python>> raw-packet>> 返回
项目作者: raw-packet

项目描述 :
Raw-packet Project
高级语言: Python
项目地址: git://github.com/raw-packet/raw-packet.git
创建时间: 2017-05-18T13:05:28Z
项目社区:https://github.com/raw-packet/raw-packet
开源协议:MIT License
下载


Raw-packet project

Official site
Required OS
Python3 version
License
Version
Stability

Logo

Important information

This project is created only for educational purposes and can not be used for
law violation or personal gain.
The author of this project is not responsible for any possible harm caused by the materials of this project.

Description

This project implements network protocols such as Ethernet ARP IPv4 UDP TCP DHCPv4 ICMPv4 IPv6 DHCPv6 ICMPv6 DNS MDNS on raw socket.

Info

Author: Vladimir Ivanov

SubAuthors: Ilja Bulatov

Project email: raw.packet.project@gmail.com

Required OS: Windows, MacOS, Linux

Python minimum versions: 3.6

License: MIT

Install

Debian based OS install:

  1. sudo apt update
  2. sudo apt install -y python3 python3-pip wireless-tools tshark
  3. pip3 install --upgrade pip
  4. sudo pip3 install raw-packet

MacOS install:

1. Install Homebrew:

  1. /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"

2. Adding repository to Homebrew:

  1. brew tap raw-packet/raw-packet

3. Install Raw-packet:

  1. brew install raw-packet

Windows install:

1. Install Wireshark

2. Install Python 3.8

3. Install Raw-packet:

  1. pip3 install --upgrade pip
  2. pip3 install raw-packet

Publications (on russian)

Performance

This project was designed specifically to improve the performance and speed of requests needed for network attacks.

On Linux you can compare perfomance of this project with popular python library SCAPY via script time_test.py

Our testing you can see bellow

Number of Packets 10 100 1000 10000
ARP requests in Scapy (sec) 0,0522048473358 0,0785529613495 0,302206039429 2,95294880867
ARP requests in Raw-packet (sec) 0,00202298164368 0,00270104408264 0,090922832489 1,3037519455
DHCP discover requests in Scapy (sec) 0,397399187088 4,16092181206 39,5892789364 -
DHCP discover requests in Raw-packet (sec) 0,00177597999573 0,0219049453735 0,162989854813 -
DNS requests in Scapy (sec) 0.608256101608 6.05325508118 58.4151289463 -
DNS requests in Raw-packet (sec) 0.00274395942688 0.0127770900726 0.0796978473663 -

Scapy vs. Raw-packet ARP requests

Scapy vs. Raw-packet DHCP discover requests

Scapy vs. Raw-packet DNS requests

Scripts

Apple attacks

Script: apple_mitm

This script automatically finds Apple devices on the local network using an ARP, NMAP or ICMPv6 scan and implements the MiTM attack with the following techniques:

  1. ARP Spoofing
  2. Second DHCP ACK
  3. Predict next DHCP transaction ID
  4. Rogue SLAAC/DHCPv6 server
  5. NA Spoofing (IPv6)
  6. RA Spoofing (IPv6)
  1. root@kali:~# apple_mitm --help
  2. usage: apple_mitm [-h] [-T TECHNIQUE] [-D DISCONNECT] [-P PHISHING_SITE] [-i MITM_IFACE]
  3.                   [-d DEAUTH_IFACE] [-0 DEAUTH_PACKETS] [-g4 GATEWAY_IPV4] [-g6 GATEWAY_IPV6]
  4.                   [-d4 DNS_IPV4] [-d6 DNS_IPV6] [-m TARGET_MAC] [-t4 TARGET_IPV4]
  5.                   [-n4 TARGET_NEW_IPV4] [-t6 TARGET_IPV6] [-n6 TARGET_NEW_IPV6]
  6.                   [--ipv6_prefix IPV6_PREFIX]
  8.             MiTM Apple devices (apple_mitm)
  10. optional arguments:
  11.   -h, --help            show this help message and exit
  12.   -T TECHNIQUE, --technique TECHNIQUE
  13.                         Set MiTM technique:
  14.                         1. ARP Spoofing
  15.                         2. Second DHCP ACK
  16.                         3. Predict next DHCP transaction ID
  17.                         4. Rogue SLAAC/DHCPv6 server
  18.                         5. NA Spoofing (IPv6)
  19.                         6. RA Spoofing (IPv6)
  20.   -D DISCONNECT, --disconnect DISCONNECT
  21.                         Set device Disconnect technique:
  22.                         1. IPv4 network conflict detection
  23.                         2. Send WiFi deauthentication packets
  24.                         3. Do not disconnect device after MiTM
  25.   -P PHISHING_SITE, --phishing_site PHISHING_SITE
  26.                         Set Phishing site "apple", "google" or Path to your site
  27.   -i MITM_IFACE, --mitm_iface MITM_IFACE
  28.                         Set interface name for MiTM
  29.   -d DEAUTH_IFACE, --deauth_iface DEAUTH_IFACE
  30.                         Set interface name for send wifi deauth packets
  31.   -0 DEAUTH_PACKETS, --deauth_packets DEAUTH_PACKETS
  32.                         Set number of deauth packets (default: 25)
  33.   -g4 GATEWAY_IPV4, --gateway_ipv4 GATEWAY_IPV4
  34.                         Set gateway IPv4 address
  35.   -g6 GATEWAY_IPV6, --gateway_ipv6 GATEWAY_IPV6
  36.                         Set gateway IPv6 address
  37.   -d4 DNS_IPV4, --dns_ipv4 DNS_IPV4
  38.                         Set DNS server IPv4 address
  39.   -d6 DNS_IPV6, --dns_ipv6 DNS_IPV6
  40.                         Set DNS server IPv6 address
  41.   -m TARGET_MAC, --target_mac TARGET_MAC
  42.                         Set target MAC address
  43.   -t4 TARGET_IPV4, --target_ipv4 TARGET_IPV4
  44.                         Set target IPv4 address
  45.   -n4 TARGET_NEW_IPV4, --target_new_ipv4 TARGET_NEW_IPV4
  46.                         Set new IPv4 address for target
  47.   -t6 TARGET_IPV6, --target_ipv6 TARGET_IPV6
  48.                         Set link local target IPv6 address
  49.   -n6 TARGET_NEW_IPV6, --target_new_ipv6 TARGET_NEW_IPV6
  50.                         Set new global IPv6 address for target
  51.   --ipv6_prefix IPV6_PREFIX
  52.                         Set IPv6 network prefix, default - fde4:8dba:82e1:ffff::/64

Sample script output:

apple_mitm output

Script: apple_arp_dos

Disconnect Apple device from the local network using ARP packets

  1. root@kali:~# apple_arp_dos --help
  2. usage: apple_arp_dos [-h] [-i INTERFACE] [-t TARGET_IP] [-m TARGET_MAC] [-q]
  4. Disconnect Apple device in local network with ARP packets (apple_arp_dos)
  6. optional arguments:
  7.   -h, --help            show this help message and exit
  8.   -i INTERFACE, --interface INTERFACE
  9.                         Set network interface name
  10.   -t TARGET_IP, --target_ip TARGET_IP
  11.                         Set target IPv4 address
  12.   -m TARGET_MAC, --target_mac TARGET_MAC
  13.                         Set target MAC address
  14.   -q, --quiet           Minimal output

