python实现基于Linux的ARP攻击检测防护软件的设计。模块包含多种ARP攻击类型检测、多种检测方式、历史记录和统计分析、实时告警和自动防御、网络拓扑图展示和扫描局域网内活动主机IP地址和MAC地址并有一定的可视化功能在网页里显示可视化界面。需要几个py文件使用基本代码写出
由于该项目比较复杂,需要涉及到多个模块和功能,因此需要编写多个py文件来实现。
- arp_detection.py:用于实现ARP攻击的检测和防护功能。
import os
import time
import threading
import subprocess
# 定义全局变量
arp_table = {} # ARP缓存表
arp_lock = threading.Lock() # 用于保证ARP缓存表的线程安全
alert_list = [] # 告警列表
alert_lock = threading.Lock() # 用于保证告警列表的线程安全
# 定义函数:获取本机IP地址
def get_local_ip():
cmd = "ifconfig | grep 'inet ' | awk '{print $2}'"
p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
out, err = p.communicate()
if out:
ip_list = out.decode().split('\n')
for ip in ip_list:
if ip.startswith('192.168.'):
return ip
return None
# 定义函数:获取本机MAC地址
def get_local_mac():
cmd = "ifconfig | grep 'ether ' | awk '{print $2}'"
p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
out, err = p.communicate()
if out:
return out.decode().strip()
return None
# 定义函数:获取ARP缓存表
def get_arp_table():
global arp_table
arp_lock.acquire()
arp_table.clear()
cmd = "arp -a"
p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
out, err = p.communicate()
if out:
arp_list = out.decode().split('\n')
for arp in arp_list:
if arp.startswith('192.168.'):
ip, mac = arp.split()[1], arp.split()[3]
arp_table[ip] = mac
arp_lock.release()
# 定义函数:检测ARP攻击
def detect_arp_attack():
global alert_list
alert_lock.acquire()
alert_list.clear()
for ip, mac in arp_table.items():
if mac == '00:00:00:00:00:00':
alert_list.append(ip)
alert_lock.release()
# 定义函数:防御ARP攻击
def defend_arp_attack():
cmd = "arp -s %s %s" % (get_local_ip(), get_local_mac())
os.system(cmd)
# 定义函数:启动ARP攻击检测和防护线程
def start_arp_detection():
t1 = threading.Thread(target=get_arp_table)
t2 = threading.Thread(target=detect_arp_attack)
t3 = threading.Thread(target=defend_arp_attack)
t1.start()
t2.start()
t3.start()
# 定义函数:定时执行ARP攻击检测和防护
def timer_arp_detection():
while True:
start_arp_detection()
time.sleep(10)
# 定义函数:获取ARP缓存表的JSON数据
def get_arp_table_json():
global arp_table
arp_lock.acquire()
arp_json = {'arp_table': arp_table}
arp_lock.release()
return arp_json
# 定义函数:获取告警列表的JSON数据
def get_alert_list_json():
global alert_list
alert_lock.acquire()
alert_json = {'alert_list': alert_list}
alert_lock.release()
return alert_json
- network_topology.py:用于实现网络拓扑图展示和扫描局域网内活动主机IP地址和MAC地址的功能。
import os
import subprocess
# 定义函数:获取局域网内的IP地址列表
def get_ip_list():
cmd = "arp-scan --localnet | grep '192.168.' | awk '{print $1}'"
p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
out, err = p.communicate()
if out:
ip_list = out.decode().split('\n')
return ip_list[:-1]
return []
# 定义函数:获取局域网内的MAC地址列表
def get_mac_list():
cmd = "arp-scan --localnet | grep '192.168.' | awk '{print $2}'"
p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
out, err = p.communicate()
if out:
mac_list = out.decode().split('\n')
return mac_list[:-1]
return []
# 定义函数:生成网络拓扑图
def generate_network_topology():
ip_list = get_ip_list()
mac_list = get_mac_list()
node_list = []
edge_list = []
for i in range(len(ip_list)):
