API tools faq
paste
Advertisement
TVT618

[Linux] zarp - A Network Attack Tool

TVT618
Mar 3rd, 2018
333
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.31 KB | None | 0 0
raw download clone embed print report
  1. [Linux]
  2. zarp - A Network Attack Tool
  3.  
  4. Introduction
  5. Zarp is a network attack tool centered around the exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once, dumping sensitive information automatically or to the attacker directly. Various sniffers are included to automatically parse usernames and passwords from various protocols, as well as view HTTP traffic and more. DoS attacks are included to knock out various systems and applications. These tools open up the possibility for very complex attack scenarios on live networks quickly, cleanly, and quietly.
  6.  
  7. The long-term goal of zarp is to become the master command center of a network; to provide a modular, well-defined framework that provides a powerful overview and in-depth analysis of an entire network. This will come to light with the future inclusion of a web application front-end, which acts as the television screen, whereas the CLI interface will be the remote. This will provide network topology reports, host relationships, and more. zarp aims to be your window into the potential exploitability of a network and its hosts, not an exploitation platform itself; it is the manipulation of relationships and trust felt within local intranets. Look for zeb, the web-app frontend to zarp, sometime in the future.
  8.  
  9. Current version: 1.5 Current dev version: 1.6
  10.  
  11. Installation
  12. zarp is intended to be as dependency-free as possible. When available, zarp has opted to use pure or native Python implementations over requiring or importing huge libraries. Even as such, zarp requires the following to run:
  13. * Linux
  14. * Python 2.7.x
  15. * Scapy (packaged with zarp)
  16.  
  17. It is also recommended that user's have the following installed for access to specific modules:
  18. * airmon-ng suite (for all your wireless cracking needs)
  19. * tcpdump
  20. * libmproxy (packaged with zarp)
  21. * paramiko (SSH service)
  22. * nfqueue-bindings (packet modifier)
  23.  
  24. Enter the following commands on Terminal to download and install zarp:
  25. git clone git://github.com/hatRiot/zarp (Download zarp)
  26. cd zarp
  27. pip install -r requirements.txt (Install the required modules)
  28. python zarp.py --help (To see help menu)
  29.  
  30. If you want update zarp, enter this command: sudo python zarp.py --update
  31.  
  32. Scapy comes packaged with Zarp and no installation is required. Wifite is used for wireless AP cracking; a specific version (ballast-dev branch) is required. This comes packaged with zarp. There are some dependencies required for Scapy, but most should be pretty easy to install or already be installed.
  33.  
  34. Tool Overview: Broad categories are (see wiki for more information on these):
  35. * Poisoners
  36. * Denial of Service
  37. * Sniffers
  38. * Scanners
  39. * Services
  40. * Parameter
  41. * Attacks
  42.  
  43. CLI Usage and Shortcuts
  44. > help
  45.  
  46. zarp options:
  47. help - This menu
  48. opts - Dump zarp current settings
  49. exit - Exit immediately
  50. bg - Put zarp to background
  51. set [key] [value] - Set key to value
  52.  
  53. zarp module options:
  54. [int] [value] - Set option [int] to value [value]
  55. [int] o - View options for setting
  56. run (r) - Run the selected module
  57. info - Display module information
  58.  
  59. Modules can be navigated to by nesting entries:
  60. bryan@debdev:~/tools/zarp$ sudo ./zarp.py
  61. [!] Loaded 34 modules.
  62. ____ __ ____ ____
  63. (__ ) / _\ ( _ \( _ '
  64. / _/ / \ ) / ) __/
  65. (____)\_/\_/(__\_)(__) [Version: 0.1.5]
  66.  
  67. [1] Poisoners [5] Parameter
  68. [2] DoS Attacks [6] Services
  69. [3] Sniffers [7] Attacks
  70. [4] Scanners [8] Sessions
  71.  
  72. 0) Back
  73. > 6 2
  74. +-----+----------------+----------------------------+------+----------+-
  75. | | Option | Value | Type | Required |
  76. +-----+----------------+----------------------------+------+----------+-
  77. | [1] | Displayed MOTD | b4ll4stS3c FTP Server v1.4 | str | False |
  78. +-----+----------------+----------------------------+------+----------+-
  79. | [2] | Listen port | 21 | int | False |
  80. +-----+----------------+----------------------------+------+----------+-
  81. 0) Back
  82. FTP Server >
  83.  
  84. Nested entries go as far as modules will. Note that right now it's 'dumb' in that, if you enter in a ton of numbers, it's going to continue dumping that out as module selection!
  85.  
  86. Usage Examples
  87. List of modules accessible from the command line:
  88. bryan@debdev:~/tools/zarp$ sudo ./zarp.py --help
  89. [!] Loaded 34 modules.
  90. ____ __ ____ ____
  91. (__ ) / _\ ( _ \( _ '
  92. / _/ / \ ) / ) __/
  93. (____)\_/\_/(__\_)(__) [Version: 0.1.5]
  94.  
  95. usage: zarp.py [-h] [-q FILTER] [--update] [--wap] [--ftp] [--http] [--smb]
  96. [--ssh] [--telnet] [-w] [-s] [--service-scan]
  97.  
  98. optional arguments:
  99. -h, --help show this help message and exit
  100. -q FILTER Generic network sniff
  101. --update Update Zarp
  102.  
  103. Services:
  104. --wap Wireless access point
  105. --ftp FTP server
  106. --http HTTP Server
  107. --smb SMB Service
  108. --ssh SSH Server
  109. --telnet Telnet server
  110.  
  111. Scanners:
  112. -w Wireless AP Scan
  113. -s Network scanner
  114. --service-scan Service scanner
  115. bryan@debdev:~/tools/zarp$
  116.  
  117. Main menu when launched with the command line GUI:
  118.  
  119. bryan@devbox:~/zarp$ sudo ./zarp.py
  120. [!] Loaded 33 modules.
  121. ____ __ ____ ____
  122. (__ ) / _\ ( _ \( _ '
  123. / _/ / \ ) / ) __/
  124. (____)\_/\_/(__\_)(__)
  125. [Version 0.1.4]
  126. [1] Poisoners [5] Parameter
  127. [2] DoS Attacks [6] Services
  128. [3] Sniffers [7] Attacks
  129. [4] Scanners [8] Sessions
  130.  
  131. 0) Back
  132. >
  133.  
  134. Navigating a module is pretty simple, and there are really only a few commands to know. When in the context of a module, the command 'info' can be used to dump a help or informational string:
  135.  
  136. ARP Spoof > info
  137. ---------------------------------------------------------
  138. The heart and soul of zarp. This module exploits the ARP
  139. protocol to redirect all traffic through the attacker's
  140. chosen system.
  141.  
  142. http://en.wikipedia.org/wiki/ARP_poison
  143. ---------------------------------------------------------
  144. +-----+------------------------------------+-------+------+----------+-
  145. | | Option | Value | Type | Required |
  146. +-----+------------------------------------+-------+------+----------+-
  147. | [1] | Interval to send respoofed packets | 2 | int | False |
  148. +-----+------------------------------------+-------+------+----------+-
  149. | [2] | Address to spoof from target | None | ip | True |
  150. +-----+------------------------------------+-------+------+----------+-
  151. | [3] | Target to poison | None | ip | True |
  152. +-----+------------------------------------+-------+------+----------+-
  153. 0) Back
  154. ARP Spoof >
  155. To set an option, give it the option number followed by the value:
  156. ARP Spoof > 2 192.168.1.219
  157.  
  158. f an option supports a choice list, give it the option number followed by the lowercase letter o:
  159.  
  160. HTTP Sniffer > 2 o
  161. [!] Options: ['Site Only', 'Request String', 'Request and Payload', 'Session IDs', 'Custom Regex']
  162. +-----+-----------------------------+--------------+-------+----------+-
  163. | | Option | Value | Type | Required |
  164. +-----+-----------------------------+--------------+-------+----------+-
  165. | [1] | Regex for level 5 verbosity | None | regex | False |
  166. +-----+-----------------------------+--------------+-------+----------+-
  167. | [2] | Output verbosity | 1 | int | False |
  168. +-----+-----------------------------+--------------+-------+----------+-
  169. | [3] | Address to sniff from | 192.168.1.97 | ip | False |
  170. +-----+-----------------------------+--------------+-------+----------+-
  171. 0) Back
  172. HTTP Sniffer >
  173.  
  174. Modules, once all required options are set, can be run by specifying a lowercase '''r'''.
  175.  
  176. Future/Current Development
  177. Moved to freedcamp; please send me an email if you'd like to contribute.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!