Exemplo n.º 1
0
    def __init__(self):
        from base import Base
        from network import Ethernet_raw, ARP_raw

        self.base = Base()
        self.eth = Ethernet_raw()
        self.arp = ARP_raw()
        self.rawSocket = socket(AF_PACKET, SOCK_RAW, htons(0x0003))
        self.results = []
        self.unique_results = []
        self.mac_addresses = []

        self.mac_prefixes_file = utils_path + "mac-prefixes.txt"
        self.vendor_list = []

        self.retry_number = 3
        self.timeout = 0
Exemplo n.º 2
0
from base import Base
from argparse import ArgumentParser
from socket import socket, AF_PACKET, SOCK_RAW, htons
from tm import ThreadManager
from ipaddress import IPv4Address
from network import ARP_raw
from time import sleep
from arp_scan import ArpScan
# endregion

# region Check user, platform and create threads
Base = Base()
Base.check_user()
Base.check_platform()
arp = ARP_raw()
# endregion

# region Parse script arguments
parser = ArgumentParser(description='ARP spoofing')

parser.add_argument('-i', '--interface', help='Set interface name for send ARP packets')
parser.add_argument('-t', '--target_ip', help='Set client IP address', default=None)
parser.add_argument('-g', '--gateway_ip', help='Set gateway IP address', default=None)
parser.add_argument('-r', '--requests', action='store_true', help='Send only ARP requests')
parser.add_argument('-q', '--quiet', action='store_true', help='Minimal output')

args = parser.parse_args()
# endregion

# region Print banner if argument quit is not set
Exemplo n.º 3
0
# Kill the processes that listens on 53, 68, 547 UDP port, 80 and 443 TCP ports
Base.kill_process_by_listen_port(53, 'udp')
Base.kill_process_by_listen_port(68, 'udp')
Base.kill_process_by_listen_port(547, 'udp')
Base.kill_process_by_listen_port(80, 'tcp')
Base.kill_process_by_listen_port(443, 'tcp')

# Exit
if args.kill:
    exit(0)

# endregion

# region Set global variables
raw_socket = None
arp = ARP_raw()

deauth_network_interface = None

apple_devices = []
apple_device = []
localnet_ip_addresses = []
ip_pattern = re.compile("^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$")
target_ip = None
new_ip = None

bssid = None
essid = None
channel = None
freq = None
Exemplo n.º 4
0
parser.add_argument('-t', '--target_mac', type=str, help='Set target client mac address')
parser.add_argument('-T', '--target_ip', type=str, required=True, help='Set target client ip address (required)')
parser.add_argument('-s', '--sender_mac', type=str, help='Set sender mac address, if not set use random mac')
parser.add_argument('-S', '--sender_ip', type=str, required=True, help='Set sender IP address (required)')

args = parser.parse_args()
# endregion

# region Set global variables
current_network_interface = None
sender_mac_address = None
target_mac_address = None

eth = Ethernet_raw()
arp = ARP_raw()
# endregion

# region Get your network settings
if args.interface is None:
    Base.print_warning("Please set a network interface for send ARP reply packets ...")
current_network_interface = Base.netiface_selection(args.interface)

your_mac_address = Base.get_netiface_mac_address(current_network_interface)
if your_mac_address is None:
    Base.print_error("Network interface: ", current_network_interface, " do not have MAC address!")
    exit(1)
# endregion

# region Set target and sender MAC address
if args.target_mac is None:
Exemplo n.º 5
0
parser.add_argument('-T',
                    '--target_ip',
                    type=str,
                    help='Set target MAC address',
                    default=None)
parser.add_argument('-q',
                    '--quiet',
                    action='store_true',
                    help='Minimal output')

args = parser.parse_args()

if not args.quiet:
    Base.print_banner()

_arp = ARP_raw()
_number_of_packets = int(args.packets)
_current_number_of_packets = 0

_current_network_interface = ""
if args.interface is None:
    _current_network_interface = Base.netiface_selection()
else:
    _current_network_interface = args.interface

_current_mac_address = Base.get_netiface_mac_address(
    _current_network_interface)
if _current_mac_address is None:
    print "This network interface does not have mac address!"
    exit(1)
Exemplo n.º 6
0
parser.add_argument('-q',
                    '--quiet',
                    action='store_true',
                    help='Minimal output')

args = parser.parse_args()
# endregion

# region Print banner if argument quit is not set
if not args.quiet:
    Base.print_banner()
# endregion

# region Set global variables
eth = Ethernet_raw()
arp = ARP_raw()
ip = IP_raw()
udp = UDP_raw()
dhcp = DHCP_raw()

target_mac_address = str(args.target_mac).lower()
target_ip_address = str(args.target_ip)
transaction_id_global = 0
requested_ip = None
print_possible_mitm = False
print_success_mitm = False
# endregion