Sample script output:

apple_arp_dos output

Script: apple_dhcp_server

Rogue DHCPv4 server for Apple device with predict next DHCPv4 transaction ID

  1. root@kali:~# apple_dhcp_server --help
  2. usage: apple_dhcp_server [-h] [-i INTERFACE] -t TARGET_IP -m TARGET_MAC [-b] [-q]
  4. Rogue DHCPv4 server for Apple devices (apple_dhcp_server)
  6. optional arguments:
  7.   -h, --help            show this help message and exit
  8.   -i INTERFACE, --interface INTERFACE
  9.                         Set network interface name
  10.   -t TARGET_IP, --target_ip TARGET_IP
  11.                         Set new IPv4 address for target
  12.   -m TARGET_MAC, --target_mac TARGET_MAC
  13.                         Set target MAC address
  14.   -b, --broadcast       Send broadcast DHCPv4 responses
  15.   -q, --quiet           Minimal output

Sample script output:

apple_dhcp_server output

ARP

The Address Resolution Protocol (ARP) is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address.

Script: arp_scan

This script creates and sends ARP requests (Who has?) to search for alive hosts on the local network.

  1. root@kali:~# arp_scan --help
  2. usage: arp_scan [-h] [-i INTERFACE] [-t TARGET_IP] [--timeout TIMEOUT] [--retry RETRY]
  4.                 ARP Scanner (arp_scan)
  6. optional arguments:
  7.   -h, --help            show this help message and exit
  8.   -i INTERFACE, --interface INTERFACE
  9.                         Set interface name for ARP scanner
  10.   -t TARGET_IP, --target_ip TARGET_IP
  11.                         Set target IPv4 address
  12.   --timeout TIMEOUT     Set timeout (default=5)
  13.   --retry RETRY         Set number of retry packets (default=5)

Sample script output:

arp_scan output

Script: arp_spoof

This script implement the ARP spoofing attack.
ARP spoofing, ARP cache poisoning or ARP poison routing, is a technique that an attacker sends fake (spoofed) Address Resolution Protocol (ARP) messages onto a local network.

  1. root@kali:~# arp_spoof --help
  2. usage: arp_spoof [-h] [-i INTERFACE] [-t TARGET_IP] [-m TARGET_MAC] [-g GATEWAY_IP] [-r] [--ipv4_multicast]
  3.                  [--ipv6_multicast] [--broadcast] [-q]
  5.                ARP Spoofing (arp_spoof)
  7. optional arguments:
  8.   -h, --help            show this help message and exit
  9.   -i INTERFACE, --interface INTERFACE
  10.                         Set interface name for send ARP packets
  11.   -t TARGET_IP, --target_ip TARGET_IP
  12.                         Set target IP address
  13.   -m TARGET_MAC, --target_mac TARGET_MAC
  14.                         Set target MAC address
  15.   -g GATEWAY_IP, --gateway_ip GATEWAY_IP
  16.                         Set gateway IP address
  17.   -r, --requests        Send only ARP requests
  18.   --ipv4_multicast      Send ARP replies/requests to IPv4 multicast MAC address
  19.   --ipv6_multicast      Send ARP replies/requests to IPv6 multicast MAC address
  20.   --broadcast           Send ARP replies/requests to broadcast MAC address
  21.   -q, --quiet           Minimal output

Sample script output:

arp_spoof output

DHCPv4

The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks.

Script: dhcpv4_server

This script implements an attack on network clients by using fake DHCPv4 server which answers with malicius configuration faster than legitimate DHCPv4 server.
This attack also known as Rogue DHCPv4 Server Attack.