node = {'id': i, 'label': ip_list[i], 'group': 1}
node_list.append(node)
edge = {'from': i, 'to': i, 'label': mac_list[i]}
edge_list.append(edge)
return {'nodes': node_list, 'edges': edge_list}
- web_server.py:用于实现Web服务器和可视化界面的功能。
from flask import Flask, render_template, jsonify
import arp_detection
import network_topology
app = Flask(__name__)
# 定义路由:首页
@app.route('/')
def index():
return render_template('index.html')
# 定义路由:获取ARP缓存表的JSON数据
@app.route('/arp_table')
def get_arp_table():
arp_json = arp_detection.get_arp_table_json()
return jsonify(arp_json)
# 定义路由:获取告警列表的JSON数据
@app.route('/alert_list')
def get_alert_list():
alert_json = arp_detection.get_alert_list_json()
return jsonify(alert_json)
# 定义路由:获取网络拓扑图的JSON数据
@app.route('/network_topology')
def get_network_topology():
topology_json = network_topology.generate_network_topology()
return jsonify(topology_json)
if __name__ == '__main__':
# 启动ARP攻击检测和防护线程
arp_detection.start_arp_detection()
# 启动定时执行ARP攻击检测和防护的线程
t = threading.Thread(target=arp_detection.timer_arp_detection)
t.start()
# 启动Web服务器
app.run(debug=True)
- index.html:用于实现可视化界面的HTML代码。
<!DOCTYPE html>
<html>
<head>
<title>ARP攻击检测防护软件</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="https://cdn.bootcdn.net/ajax/libs/vis/4.21.0/vis.min.css" rel="stylesheet" type="text/css">
<script src="https://cdn.bootcdn.net/ajax/libs/vis/4.21.0/vis.min.js"></script>
<script src="https://cdn.bootcdn.net/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
</head>
<body>
<h1>ARP攻击检测防护软件</h1>
<h2>ARP缓存表</h2>
<table id="arp_table">
<thead>
<tr>
<th>IP地址</th>
<th>MAC地址</th>
</tr>
</thead>
<tbody>
</tbody>
</table>
<h2>告警列表</h2>
<ul id="alert_list">
</ul>
<h2>网络拓扑图</h2>
<div id="network_topology"></div>
<script>
// 获取ARP缓存表数据并更新表格
function updateArpTable() {
$.getJSON('/arp_table', function(data) {
$('#arp_table tbody').empty();
$.each(data.arp_table, function(ip, mac) {
var row = '<tr><td>' + ip + '</td><td>' + mac + '</td></tr>';
$('#arp_table tbody').append(row);
});
});
}
// 获取告警列表数据并更新列表
function updateAlertList() {
$.getJSON('/alert_list', function(data) {
$('#alert_list').empty();
$.each(data.alert_list, function(index, ip) {
var item = '<li>' + ip + '</li>';
$('#alert_list').append(item);
});
});
}
// 获取网络拓扑图数据并绘制图形
function drawNetworkTopology() {
$.getJSON('/network_topology', function(data) {
var nodes = new vis.DataSet(data.nodes);
var edges = new vis.DataSet(data.edges);
var container = document.getElementById('network_topology');
var options = {
nodes: {
shape: 'dot',
size: 30,
font: {
size: 32,
color: '#ffffff'
},
borderWidth: 2
},
edges: {
width: 2,
color: {inherit: 'from'},
smooth: false
},
groups: {
1: {color:{background:'red',border:'white'}}
}
};
var data = {
nodes: nodes,
edges: edges
};
var network = new vis.Network(container, data, options);
});
}
// 定时更新ARP缓存表、告警列表和网络拓扑图
setInterval(function() {
updateArpTable();
updateAlertList();
drawNetworkTopology();
}, 5000);
</script>
</body>
</html>
``
原文地址: https://www.cveoy.top/t/topic/fhZa 著作权归作者所有。请勿转载和采集!