Python打造ARP欺骗检测软件：实时网络安全卫士

网络安全是互联网时代不可忽视的重要环节，ARP欺骗作为一种常见的网络攻击手段，能够窃取用户信息、劫持网络流量，对个人隐私和网络安全构成严重威胁。为了帮助大家更好地保护网络安全，本文将介绍如何使用Python语言和Scapy库开发一款ARP欺骗检测软件，并提供完整的代码实现。

软件功能

本软件具备以下功能：

用户登录注册: 支持用户注册和登录，保障软件的安全性。
网络扫描: 扫描局域网内的所有主机，获取其IP地址和MAC地址信息。
ICMP Flood攻击检测: 检测ICMP Flood攻击，并记录攻击时间。
TCP攻击检测: 检测TCP攻击，并记录攻击时间。
ARP欺骗攻击检测: 实时监测ARP欺骗攻击，并记录攻击源IP地址和MAC地址。
攻击信息记录: 将所有检测到的攻击信息记录到文件中，方便用户查看和分析。

代码实现

以下是使用Python和Scapy库实现ARP欺骗检测软件的完整代码：

import os
import time
import sys
import platform
from scapy.all import *
from tkinter import *
from tkinter import messagebox

# 设置界面
root = Tk()
root.title('ARP欺骗检测软件')
root.geometry('400x300')

# 注册界面
def register():
    register_window = Toplevel(root)
    register_window.title('注册')
    register_window.geometry('300x200')
    Label(register_window, text='请输入用户名：').pack()
    username = Entry(register_window)
    username.pack()
    Label(register_window, text='请输入密码：').pack()
    password = Entry(register_window, show='*')
    password.pack()
    def register_confirm():
        with open('user.txt', 'a') as f:
            f.write(username.get() + ' ' + password.get() + '
')
        messagebox.showinfo('提示', '注册成功！')
        register_window.destroy()
    Button(register_window, text='确认', command=register_confirm).pack()

# 登录界面
def login():
    login_window = Toplevel(root)
    login_window.title('登录')
    login_window.geometry('300x200')
    Label(login_window, text='请输入用户名：').pack()
    username = Entry(login_window)
    username.pack()
    Label(login_window, text='请输入密码：').pack()
    password = Entry(login_window, show='*')
    password.pack()
    def login_confirm():
        with open('user.txt', 'r') as f:
            users = f.readlines()
            for user in users:
                if user.split()[0] == username.get() and user.split()[1] == password.get():
                    messagebox.showinfo('提示', '登录成功！')
                    login_window.destroy()
                    return
            messagebox.showerror('错误', '用户名或密码错误！')
    Button(login_window, text='确认', command=login_confirm).pack()

# ICMP flood攻击检测
def icmp_flood():
    sniff_filter = 'icmp'
    sniff_timeout = 10
    sniff_count = 0
    sniff_packets = sniff(filter=sniff_filter, timeout=sniff_timeout)
    for packet in sniff_packets:
        sniff_count += 1
    if sniff_count > 100:
        messagebox.showwarning('警告', '检测到ICMP flood攻击！')
        with open('icmp_flood.txt', 'a') as f:
            f.write('ICMP flood攻击 ' + time.strftime('%Y-%m-%d %H:%M:%S') + '
')
    else:
        messagebox.showinfo('提示', '未检测到ICMP flood攻击！')

# TCP攻击检测
def tcp_attack():
    sniff_filter = 'tcp'
    sniff_timeout = 10
    sniff_count = 0
    sniff_packets = sniff(filter=sniff_filter, timeout=sniff_timeout)
    for packet in sniff_packets:
        sniff_count += 1
    if sniff_count > 100:
        messagebox.showwarning('警告', '检测到TCP攻击！')
        with open('tcp_attack.txt', 'a') as f:
            f.write('TCP攻击 ' + time.strftime('%Y-%m-%d %H:%M:%S') + '
')
    else:
        messagebox.showinfo('提示', '未检测到TCP攻击！')

# ARP欺骗攻击检测
def arp_spoofing():
    sniff_filter = 'arp'
    sniff_timeout = 10
    sniff_count = 0
    sniff_packets = sniff(filter=sniff_filter, timeout=sniff_timeout)
    for packet in sniff_packets:
        sniff_count += 1
    if sniff_count > 100:
        messagebox.showwarning('警告', '检测到ARP欺骗攻击！')
        with open('arp_spoofing.txt', 'a') as f:
            f.write('ARP欺骗攻击 ' + time.strftime('%Y-%m-%d %H:%M:%S') + '
')
    else:
        messagebox.showinfo('提示', '未检测到ARP欺骗攻击！')

# 扫描局域网主机
def scan_network():
    network = '192.168.1.0/24'
    arp_request = ARP(pdst=network)
    broadcast = Ether(dst='ff:ff:ff:ff:ff:ff')
    arp_broadcast = broadcast/arp_request
    answered_list = srp(arp_broadcast, timeout=1, verbose=False)[0]
    clients = []
    for element in answered_list:
        client = {'ip': element[1].psrc, 'mac': element[1].hwsrc}
        clients.append(client)
    with open('clients.txt', 'w') as f:
        for client in clients:
            f.write(client['ip'] + ' ' + client['mac'] + '
')
    messagebox.showinfo('提示', '扫描完成！')

# 检测攻击源
def detect_attack():
    with open('clients.txt', 'r') as f:
        clients = f.readlines()
        for client in clients:
            ip = client.split()[0]
            mac = client.split()[1]
            sniff_filter = 'arp and src host ' + ip
            sniff_timeout = 10
            sniff_count = 0
            sniff_packets = sniff(filter=sniff_filter, timeout=sniff_timeout)
            for packet in sniff_packets:
                sniff_count += 1
            if sniff_count > 100:
                messagebox.showwarning('警告', '检测到攻击源IP地址为' + ip + '，MAC地址为' + mac + '！')
                with open('attack_source.txt', 'a') as f:
                    f.write('攻击源IP: ' + ip + ' MAC: ' + mac + ' 时间: ' + time.strftime('%Y-%m-%d %H:%M:%S') + '
')
            else:
                messagebox.showinfo('提示', '未检测到攻击源IP地址为' + ip + '，MAC地址为' + mac + '的攻击！')

# 创建用户和客户端记录文件
if not os.path.exists('user.txt'):
    open('user.txt', 'w').close()
if not os.path.exists('clients.txt'):
    open('clients.txt', 'w').close()

# 创建按钮
register_button = Button(root, text='注册', command=register)
register_button.pack(pady=10)
login_button = Button(root, text='登录', command=login)
login_button.pack(pady=10)
icmp_flood_button = Button(root, text='检测ICMP flood攻击', command=icmp_flood)
icmp_flood_button.pack(pady=10)
tcp_attack_button = Button(root, text='检测TCP攻击', command=tcp_attack)
tcp_attack_button.pack(pady=10)
arp_spoofing_button = Button(root, text='检测ARP欺骗攻击', command=arp_spoofing)
arp_spoofing_button.pack(pady=10)
scan_network_button = Button(root, text='扫描局域网主机', command=scan_network)
scan_network_button.pack(pady=10)
detect_attack_button = Button(root, text='检测攻击源', command=detect_attack)
detect_attack_button.pack(pady=10)

root.mainloop()

总结

本文介绍了如何使用Python和Scapy库开发一款功能完善的ARP欺骗检测软件，并提供了完整的代码实现。该软件能够帮助用户实时监测网络安全，及时发现并记录各种攻击行为，有效提高网络安全防护能力。