  1. root@kali:~# dhcpv4_server --help
  2. usage: dhcpv4_server [-h] [-i INTERFACE] [-f FIRST_OFFER_IP] [-l LAST_OFFER_IP]
  3.                      [-m TARGET_MAC] [-t TARGET_IP] [--netmask NETMASK]
  4.                      [--dhcp_mac DHCP_MAC] [--dhcp_ip DHCP_IP] [--router ROUTER]
  5.                      [--dns DNS] [--tftp TFTP] [--wins WINS] [--domain DOMAIN]
  6.                      [--lease_time LEASE_TIME] [--discover] [-O SHELLSHOCK_OPTION_CODE]
  7.                      [-c SHELLSHOCK_COMMAND] [-b] [-p BIND_PORT] [-N] [-E] [-R]
  8.                      [-e REVERSE_PORT] [-n] [-B] [--ip_path IP_PATH]
  9.                      [--iface_name IFACE_NAME] [--broadcast_response] [--dnsop] [--exit]
  10.                      [--apple] [-q]
  12.              DHCPv4 server (dhcpv4_server)
  14. optional arguments:
  15.   -h, --help            show this help message and exit
  16.   -i INTERFACE, --interface INTERFACE
  17.                         Set interface name for send reply packets
  18.   -f FIRST_OFFER_IP, --first_offer_ip FIRST_OFFER_IP
  19.                         Set first client ip for offering
  20.   -l LAST_OFFER_IP, --last_offer_ip LAST_OFFER_IP
  21.                         Set last client ip for offering
  22.   -m TARGET_MAC, --target_mac TARGET_MAC
  23.                         Set target MAC address
  24.   -t TARGET_IP, --target_ip TARGET_IP
  25.                         Set client IP address with MAC in --target_mac
  26.   --netmask NETMASK     Set network mask
  27.   --dhcp_mac DHCP_MAC   Set DHCP server MAC address, if not set use your MAC address
  28.   --dhcp_ip DHCP_IP     Set DHCP server IP address, if not set use your IP address
  29.   --router ROUTER       Set router IP address, if not set use your ip address
  30.   --dns DNS             Set DNS server IP address, if not set use your ip address
  31.   --tftp TFTP           Set TFTP server IP address
  32.   --wins WINS           Set WINS server IP address
  33.   --domain DOMAIN       Set domain name for search, default=local
  34.   --lease_time LEASE_TIME
  35.                         Set lease time, default=172800
  36.   --discover            Send DHCP discover packets in the background thread
  37.   -O SHELLSHOCK_OPTION_CODE, --shellshock_option_code SHELLSHOCK_OPTION_CODE
  38.                         Set dhcp option code for inject shellshock payload, default=114
  39.   -c SHELLSHOCK_COMMAND, --shellshock_command SHELLSHOCK_COMMAND
  40.                         Set shellshock command in DHCP client
  41.   -b, --bind_shell      Use awk bind tcp shell in DHCP client
  42.   -p BIND_PORT, --bind_port BIND_PORT
  43.                         Set port for listen bind shell (default=1234)
  44.   -N, --nc_reverse_shell
  45.                         Use nc reverse tcp shell in DHCP client
  46.   -E, --nce_reverse_shell
  47.                         Use nc -e reverse tcp shell in DHCP client
  48.   -R, --bash_reverse_shell
  49.                         Use bash reverse tcp shell in DHCP client
  50.   -e REVERSE_PORT, --reverse_port REVERSE_PORT
  51.                         Set port for listen bind shell (default=443)
  52.   -n, --without_network
  53.                         Do not add network configure in payload
  54.   -B, --without_base64  Do not use base64 encode in payload
  55.   --ip_path IP_PATH     Set path to "ip" in shellshock payload, default = /bin/
  56.   --iface_name IFACE_NAME
  57.                         Set iface name in shellshock payload, default = eth0
  58.   --broadcast_response  Send broadcast response
  59.   --dnsop               Do not send DHCP OFFER packets
  60.   --exit                Exit on success MiTM attack
  61.   --apple               Add delay before send DHCP ACK
  62.   -q, --quiet           Minimal output

Sample script output:

dhcpv4_server output

DHCPv6

The Dynamic Host Configuration Protocol version 6 (DHCPv6) is a network protocol for configuring Internet Protocol version 6 (IPv6) hosts with IP addresses, IP prefixes and other configuration data required to operate in an IPv6 network. It is the IPv6 equivalent of the Dynamic Host Configuration Protocol for IPv4.

Script: dhcpv6_server

This script implements fake DHCPv6 server for perfom SLAAC attack/Rogue DHCPv6.

  1. root@kali:~# dhcpv6_server --help
  2. usage: dhcpv6_server [-h] [-i INTERFACE] [-p PREFIX] [-f FIRST_SUFFIX] [-l LAST_SUFFIX]
  3.                      [-t TARGET_MAC] [-T TARGET_IPV6] [-D] [-d DNS] [-s DNS_SEARCH]
  4.                      [--delay DELAY] [-q]
  6.           SLAAC/DHCPv6 server (dhcpv6_server)
  8. optional arguments:
  9.   -h, --help            show this help message and exit
  10.   -i INTERFACE, --interface INTERFACE
  11.                         Set interface name for send reply packets
  12.   -p PREFIX, --prefix PREFIX
  13.                         Set network prefix
  14.   -f FIRST_SUFFIX, --first_suffix FIRST_SUFFIX
  15.                         Set first suffix client IPv6 for offering
  16.   -l LAST_SUFFIX, --last_suffix LAST_SUFFIX
  17.                         Set last suffix client IPv6 for offering
  18.   -t TARGET_MAC, --target_mac TARGET_MAC
  19.                         Set target MAC address
  20.   -T TARGET_IPV6, --target_ipv6 TARGET_IPV6
  21.                         Set client Global IPv6 address with MAC --target_mac
  22.   -D, --disable_dhcpv6  Do not use DHCPv6 protocol
  23.   -d DNS, --dns DNS     Set recursive DNS IPv6 address
  24.   -s DNS_SEARCH, --dns_search DNS_SEARCH
  25.                         Set DNS search domain
  26.   --delay DELAY         Set delay between packets
  27.   -q, --quiet           Minimal output

Sample script output:

dhcpv6_server output

DNS

Script: dns_server

This script impelements a simple DNS server (like a dnschef), which is useful in MiTM attacks. You can setup A or AAAA records for several domains. 

  1. root@kali:~# dns_server -h
  2. usage: dns_server [-h] [-i INTERFACE] [-p PORT] [-t TARGET_MAC] [--T4 T4] [--T6 T6]
  3.                   [-c CONFIG_FILE] [--fake_domains FAKE_DOMAINS]
  4.                   [--no_such_domains NO_SUCH_DOMAINS] [--fake_ipv4 FAKE_IPV4]
  5.                   [--fake_ipv6 FAKE_IPV6] [--ipv6] [--disable_ipv4]
  6.                   [--log_file_name LOG_FILE_NAME] [--log_file_format LOG_FILE_FORMAT] [-f]
  7.                   [-q]
  9.                 DNS server (dns_server)
  11. optional arguments:
  12.   -h, --help            show this help message and exit
  13.   -i INTERFACE, --interface INTERFACE
  14.                         Set interface name for send DNS reply packets
  15.   -p PORT, --port PORT  Set UDP port for listen DNS request packets (default: 53)
  16.   -t TARGET_MAC, --target_mac TARGET_MAC
  17.                         Set target MAC address
  18.   --T4 T4               Set target IPv4 address
  19.   --T6 T6               Set target IPv6 address
  20.   -c CONFIG_FILE, --config_file CONFIG_FILE
  21.                         Set json config file name, example: --config_file
  22.                         "dns_server_config.json"
  23.   --fake_domains FAKE_DOMAINS
  24.                         Set fake domain regexp or domains, example: --fake_domains
  25.                         ".*apple.com,.*google.com"
  26.   --no_such_domains NO_SUCH_DOMAINS
  27.                         Set no such domain or domains, example: --no_such_domains
  28.                         "apple.com,google.com"
  29.   --fake_ipv4 FAKE_IPV4
  30.                         Set fake IP address or addresses, example: --fake_ipv4
  31.                         "192.168.0.1,192.168.0.2"
  32.   --fake_ipv6 FAKE_IPV6
  33.                         Set fake IPv6 address or addresses, example: --fake_ipv6
  34.                         "fd00::1,fd00::2"
  35.   --ipv6                Enable IPv6
  36.   --disable_ipv4        Disable IPv4
  37.   --log_file_name LOG_FILE_NAME
  38.                         Set file name for save DNS queries (default: "dns_server_log")
  39.   --log_file_format LOG_FILE_FORMAT
  40.                         Set file format for save results: csv, xml, json, txt (default:
  41.                         "json")
  42.   -f, --fake_answer     Set your IPv4 or IPv6 address in all answers
  43.   -q, --quiet           Minimal output

