diff --git a/examples/Detectors/ARP-SpoofDetector.py b/examples/Detectors/ARP-SpoofDetector.py new file mode 100644 index 0000000..2acd221 --- /dev/null +++ b/examples/Detectors/ARP-SpoofDetector.py @@ -0,0 +1,13 @@ +from argparse import ArgumentParser +from pyhtools.detectors.arp_spoof_detector import SpoofDetector + +parser = ArgumentParser() +parser.add_argument('-i', '--interface', dest='interface', + help='checks for specific interface') + +args = parser.parse_args() +interface = args.interface + +# Create spoof detector obj +detector = SpoofDetector(interface) +detector.capture_packets() diff --git a/examples/Malwares/TelegramBackdoor.py b/examples/EvilFiles/Malwares/TelegramBackdoor.py similarity index 100% rename from examples/Malwares/TelegramBackdoor.py rename to examples/EvilFiles/Malwares/TelegramBackdoor.py diff --git a/examples/Malwares/TelegramDataHarvester.py b/examples/EvilFiles/Malwares/TelegramDataHarvester.py similarity index 100% rename from examples/Malwares/TelegramDataHarvester.py rename to examples/EvilFiles/Malwares/TelegramDataHarvester.py diff --git a/examples/Malwares/key_logger.py b/examples/EvilFiles/Malwares/key_logger.py similarity index 100% rename from examples/Malwares/key_logger.py rename to examples/EvilFiles/Malwares/key_logger.py diff --git a/examples/Malwares/wifi-password-harvester.py b/examples/EvilFiles/Malwares/wifi-password-harvester.py similarity index 100% rename from examples/Malwares/wifi-password-harvester.py rename to examples/EvilFiles/Malwares/wifi-password-harvester.py diff --git a/examples/Ransomwares/dmsec_decrypter.py b/examples/EvilFiles/Ransomwares/dmsec_decrypter.py similarity index 100% rename from examples/Ransomwares/dmsec_decrypter.py rename to examples/EvilFiles/Ransomwares/dmsec_decrypter.py diff --git a/examples/Ransomwares/dmsec_encrypter.py b/examples/EvilFiles/Ransomwares/dmsec_encrypter.py similarity index 100% rename from examples/Ransomwares/dmsec_encrypter.py rename to examples/EvilFiles/Ransomwares/dmsec_encrypter.py diff --git a/examples/Worms/DirClonerWorm.py b/examples/EvilFiles/Worms/DirClonerWorm.py similarity index 100% rename from examples/Worms/DirClonerWorm.py rename to examples/EvilFiles/Worms/DirClonerWorm.py diff --git a/pyhtools/detectors/arp_spoof_detector.py b/pyhtools/detectors/arp_spoof_detector.py index ae0c94b..211596c 100644 --- a/pyhtools/detectors/arp_spoof_detector.py +++ b/pyhtools/detectors/arp_spoof_detector.py @@ -1,56 +1,56 @@ -#!usr/bin/env python3 -import argparse import scapy.all as sp +from argparse import ArgumentParser -def get_args(): + +class SpoofDetector: ''' - get arguments if any + ARP spoofer to perform Local MITM attacks ''' - parser = argparse.ArgumentParser() - parser.add_argument('-i', '--interface', dest='interface', help='checks for specific interface') - - args = parser.parse_args() - interface = args.interface - del parser - del args - - return interface + def __init__(self, interface: str) -> None: + self.interface = interface -def get_mac(ip:str): - ''' - returns mac address of the ip - ''' - arp_req = sp.ARP(pdst=ip) - brdcst = sp.Ether(dst='ff:ff:ff:ff:ff:ff') + def get_mac(self, ip: str): + ''' + returns mac address of the ip + ''' + arp_req = sp.ARP(pdst=ip) + brdcst = sp.Ether(dst='ff:ff:ff:ff:ff:ff') - packet = brdcst / arp_req - responded_list = sp.srp(packet, timeout = 1, verbose = False)[0] + packet = brdcst / arp_req + responded_list = sp.srp(packet, timeout=1, verbose=False)[0] - return responded_list[0][1].hwsrc + return responded_list[0][1].hwsrc + def check_spoof(self, packet) -> bool: + ''' + checks if machine is under ARP/MITM attack. + ''' + if packet.haslayer(sp.ARP) and packet[sp.ARP].op == 2: + try: + real_mac = self.get_mac(packet[sp.ARP].psrc) + response_mac = packet[sp.ARP].hwsrc + if real_mac != response_mac: + print( + f"[!] ARP Spoof Detected! {response_mac} is imposter. {response_mac} is spoofing as {real_mac}") + except IndexError: + pass + + def start(self): + ''' + captures and processes packets to check whether network is being attacked or not + ''' + sp.sniff(iface=self.interface, store=False, prn=self.check_spoof) -def check_spoof(packet)->bool: - ''' - checks if machine is under ARP/MITM attack. - ''' - - if packet.haslayer(sp.ARP) and packet[sp.ARP].op == 2: - try: - real_mac = get_mac(packet[sp.ARP].psrc) - response_mac = packet[sp.ARP].hwsrc - if real_mac != response_mac: - print(f"[!] ARP Spoof Detected! {response_mac} is imposter. {response_mac} is spoofing as {real_mac}") - except IndexError: - pass - - -def capture_packets(iface:str): - ''' - captures and processes captured packets. - ''' - sp.sniff(iface=iface, store=False, prn=check_spoof) +if __name__ == '__main__': + parser = ArgumentParser() + parser.add_argument('-i', '--interface', dest='interface', + help='checks for specific interface') + + args = parser.parse_args() + interface = args.interface -INTERFACE = get_args() -capture_packets(INTERFACE) \ No newline at end of file + # Create spoof detector obj and start process + detector = SpoofDetector(interface) + detector.start()