Created
April 4, 2023 12:13
-
-
Save Jubiko31/9da0eef0a354ca12cd7a299bb7a38304 to your computer and use it in GitHub Desktop.
ARP Spoofing Detector
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import scapy.all as scapy | |
from argparse import ArgumentParser | |
def get_args(): | |
parser = ArgumentParser() | |
parser.add_argument("-i", "--interface", dest="interface", help="Target interface to monitor") | |
args = parser.parse_args() | |
return args | |
def get_mac(ip): | |
arp_req = scapy.ARP(pdst=ip) | |
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff") | |
arp_req_broadcast = broadcast / arp_req | |
ans = scapy.srp(arp_req_broadcast, timeout=1, verbose=False)[0] | |
return ans[0][1].hwsrc | |
def sniff(interface): | |
scapy.sniff(iface=interface, stop=False, prn=process_sniffed_packet) | |
def process_sniffed_packet(packet): | |
if packet.haslayer(scapy.ARP) and packet[scapy.ARP].op == 2: | |
try: | |
mac = get_mac(packet[scapy.ARP].psrc) | |
response_mac = packet[scapy.ARP].hwsrc | |
if mac != response_mac: | |
print("\u001b[38;5;202m[!!] Detected ARP spoofing...\nSource: {mac}") | |
except IndexError: | |
pass | |
args = get_args() | |
sniff(args.interface) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment