Last active
May 25, 2021 10:19
-
-
Save lordlabuckdas/9a7311e0d8ca3133d7f277df7d2d513f to your computer and use it in GitHub Desktop.
a rudimentary bash script w/ cronjobs to check for MITM attacks through gateway MAC comparison from ARP tables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# run `crontab -e` to edit cronjobs for the current user and add the contents of this file | |
# create initial ARP table immediately after boot | |
@reboot arp -e | grep : | cut -d ' ' -f 1,21 > /tmp/init_arptab.txt | |
# run the MITM checker script every 2nd minute | |
# 2 minutes is an arbitrary value, feel free to change the interval to your liking | |
*/2 * * * * bash $HOME/mitm_checker.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/bash | |
# MITM checker | |
# have a look at `cronjob.example` to set up cronjobs for proper functioning | |
# move this file to $HOME - `mv mitm_checker $HOME` | |
# make it executable - `chmod +x mitm_checker.sh` | |
arp -e | grep : | cut -d ' ' -f 1,21 > /tmp/cur_arptab.txt | |
if [ $(cat /tmp/cur_arptab.txt | head | cut -d ' ' -f 2) != $(cat /tmp/init_arptab.txt | head | cut -d ' ' -f 2) ]; | |
then | |
notify-send "ATTENTION!" "Under MITM attack!" -u critical | |
echo "IP: Initial MAC: Current MAC:" | |
join /tmp/init_arptab.txt /tmp/cur_arptab.txt | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment