dict['sender-mac'],
"ip-address": arp_header_dict['sender-ip']
})
# Parameter Target IP address is Set
else:
if arp_header_dict['sender-ip'] == self.target_ip_address:
self.results.append({
"mac-address": arp_header_dict['sender-mac'],
"ip-address": arp_header_dict['sender-ip']
})
# endregion
# region Sender
def send(self):
arp_requests = []
self.your_mac_address = self.base.get_netiface_mac_address(self.network_interface)
self.your_ip_address = self.base.get_netiface_ip_address(self.network_interface)
first_ip_address = str(IPv4Address(unicode(self.base.get_netiface_first_ip(self.network_interface))) - 1)
last_ip_address = str(IPv4Address(unicode(self.base.get_netiface_last_ip(self.network_interface))) + 1)
if self.target_ip_address is not None:
if self.base.ip_address_in_range(self.target_ip_address, first_ip_address, last_ip_address):
first_ip_address = self.target_ip_address
last_ip_address = self.target_ip_address
else:
self.base.print_error("Bad target IP address: ", self.target_ip_address,
"; Target IP address must be in range: ",
first_ip_address + " - " + last_ip_address)
exit(1)
index = 0
while True:
current_ip_address = str(IPv4Address(unicode(first_ip_address)) + index)
index += 1
if IPv4Address(unicode(current_ip_address)) > IPv4Address(unicode(last_ip_address)):
break
else:
arp_request = self.arp.make_request(ethernet_src_mac=self.your_mac_address,
ethernet_dst_mac="ff:ff:ff:ff:ff:ff",
sender_mac=self.your_mac_address,
sender_ip=self.your_ip_address,
target_mac="00:00:00:00:00:00",
target_ip=current_ip_address)
arp_requests.append(arp_request)
send_socket = socket(AF_PACKET, SOCK_RAW)
send_socket.bind((self.network_interface, 0))
number_of_requests = len(arp_requests) * int(self.retry_number)
index_of_request = 0
percent_complete = 0
for _ in range(int(self.retry_number)):
for arp_request in arp_requests:
send_socket.send(arp_request)
index_of_request += 1
new_percent_complete = int(float(index_of_request)/float(number_of_requests) * 100)
if new_percent_complete > percent_complete:
stdout.write('\r')
stdout.write(self.base.c_info + 'Scan percentage: ' +
self.base.cINFO + str(new_percent_complete) + '%' + self.base.cEND)
stdout.flush()
sleep(0.01)
percent_complete = new_percent_complete
stdout.write('\n')
send_socket.close()
# endregion
# region Scanner
def scan(self, network_interface, timeout=3, retry=3, target_ip_address=None, check_vendor=True,
exclude_ip_address=None):
# region Set variables
self.target_ip_address = target_ip_address
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
# endregion
# region Run sniffer
tm = ThreadManager(2)
tm.add_task(self.sniff)
# endregion
# region Run sender
self.send()
# endregion
# region Create vendor list
if check_vendor:
self.vendor_list = self.base.get_mac_prefixes()
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Unique results
for index in range(len(self.results)):
if self.results[index]['mac-address'] not in self.mac_addresses:
self.unique_results.append(self.results[index])
self.mac_addresses.append(self.results[index]['mac-address'])
# endregion
# region Reset results and mac addresses list
self.results = []
self.mac_addresses = []
# endregion
# region Exclude IP address
if exclude_ip_address is not None:
self.results = self.unique_results
self.unique_results = []
for index in range(len(self.results)):
if self.results[index]['ip-address'] != exclude_ip_address:
self.unique_results.append(self.results[index])
self.results = []
# endregion
# region Get vendors
for result_index in range(len(self.unique_results)):
# Get current MAC address prefix
current_mac_prefix = self.eth.get_mac_prefix(self.unique_results[result_index]['mac-address'])
# Search this prefix in vendor list
for vendor_index in range(len(self.vendor_list)):
if current_mac_prefix == self.vendor_list[vendor_index]['prefix']:
self.unique_results[result_index]['vendor'] = self.vendor_list[vendor_index]['vendor']
break
# Could not find this prefix in vendor list
if 'vendor' not in self.unique_results[result_index].keys():
self.unique_results[result_index]['vendor'] = "Unknown vendor"
# endregion
# region Return results
return self.unique_results
# endregion
# endregion
# region Get MAC address
def get_mac_address(self, network_interface, target_ip_address, timeout=5, retry=5):
try:
# region Set variables
self.target_ip_address = target_ip_address
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
# endregion
# region Run sniffer
tm = ThreadManager(2)
tm.add_task(self.sniff)
# endregion
# region Run sender
self.send()
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Return
if 'mac-address' in self.results[0].keys():
return self.results[0]['mac-address']
else:
return "ff:ff:ff:ff:ff:ff"
# endregion
except IndexError:
return "ff:ff:ff:ff:ff:ff"
except KeyboardInterrupt:
self.base.print_info("Exit")
exit(0)
parser.add_argument('-i', '--interface', help='Set interface name for send DHCP reply packets')
parser.add_argument('-t', '--target_mac', help='Set target MAC address, required!', required=True)
parser.add_argument('-I', '--target_ip', help='Set client IP address, required!', required=True)
parser.add_argument('-q', '--quiet', action='store_true', help='Minimal output')
args = parser.parse_args()
# endregion
# region Print banner if argument quit is not set
if not args.quiet:
Base.print_banner()
# endregion
# region Set global variables
eth = Ethernet_raw()
arp = ARP_raw()
ip = IP_raw()
udp = UDP_raw()
dhcp = DHCP_raw()
target_mac_address = str(args.target_mac).lower()
target_ip_address = str(args.target_ip)
transaction_id_global = 0
requested_ip = None
print_possible_mitm = False
print_success_mitm = False
# endregion
# region Get your network settings
if args.interface is None:
Base.print_warning("Please set a network interface for sniffing ARP and DHCP requests ...")
parser.add_argument('--requests', action='store_true', help='Send only ARP requests')
parser.add_argument('--broadcast', action='store_true', help='Send broadcast ARP requests')
parser.add_argument('-p', '--packets', type=int, help='Number of ARP packets (default: 10)', default=10)
parser.add_argument('-q', '--quiet', action='store_true', help='Minimal output')
parser.add_argument('-e', '--exit', action='store_true', help='Exit on success')
args = parser.parse_args()
# endregion
# region Print banner
if not args.quiet:
Base.print_banner()
# endregion
# region Global variables
_arp = ARP_raw()
_arp_request = ""
_arp_response = ""
_number_of_packets = int(args.packets)
_current_number_of_packets = 0
_current_network_interface = ""
_make_conflict = True
# endregion
# region Network interface selection and create global socket
if args.interface is None:
_current_network_interface = Base.netiface_selection()
else:
_current_network_interface = args.interface
_sock = socket(AF_PACKET, SOCK_RAW)