Sample script configuration:

  1. {
  2.   ".*google.com": {
  3.     "A": ["192.168.0.1", "192.168.0.2"],
  4.     "AAAA": "fd00::1",
  5.     "NS": ["ns1.google.com", "ns2.google.com"],
  6.     "MX": "mail.google.com"
  7.   },
  8.   ".*apple.com": {
  9.     "A": "192.168.0.1",
  10.     "AAAA": ["fd00::1", "fd00::2"],
  11.     "NS": "ns.apple.com",
  12.     "MX": ["mail1.apple.com", "mail2.apple.com"]
  13.   },
  14.   "gooogle.com": {
  15.     "no such domain": true
  16.   },
  17.   "evil.com": {
  18.     "success": true,
  19.     "A": "my ipv4 address",
  20.     "AAAA": "my ipv6 address"
  21.   }
  22. }

Sample script output (without parameters):

dns_server.py output

Sample script output (fake answer):

dns_server.py output_fake_answer

ICMPv4

Script: icmpv4_redirect

This script implement the ICMPv4 redirect attack. 

  1. root@kali:~# icmpv4_redirect --help
  2. usage: icmpv4_redirect [-h] [-i INTERFACE] [-t TARGET_IP] [-m TARGET_MAC] [-g GATEWAY_IP]
  3.                        [-r REDIRECT_IP] [-q]
  5.            ICMPv4 redirect (icmpv4_redirect)
  7. optional arguments:
  8.   -h, --help            show this help message and exit
  9.   -i INTERFACE, --interface INTERFACE
  10.                         Set interface name for send ICMP redirect packets
  11.   -t TARGET_IP, --target_ip TARGET_IP
  12.                         Set target IPv4 address
  13.   -m TARGET_MAC, --target_mac TARGET_MAC
  14.                         Set target MAC address
  15.   -g GATEWAY_IP, --gateway_ip GATEWAY_IP
  16.                         Set gateway IPv4 address (default: <your_ipv4_gateway>)
  17.   -r REDIRECT_IP, --redirect_ip REDIRECT_IP
  18.                         Set IP addresses where to redirect (example: "1.1.1.1,8.8.8.8")
  19.   -q, --quiet           Minimal output

Sample script output:

icmpv4_redirect output

IPv6

Script: ipv6_scan.py

Search for hosts that support IPv6 in local network using ICMPv6 protocol

  1. root@kali:~# ipv6_scan --help
  2. usage: ipv6_scan [-h] [-i INTERFACE] [-m TARGET_MAC] [-t TIMEOUT] [-r RETRY] [-s]
  4.                ICMPv6 scan (icmpv6_scan)
  6. optional arguments:
  7.   -h, --help            show this help message and exit
  8.   -i INTERFACE, --interface INTERFACE
  9.                         Set interface name for ARP scanner
  10.   -m TARGET_MAC, --target_mac TARGET_MAC
  11.                         Set target MAC address
  12.   -t TIMEOUT, --timeout TIMEOUT
  13.                         Set timeout (default=5)
  14.   -r RETRY, --retry RETRY
  15.                         Set number of retry (default=5)
  16.   -s, --router_search   Search router IPv6 link local address

Sample script output:

ipv6_scan output

Search IPv6 router:

ipv6_router_search output

Script: ipv6_spoof

This script implements Router Advertisement and Neighbor Advertisement spoofing attack

