ARP responder using Python / scapy

arp_responder.py

#!/usr/bin/env python3
#
# Spoof ARP responses for list of IP Addresses / Networks
# Listens for ARP and responds with own MAC if the target is in list
#
# Allows routing of IP Addresses / subnets to a bridged VM network
# without access to the router config.
#
# Requires scapy (python3-scapy)
# https://scapy.readthedocs.io/en/latest/installation.html
#

from __future__ import print_function

from ipaddress import IPv4Network, IPv4Address

from scapy.all import get_if_hwaddr, ARP, Ether, sendp, sniff

SPOOF_TARGETS = [
    IPv4Network("172.16.128.0/21")
]

# Use MAC address of this machine as source. If not eth0, change this:
myMAC = get_if_hwaddr('brupstream')

def is_target(ip_addr):
    addr = IPv4Address(ip_addr)

    if addr in SPOOF_TARGETS:
        return True

    for target in SPOOF_TARGETS:
        if type(target) is IPv4Network:
            if addr in target:
                return True

    return False

# https://scapy.readthedocs.io/en/latest/api/scapy.layers.l2.html#scapy.layers.l2.ARP
def handle_packet(packet):
    if packet[ARP].op == ARP.who_has:
        # print("Someone is asking about " + packet.pdst)
        # print(repr(packet))

        if is_target(packet.pdst):
            print("Sending ARP response for " + packet.pdst)

            reply = Ether(dst=packet.hwsrc, src=myMAC)
            reply /= ARP(op=ARP.is_at, hwsrc=myMAC, psrc=packet.pdst, hwdst=packet.hwsrc, pdst=packet.psrc)

            print(repr(reply))

            sendp(reply)

    return

# Sniff for ARP packets. Run handle_packet() on each one
sniff(filter="arp", prn=handle_packet, store=0)