# region Get your network settings
if args.interface is None:
    Base.print_warning(
Exemplo n.º 7
0
class ArpScan:

    # region Set variables
    base = None
    eth = None
    arp = None

    rawSocket = None

    network_interface = None
    your_mac_address = None
    your_ip_address = None
    target_ip_address = None

    results = None
    unique_results = None

    mac_addresses = None

    mac_prefixes_file = None
    vendor_list = None

    retry_number = 0
    timeout = 0

    # endregion

    # region Init
    def __init__(self):
        from base import Base
        from network import Ethernet_raw, ARP_raw

        self.base = Base()
        self.eth = Ethernet_raw()
        self.arp = ARP_raw()
        self.rawSocket = socket(AF_PACKET, SOCK_RAW, htons(0x0003))
        self.results = []
        self.unique_results = []
        self.mac_addresses = []

        self.mac_prefixes_file = utils_path + "mac-prefixes.txt"
        self.vendor_list = []

        self.retry_number = 3
        self.timeout = 0

    # endregion

    # region Sniffer
    def sniff(self):
        while True:
            packets = self.rawSocket.recvfrom(2048)

            for packet in packets:

                # Parse Ethernet header
                ethernet_header = packet[0:14]
                ethernet_header_dict = self.eth.parse_header(ethernet_header)

                # Success parse Ethernet header
                if ethernet_header_dict is not None:

                    # 2054 - Type of ARP packet (0x0806)
                    if ethernet_header_dict['type'] == 2054:

                        # Destination MAC address is your MAC address
                        if ethernet_header_dict[
                                'destination'] == self.your_mac_address:

                            # Parse ARP packet
                            arp_header = packet[14:42]
                            arp_header_dict = self.arp.parse_packet(arp_header)

                            # Success parse ARP packet
                            if arp_header_dict is not None:

                                # ARP opcode == 2 (2 - ARP reply)
                                if arp_header_dict['opcode'] == 2:

                                    # ARP target MAC address is your MAC address
                                    if arp_header_dict[
                                            'target-mac'] == self.your_mac_address:

                                        # ARP target IP address is your IP address
                                        if arp_header_dict[
                                                'target-ip'] == self.your_ip_address:

                                            # Parameter Target IP address is None
                                            if self.target_ip_address is None:
                                                self.results.append({
                                                    "mac-address":
                                                    arp_header_dict[
                                                        'sender-mac'],
                                                    "ip-address":
                                                    arp_header_dict[
                                                        'sender-ip']
                                                })

                                            # Parameter Target IP address is Set
                                            else:
                                                if arp_header_dict[
                                                        'sender-ip'] == self.target_ip_address:
                                                    self.results.append({
                                                        "mac-address":
                                                        arp_header_dict[
                                                            'sender-mac'],
                                                        "ip-address":
                                                        arp_header_dict[
                                                            'sender-ip']
                                                    })

    # endregion

    # region Sender
    def send(self):
        arp_requests = []

        self.your_mac_address = self.base.get_netiface_mac_address(
            self.network_interface)
        self.your_ip_address = self.base.get_netiface_ip_address(
            self.network_interface)

        first_ip_address = str(
            IPv4Address(
                unicode(self.base.get_netiface_first_ip(
                    self.network_interface))) - 1)
        last_ip_address = str(
            IPv4Address(
                unicode(self.base.get_netiface_last_ip(
                    self.network_interface))) + 1)

        if self.target_ip_address is not None:
            if self.base.ip_address_in_range(self.target_ip_address,
                                             first_ip_address,
                                             last_ip_address):
                first_ip_address = self.target_ip_address
                last_ip_address = self.target_ip_address
            else:
                self.base.print_error(
                    "Bad target IP address: ", self.target_ip_address,
                    "; Target IP address must be in range: ",
                    first_ip_address + " - " + last_ip_address)
                exit(1)

        index = 0
        while True:
            current_ip_address = str(
                IPv4Address(unicode(first_ip_address)) + index)
            index += 1