  1. root@kali:~# ipv6_spoof --help
  2. usage: ipv6_spoof [-h] [-T TECHNIQUE] [-i INTERFACE] [-t TARGET_IP] [-m TARGET_MAC]
  3.                   [-g GATEWAY_IP] [-p IPV6_PREFIX] [-d DNS_IP] [-n DNS_DOMAIN_SEARCH] [-q]
  5.               IPv6 Spoofing (ipv6_spoof)
  7. optional arguments:
  8.   -h, --help            show this help message and exit
  9.   -T TECHNIQUE, --technique TECHNIQUE
  10.                         Set ICMPv6 MiTM technique (example: 1)
  11.                         1. ICMPv6 RA (Router Advertisement) Spoofing
  12.                         2. ICMPv6 NA (Neighbor Advertisement) Spoofing
  13.   -i INTERFACE, --interface INTERFACE
  14.                         Set interface name for send ARP packets
  15.   -t TARGET_IP, --target_ip TARGET_IP
  16.                         Set target IPv6 link local address
  17.   -m TARGET_MAC, --target_mac TARGET_MAC
  18.                         Set target MAC address
  19.   -g GATEWAY_IP, --gateway_ip GATEWAY_IP
  20.                         Set gateway IPv6 link local address
  21.   -p IPV6_PREFIX, --ipv6_prefix IPV6_PREFIX
  22.                         Set IPv6 prefix, default="fde4:8dba:82e1:ffff::/64"
  23.   -d DNS_IP, --dns_ip DNS_IP
  24.                         Set DNS server IPv6 link local address
  25.   -n DNS_DOMAIN_SEARCH, --dns_domain_search DNS_DOMAIN_SEARCH
  26.                         Set DNS domain search; default: "local"
  27.   -q, --quiet           Minimal output

Router Advertisement spoofing

Sample script output:

ipv6_spoof_ra output

Neighbor Advertisement spoofing

Sample script output:

ipv6_spoof_na output

Network Conflict Creator (ncc)

Script: ncc

Script for creating network conflicts for varius testing.

  1. root@kali:~# ncc --help
  2. usage: ncc [-h] [-i INTERFACE] [-t TARGET_IP] [-m TARGET_MAC] [--replies] [--requests]
  3.            [--broadcast] [-p PACKETS] [-q] [-e]
  5.             Network Conflict Creator (ncc)
  7. optional arguments:
  8.   -h, --help            show this help message and exit
  9.   -i INTERFACE, --interface INTERFACE
  10.                         Set interface name for listen and send packets
  11.   -t TARGET_IP, --target_ip TARGET_IP
  12.                         Set target IP address
  13.   -m TARGET_MAC, --target_mac TARGET_MAC
  14.                         Set target MAC address
  15.   --replies             Send only ARP replies
  16.   --requests            Send only ARP requests
  17.   --broadcast           Send broadcast ARP requests
  18.   -p PACKETS, --packets PACKETS
  19.                         Number of ARP packets (default: 10)
  20.   -q, --quiet           Minimal output
  21.   -e, --exit            Exit on success

Sample script output:

ncc output

Network Security Check (nsc)

Script: nsc

Checking network security mechanisms

  1. Works on Windows, MacOS and Linux
  2. Check ARP Spoofing
  3. Check ICMPv4 Redirect
  4. Check Rogue DHCPv4
  5. Check ICMPv6 Redirect
  6. Check ICMPv6 Router Advertisement Spoofing
  7. Check ICMPv6 Neighbor Advertisement Spoofing
  8. Check Rogue DHCPv6
  9. Check STP spoofing
  1. root@kali:~# nsc --help
  2. usage: nsc [-h] [-i SEND_INTERFACE] [-l LISTEN_INTERFACE] [-n TEST_HOST_INTERFACE]
  3.            [-t TEST_HOST_IP] [-m TEST_HOST_MAC] [-o TEST_HOST_OS] [-u TEST_SSH_USER]
  4.            [-p TEST_SSH_PASS] [-k TEST_SSH_PKEY] [-G GATEWAY_IP] [-g GATEWAY_MAC]
  5.            [-r NUMBER_OF_PACKETS] [-L LISTEN_TIME] [-q]
  7.              Network Security Check (nsc)
  9. optional arguments:
  10.   -h, --help            show this help message and exit
  11.   -i SEND_INTERFACE, --send_interface SEND_INTERFACE
  12.                         Set interface name for send packets
  13.   -l LISTEN_INTERFACE, --listen_interface LISTEN_INTERFACE
  14.                         Set interface name for listen packets
  15.   -n TEST_HOST_INTERFACE, --test_host_interface TEST_HOST_INTERFACE
  16.                         Set test host network interface for listen packets
  17.   -t TEST_HOST_IP, --test_host_ip TEST_HOST_IP
  18.                         Set test host IP address for ssh connection
  19.   -m TEST_HOST_MAC, --test_host_mac TEST_HOST_MAC
  20.                         Set test host MAC address for ssh connection
  21.   -o TEST_HOST_OS, --test_host_os TEST_HOST_OS
  22.                         Set test host OS (MacOS, Linux, Windows)
  23.   -u TEST_SSH_USER, --test_ssh_user TEST_SSH_USER
  24.                         Set test host user name for ssh connection
  25.   -p TEST_SSH_PASS, --test_ssh_pass TEST_SSH_PASS
  26.                         Set test host password for ssh connection
  27.   -k TEST_SSH_PKEY, --test_ssh_pkey TEST_SSH_PKEY
  28.                         Set test host private key for ssh connection
  29.   -G GATEWAY_IP, --gateway_ip GATEWAY_IP
  30.                         Set gateway IPv4 address
  31.   -g GATEWAY_MAC, --gateway_mac GATEWAY_MAC
  32.                         Set gateway MAC address
  33.   -r NUMBER_OF_PACKETS, --number_of_packets NUMBER_OF_PACKETS
  34.                         Set number of spoofing packets for each test (default: 10)
  35.   -L LISTEN_TIME, --listen_time LISTEN_TIME
  36.                         Set time to listen spoofing packets in seconds (default: 60)
  37.   -q, --quiet           Minimal output

Sample script output:

nsc output

Sample script output (test host):

nsc output

WiFi

Script: wat

Cross-platform WiFi attack tool (wat)

  1. Works on MacOS and Linux
  2. Collects wireless AP information
  3. Sends association packets
  4. Sends deauthentication packets
  5. Switch between WiFi channels
  6. Saves WPA handshakes in formats: pcap, hccapx, 22000
  7. Supports PMKID (AP clientless attack)
  8. Saves WPA RSN PMKID in format for hashcat brute
  9. Supports vulnerability CVE-2019-15126 kr00k (decryption of CCMP packet with NULL 128 bits - temporary key)
  1. root@kali:~# wat --help
  2. usage: wat [-h] [-i INTERFACE] [-c CHANNEL] [-d]
  4.          Cross platform WiFi attack tool (wat)
  6. Ctrl-E Show Wireless access point information
  7. Ctrl-D Send IEEE 802.11 deauth packets
  8. Ctrl-D Switch WiFi channel
  9. Ctrl-A Send IEEE 802.11 association packet
  10. Ctrl-R Start scanner (switch between WiFi channels)
  11. Ctrl-H Show help information
  12. Ctrl-C Exit
  14. optional arguments:
  15.   -h, --help            show this help message and exit
  16.   -i INTERFACE, --interface INTERFACE
  17.                         Set wireless interface name for sniff packets
  18.   -c CHANNEL, --channel CHANNEL
  19.                         Set WiFi channel
  20.   -d, --debug           Maximum output

Sample script output:

wat output

Video demo:

wat demo video