基于Linux的ARP攻击检测防护软件的设计模块包括多种ARP攻击检测并且根据攻击类型输出信息如果没有ARP攻击则输出没有ARP攻击的信息扫描和记录局域网内活动主机的IP地址和MAC地址并且具有多个中文按钮实现可视化界面将结果保存在日志中并且可以通过查看日志查看信息。python基本代码实现
以下是基于Python的ARP攻击检测防护软件的基本代码实现:
- 导入所需模块
import os
import sys
import time
import threading
import subprocess
from PyQt5.QtWidgets import QApplication, QWidget, QLabel, QPushButton, QTextEdit, QGridLayout, QVBoxLayout
- 定义常量
ARP_CACHE_FILE = '/proc/net/arp'
LOG_FILE = 'arp_protect.log'
- 定义ARP攻击检测函数
def arp_check():
arp_cache = {}
with open(ARP_CACHE_FILE, 'r') as f:
lines = f.readlines()
for line in lines[1:]:
parts = line.split()
if len(parts) == 6:
ip = parts[0]
mac = parts[3]
arp_cache[ip] = mac
while True:
new_arp_cache = {}
with open(ARP_CACHE_FILE, 'r') as f:
lines = f.readlines()
for line in lines[1:]:
parts = line.split()
if len(parts) == 6:
ip = parts[0]
mac = parts[3]
new_arp_cache[ip] = mac
for ip in new_arp_cache:
if ip not in arp_cache or new_arp_cache[ip] != arp_cache[ip]:
log('ARP spoofing detected: ' + ip + ' -> ' + new_arp_cache[ip])
arp_cache = new_arp_cache
time.sleep(1)
- 定义局域网扫描函数
def scan_network():
network = '.'.join(os.popen('hostname -I').read().split('.')[0:3])
for i in range(1, 256):
ip = network + '.' + str(i)
t = threading.Thread(target=ping_host, args=(ip,))
t.start()
log('Network scan completed.')
- 定义ping主机函数
def ping_host(ip):
result = subprocess.call(['ping', '-c', '1', '-W', '1', ip], stdout=subprocess.DEVNULL)
if result == 0:
mac = get_mac_address(ip)
log('Host found: ' + ip + ' -> ' + mac)
- 定义获取MAC地址函数
def get_mac_address(ip):
output = os.popen('arp ' + ip).read()
parts = output.split()
if len(parts) == 5:
return parts[3]
else:
return '00:00:00:00:00:00'
- 定义日志函数
def log(msg):
with open(LOG_FILE, 'a') as f:
f.write(time.strftime('%Y-%m-%d %H:%M:%S') + ' ' + msg + '\n')
print(msg)
- 定义可视化界面类
class ARPProtect(QWidget):
def __init__(self):
super().__init__()
self.initUI()
def initUI(self):
self.setWindowTitle('ARP Protect')
self.resize(600, 400)
self.lblStatus = QLabel('Status: Not started')
self.btnStart = QPushButton('Start')
self.btnStop = QPushButton('Stop')
self.btnScan = QPushButton('Scan network')
self.btnClear = QPushButton('Clear log')
self.txtLog = QTextEdit()
gridLayout = QGridLayout()
gridLayout.addWidget(self.lblStatus, 0, 0)
gridLayout.addWidget(self.btnStart, 0, 1)
gridLayout.addWidget(self.btnStop, 0, 2)
gridLayout.addWidget(self.btnScan, 0, 3)
gridLayout.addWidget(self.btnClear, 0, 4)
gridLayout.addWidget(self.txtLog, 1, 0, 1, 5)
vboxLayout = QVBoxLayout()
vboxLayout.addLayout(gridLayout)
self.setLayout(vboxLayout)
self.btnStart.clicked.connect(self.start)
self.btnStop.clicked.connect(self.stop)
self.btnScan.clicked.connect(self.scan)
self.btnClear.clicked.connect(self.clear)
def start(self):
self.lblStatus.setText('Status: Running')
self.thread = threading.Thread(target=arp_check)
self.thread.start()
def stop(self):
self.lblStatus.setText('Status: Stopped')
self.thread.stop()
def scan(self):
self.lblStatus.setText('Status: Scanning network')
self.thread = threading.Thread(target=scan_network)
self.thread.start()
def clear(self):
self.txtLog.clear()
- 定义主函数
if __name__ == '__main__':
app = QApplication(sys.argv)
arp_protect = ARPProtect()
arp_protect.show()
sys.exit(app.exec_())
以上是基于Python的ARP攻击检测防护软件的基本代码实现,可以根据需求进行修改和完善
原文地址: https://www.cveoy.top/t/topic/fka5 著作权归作者所有。请勿转载和采集!