利用Python实现ARP欺骗检测工具
from scapy.all import * import sys import optparse import termcolor class ARPSpoofDetector: def __init__(self): self.interface = self.get_params() def get_params(self): parser = optparse.OptionParser('Usage: < Program > -i interface') parser.add_option('-i', '--interface', dest='interface', type='string', help='Specify interface to listen') options, args = parser.parse_args() if options.interface is None: print(parser.usage) sys.exit() return options.interface def get_mac_address(self, ip): try: packet = Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(pdst=ip, op=1) ans,unans = srp(packet, timeout=2, verbose=False) if ans: mac_address = ans.res[0][1].hwsrc return mac_address else: return None except Exception as e: print(e) sys.exit(0) def packet_handler(self,pkt): if pkt.haslayer(ARP) and pkt.getlayer(ARP).op == 2: sender_real_mac = self.get_mac_address(pkt.getlayer(ARP).psrc) captured_mac = pkt.getlayer(ARP).hwsrc if sender_real_mac != captured_mac: print(termcolor.colored("[-] Under attack", 'red')) def run(self): try: sniff(iface=self.interface, prn=self.packet_handler, store=False) except KeyboardInterrupt: print("[-] Exit program now") sys.exit() except Exception as e: print(e) sys.exit() if __name__ == '__main__': arpspoofdetect = ARPSpoofDetector() arpspoofdetect.run()
STRIVE FOR PROGRESS,NOT FOR PERFECTION
