Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/env ruby
require 'rubygems'
require 'json'
require 'pony'
require 'text-table'
# We write a file with the following format:
# ip_address,mac_address,accepted,alerted,first_seen_timestamp
email_to_alert = "email"
gmail_username = 'email'
gmail_app_password = 'password'
filename = ENV['HOME'] + "/.wifi_hosts.txt"
connections_to_alert = []
wifi_host_log_structure = []
if File.exist?(filename) then
#puts "File exists"
File.open(filename, 'r+') do |f|
#puts "Opened file"
wifi_host_log_text = File.read(f)
if wifi_host_log_text.length > 1 then
wifi_host_log_structure = JSON.parse(wifi_host_log_text)
end
end
end
#puts "wifi_host_log_structure"
#puts wifi_host_log_structure.inspect
STDIN.read.split("\n").each do |line|
if /^(\d+)\./.match(line) then
ip, mac = line.split(' ')
#puts "#{ip} :: #{mac}"
wifi_host_log_structure.each do
|log_structure|
#puts "log_structure", log_structure["mac"]
end
found_in_logs = wifi_host_log_structure.any? do
|log_structure|
log_structure["mac"].eql? mac
end
#puts "Found in logs #{found_in_logs}";
if !found_in_logs then
ts = Time.now
connections_to_alert.push({
:ip => ip,
"mac" => mac,
:timestamp => ts
})
wifi_host_log_structure.push({
:ip => ip,
"mac" => mac,
:alerted => 1,
:timestamp => ts.getutc
});
#puts "New guy here: #{mac}"
end
end
end
if connections_to_alert.length > 0 then
#puts connections_to_alert.inspect
email_body = ''
email_table = Text::Table.new
email_table.head = ['MAC Address', 'IP Address', 'Timestamp']
connections_to_alert.each do |connection|
#puts "connection x"
#puts "#{connection[:mac]}"
email_table.rows << [connection['mac'], connection[:ip], connection[:timestamp]]
end
email_body += "We have detected the following new MAC addresses on the network.\n"
email_body += "<pre>#{email_table.to_s}</pre>"
File.open(filename, 'w') do |f|
#puts "Opened file for writing"
f.write(wifi_host_log_structure.to_json)
end
# alright alert here somehow, Twilio, SMTP or gmail
Pony.mail({
:to => email_to_alert,
:subject => 'New MAC address was detected',
:html_body => email_body,
:via => :smtp,
:via_options => {
:address => 'smtp.gmail.com',
:port => '587',
:enable_starttls_auto => true,
:user_name => gmail_username,
:password => gmail_app_password,
:authentication => :plain, # :plain, :login, :cram_md5, no auth by default
:domain => "localhost.localdomain" # the HELO domain provided by the client to the server
}
})
end
ip_start=192.168
ip_end=.1.0
subnet=24
interval=`expr 60 \* 5` # 5 minutes
# run once
arp-scan $ip_start$ip_end/$subnet | tail -n +3 | ruby compare_wifi.rb;
# and stay updated
while sleep $interval; do
arp-scan $ip_start$ip_end/$subnet | tail -n +3 | ruby compare_wifi.rb;
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.