API tools faq
paste
Advertisement
opexxx

marco.py

opexxx
May 27th, 2014
313
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.10 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2.  
  3. # marco.py
  4. #  Sends arp requests to the entire network range searching for the first response.
  5. #  Creates a second thread to monitor for responses to allow the sending thread to just spew packets.
  6. #  The whole point is to find a valid IP when on a completely quiet network segment without DHCP
  7. #  or any other means to find a valid address.  
  8. #  I couldn't seem to figure out how to get nmap to do an arp sweep on a network range that I didn't have
  9. #  an IP/interface associated with.  
  10. # Requires:
  11. #  ipaddr (http://code.google.com/p/ipaddr-py/) and of course scapy (http://www.secdev.org/projects/scapy/)
  12.  
  13. import ipaddr
  14. import sys
  15. import logging
  16. import getopt
  17. import time
  18.  
  19. from scapy import *
  20. from threading import Thread
  21.  
  22. class ArpMonitorThread(Thread):
  23.     def __init__(self, map):
  24.         Thread.__init__(self)
  25.         self.map = map
  26.         self.found = []
  27.  
  28.     def arp_callback(self, pkt):
  29.         if pkt[ARP].op == 2:
  30.             if pkt[ARP].psrc not in self.found:
  31.                 print pkt[ARP].sprintf("%psrc% (%hwsrc%)")
  32.                 self.found.append(pkt[ARP].psrc)
  33.  
  34.             if self.map == False:
  35.                 sys.exit(0)
  36.  
  37.     def run(self):
  38.         sniff(filter='(arp) and (not ether dst host ff:ff:ff:ff:ff:ff)', store=0, prn=self.arp_callback)
  39.  
  40. def usage():
  41.     print "python marco.py [-i <iface>] [-n <network/range>] [-t <timeout>] " + \
  42.             "[-s <saddr>] [-c <count>] [-d <subnet-diff>] [-b] [-g] [-m] [-h]"
  43.     print "\tiface: network interface to send and listen on. (default: lo)"
  44.     print "\tnetwork/range: network to scan in CIDR notation. (default: 127.0.0.1)"
  45.     print "\ttimeout: how long to wait for responses after sending. (default: 0)"
  46.     print "\tsaddr: source address to originate the arp packets from. (default: 1.1.1.1)"
  47.     print "\tcount: number of times to send the packets (default: 1)"
  48.     print "\tsubnet-diff: The number of bits to use to split the subnet up. (default: 0)"
  49.     print "\t\tFor a /24, 1 would split into two /25s, 2 into four /26s, etc. "
  50.     print "\t\tRequired with either -b or -g"
  51.     print "\t-m: Find all hosts on the network not just the first response (default: disabled)"
  52.     print "\t-b: Broadcast addresses only by splitting into subnets (default: disabled)"
  53.     print "\t-b: Gateways only (assumed the first IP of the range) (default: disabled)"
  54.     sys.exit(0)
  55.  
  56. # Defaults
  57. network = '127.0.0.1'
  58. saddr = '1.1.1.1'
  59. iface = 'lo'
  60. diff = 0
  61. count = 1
  62. map = False
  63. gateways = False
  64. broadcasts = False
  65. timeout = 0
  66.  
  67. # Parse our arguments
  68. try:
  69.     opts, args = getopt.gnu_getopt(sys.argv[1:], 'i:n:t:s:c:d:bghm', \
  70.         ['interface=', 'network=', 'timeout=', 'saddr=', 'count=', 'subnet-diff='])
  71. except getopt.GetoptError, err:
  72.     usage()
  73.    
  74. for o, a in opts:
  75.     if o in ('-i', '--interface') :
  76.         iface = a
  77.     elif o in ('-n', '--network'):
  78.         network = a
  79.     elif o in ('-t', '--timeout'):
  80.         timeout = int(a)
  81.     elif o in ('-s', '--saddr'):
  82.         saddr = a
  83.     elif o in ('-c', '--count'):
  84.         count = (int(a) if (int(a) > 0) else 1)
  85.     elif o in ('-d', '--subnet-diff'):
  86.         diff = (int(a) if (int(a) > 0) else 0)
  87.     elif o in ('-b', '--broadcast-only'):
  88.         broadcasts = True
  89.     elif o in ('-g' '--gateway-only'):
  90.         gateways = True
  91.     elif o == '-m':
  92.         map = True
  93.     else:
  94.         usage()
  95.  
  96. # Start the response monitor first
  97. ArpMonitorThread(map).start()
  98.  
  99. # Create our packet list
  100. pkts = []
  101.  
  102. # Do we split the address space up?
  103. if diff > 0:
  104.     subnets = ipaddr.IPv4(network).Subnet(diff)
  105. else:
  106.     subnets = [ipaddr.IPv4(network)]
  107.  
  108. # Create our packets   
  109. for subnet in subnets:
  110.  
  111.     # Do we split and just send to the broadcasts/gateways?    
  112.     if broadcasts or gateways:
  113.  
  114.         # Broacast only
  115.         if broadcasts:
  116.             pkts.append(Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(psrc=saddr, pdst=subnet.broadcast_ext))
  117.  
  118.         # Gateways only
  119.         if gateways:
  120.             pkts.append(Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(psrc=saddr, pdst=ipaddr.IPv4(subnet.network + 1).ip_ext))
  121.     else:
  122.         # Add all of the ips in the range
  123.         for ip in subnet:
  124.             pkts.append(Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(psrc=saddr, pdst=ip))
  125.  
  126. # Send our packets
  127. for i in range(1, count):
  128.     sendp(pkts, verbose=0, iface=iface)
  129.  
  130. # Sleep to make sure we get everything
  131. time.sleep(timeout)
  132.  
  133. # All packets have been sent
  134. sys.exit(0)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!