            if IPv4Address(unicode(current_ip_address)) > IPv4Address(
                    unicode(last_ip_address)):
                break
            else:
                arp_request = self.arp.make_request(
                    ethernet_src_mac=self.your_mac_address,
                    ethernet_dst_mac="ff:ff:ff:ff:ff:ff",
                    sender_mac=self.your_mac_address,
                    sender_ip=self.your_ip_address,
                    target_mac="00:00:00:00:00:00",
                    target_ip=current_ip_address)
                arp_requests.append(arp_request)

        send_socket = socket(AF_PACKET, SOCK_RAW)
        send_socket.bind((self.network_interface, 0))

        for arp_request in arp_requests:
            if self.retry_number > 0:
                for i in range(self.retry_number):
                    send_socket.send(arp_request)
            else:
                send_socket.send(arp_request)

        send_socket.close()

    # endregion

    # region Scanner
    def scan(self,
             network_interface,
             timeout=3,
             retry=3,
             target_ip_address=None,
             check_vendor=True):

        # region Set variables
        self.target_ip_address = target_ip_address
        self.network_interface = network_interface
        self.timeout = int(timeout)
        self.retry_number = int(retry)
        # endregion

        # region Run sniffer
        tm = ThreadManager(2)
        tm.add_task(self.sniff)
        # endregion

        # region Run sender
        self.send()
        # endregion

        # region Create vendor list
        if check_vendor:
            with open(self.mac_prefixes_file, 'r') as mac_prefixes_descriptor:
                for string in mac_prefixes_descriptor.readlines():
                    string_list = string.split(" ", 1)
                    self.vendor_list.append({
                        "prefix": string_list[0],
                        "vendor": string_list[1][:-1]
                    })
        # endregion

        # region Wait
        sleep(self.timeout)
        # endregion

        # region Unique results
        for index in range(len(self.results)):
            if self.results[index]['mac-address'] not in self.mac_addresses:
                self.unique_results.append(self.results[index])
                self.mac_addresses.append(self.results[index]['mac-address'])
        # endregion

        # region Reset results and mac addresses list
        self.results = []
        self.mac_addresses = []
        # endregion

        # region Get vendors
        for result_index in range(len(self.unique_results)):

            # Get current MAC address prefix
            current_mac_prefix = self.eth.get_mac_prefix(
                self.unique_results[result_index]['mac-address'])

            # Search this prefix in vendor list
            for vendor_index in range(len(self.vendor_list)):
                if current_mac_prefix == self.vendor_list[vendor_index][
                        'prefix']:
                    self.unique_results[result_index][
                        'vendor'] = self.vendor_list[vendor_index]['vendor']
                    break

            # Could not find this prefix in vendor list
            if 'vendor' not in self.unique_results[result_index].keys():
                self.unique_results[result_index]['vendor'] = "Unknown vendor"

        # endregion

        # region Return results
        return self.unique_results
        # endregion

    # endregion

    # region Get MAC address
    def get_mac_address(self,
                        network_interface,
                        target_ip_address,
                        timeout=5,
                        retry=5):
        try:

            # region Set variables
            self.target_ip_address = target_ip_address
            self.network_interface = network_interface
            self.timeout = int(timeout)
            self.retry_number = int(retry)
            # endregion

            # region Run sniffer
            tm = ThreadManager(2)
            tm.add_task(self.sniff)
            # endregion

            # region Run sender
            self.send()
            # endregion

            # region Wait
            sleep(self.timeout)
            # endregion

            # region Return
            if 'mac-address' in self.results[0].keys():
                return self.results[0]['mac-address']
            else:
                return "ff:ff:ff:ff:ff:ff"
            # endregion

        except IndexError:
            return "ff:ff:ff:ff:ff:ff"

        except KeyboardInterrupt:
            self.base.print_info("Exit")
            exit(0)
Exemplo n.º 8
0
                    default=10)
parser.add_argument('-q',
                    '--quiet',
                    action='store_true',
                    help='Minimal output')

args = parser.parse_args()
# endregion

# region Print banner
if not args.quiet:
    Base.print_banner()
# endregion

# region Global variables
_arp = ARP_raw()
_arp_request = ""
_arp_response = ""
_number_of_packets = int(args.packets)
_current_number_of_packets = 0
_current_network_interface = ""
_make_conflict = True
# endregion

# region Network interface selection and create global socket
if args.interface is None:
    _current_network_interface = Base.netiface_selection()
else:
    _current_network_interface = args.interface

_sock = socket(AF_PACKET, SOCK_RAW)