• 日期: 2027-11-07
  • 标签: 常规

import tkinter as tk import os import sys import time import threading import netifaces from scapy.all import * from scapy.layers.l2 import ARP from tkinter import messagebox from scapy.layers.l2 import get_mac_address

class ArpDetector: 'Detects ARP spoofing attacks.' def init(self, interface): self.interface = interface self.ip_mac_map = {} self.attacker_ip = None self.attacker_mac = None self.thread = None self.stop_event = threading.Event()

def start(self):
    'Starts the ARP spoofing detection thread.'
    self.thread = threading.Thread(target=self.run)
    self.thread.start()

def stop(self):
    'Stops the ARP spoofing detection thread.'
    self.stop_event.set()
    self.thread.join()

def run(self):
    'Main loop for ARP spoofing detection.'
    self.attacker_ip = netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr']
    self.attacker_mac = get_mac_address(ip=self.attacker_ip)
    print(f'Attacker IP: {self.attacker_ip}, MAC: {self.attacker_mac}')

    while not self.stop_event.is_set():
        self.scan_network()
        self.detect_arp_spoofing()
        time.sleep(5)

def scan_network(self):
    'Scans the network for active devices and builds an IP-MAC map.'
    for ip in netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr'].split('.')[:-1]:
        for i in range(1, 255):
            target_ip = f'{ip}.{i}'
            if target_ip != self.attacker_ip:
                arp_request = ARP(pdst=target_ip)
                arp_reply = sr1(arp_request, timeout=1, verbose=0)
                if arp_reply and arp_reply.hwsrc not in ('00:00:00:00:00:00', self.attacker_mac):
                    self.ip_mac_map[target_ip] = arp_reply.hwsrc

def detect_arp_spoofing(self):
    'Detects ARP spoofing attacks by comparing received ARP replies with the known IP-MAC map.'
    for target_ip, target_mac in self.ip_mac_map.items():
        arp_request = ARP(op=1, pdst=target_ip, hwdst=target_mac, psrc=self.attacker_ip, hwsrc=self.attacker_mac)
        arp_reply = sr1(arp_request, timeout=1, verbose=0)
        if arp_reply and arp_reply.hwsrc != target_mac:
            print(f'ARP spoofing detected: {target_ip} ({target_mac}) -> {arp_reply.hwsrc}')

class IcmpFloodDetector: 'Detects ICMP flood attacks.' def init(self, interface): self.interface = interface self.attacker_ip = None self.thread = None self.stop_event = threading.Event()

def start(self):
    'Starts the ICMP flood detection thread.'
    self.thread = threading.Thread(target=self.run)
    self.thread.start()

def stop(self):
    'Stops the ICMP flood detection thread.'
    self.stop_event.set()
    self.thread.join()

def run(self):
    'Main loop for ICMP flood detection.'
    self.attacker_ip = netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr']
    print(f'Attacker IP: {self.attacker_ip}')

    while not self.stop_event.is_set():
        self.detect_icmp_flood()
        time.sleep(5)

def detect_icmp_flood(self):
    'Detects ICMP flood attacks by counting the number of ICMP packets received within a short time frame.'
    icmp_packets = sniff(filter=f'icmp and src host {self.attacker_ip}', timeout=1, count=10)
    if len(icmp_packets) == 10:
        print('ICMP flood detected')

class TcpAttackDetector: 'Detects TCP SYN flood attacks.' def init(self, interface): self.interface = interface self.attacker_ip = None self.thread = None self.stop_event = threading.Event()

def start(self):
    'Starts the TCP SYN flood detection thread.'
    self.thread = threading.Thread(target=self.run)
    self.thread.start()

def stop(self):
    'Stops the TCP SYN flood detection thread.'
    self.stop_event.set()
    self.thread.join()

def run(self):
    'Main loop for TCP SYN flood detection.'
    self.attacker_ip = netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr']
    print(f'Attacker IP: {self.attacker_ip}')

    while not self.stop_event.is_set():
        self.detect_tcp_attack()
        time.sleep(5)

def detect_tcp_attack(self):
    'Detects TCP SYN flood attacks by counting the number of TCP SYN packets received within a short time frame.'
    tcp_packets = sniff(filter=f'tcp and src host {self.attacker_ip}', timeout=1, count=10)
    if len(tcp_packets) == 10:
        print('TCP attack detected')

class NetworkScanner: 'Scans the network for active devices and logs their IP and MAC addresses.' def init(self, interface): self.interface = interface self.ip_mac_map = {} self.thread = None self.stop_event = threading.Event()

def start(self):
    'Starts the network scanning thread.'
    self.thread = threading.Thread(target=self.run)
    self.thread.start()

def stop(self):
    'Stops the network scanning thread.'
    self.stop_event.set()
    self.thread.join()

def run(self):
    'Main loop for network scanning.'
    while not self.stop_event.is_set():
        self.scan_network()
        time.sleep(10)

def scan_network(self):
    'Scans the network for active devices and logs their IP and MAC addresses.'
    for ip in netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr'].split('.')[:-1]:
        for i in range(1, 255):
            target_ip = f'{ip}.{i}'
            if target_ip not in self.ip_mac_map:
                arp_request = ARP(pdst=target_ip)
                arp_reply = sr1(arp_request, timeout=1, verbose=0)
                if arp_reply and arp_reply.hwsrc not in ('00:00:00:00:00:00', 'ff:ff:ff:ff:ff:ff'):
                    self.ip_mac_map[target_ip] = arp_reply.hwsrc
                    print(f'Found: {target_ip} ({arp_reply.hwsrc})')
                    self.save_to_file(target_ip, arp_reply.hwsrc)

def save_to_file(self, ip, mac):
    'Saves the discovered IP-MAC pairs to a file.'
    with open('network_scan.txt', 'a') as f:
        f.write(f'{ip},{mac}

')

class LoginWindow: 'Handles user login and registration.' def init(self): self.root = tk.Tk() self.root.title('Login') self.root.geometry('300x150')

    tk.Label(self.root, text='Username').place(x=50, y=30)
    self.username_entry = tk.Entry(self.root)
    self.username_entry.place(x=120, y=30)

    tk.Label(self.root, text='Password').place(x=50, y=60)
    self.password_entry = tk.Entry(self.root, show='*')
    self.password_entry.place(x=120, y=60)

    self.login_button = tk.Button(self.root, text='Login', command=self.login)
    self.login_button.place(x=100, y=100)

    self.register_button = tk.Button(self.root, text='Register', command=self.register)
    self.register_button.place(x=170, y=100)

    self.root.mainloop()

users = [{'username': 'admin', 'password': 'admin'}]

def login(self): 'Handles user login.' username = self.username_entry.get() password = self.password_entry.get() for user in users: if user['username'] == username and user['password'] == password: # Login successful, proceed to main window self.show_main_window() return # Login failed, display error message messagebox.showinfo('Error', 'Username or password incorrect')

def register(self): 'Handles user registration.' username = self.username_entry.get() password = self.password_entry.get() for user in users: if user['username'] == username: # Username already exists, display error message messagebox.showerror('Error', 'Username already exists') return

# Username does not exist, add new user to the list
users.append({'username': username, 'password': password})
# Registration successful, display success message
messagebox.showinfo('Info', 'Registration successful, please login')

class MainWindow: 'Main window for the network security scanner.' def init(self): self.root = tk.Tk() self.root.title('ARP Detector') self.root.geometry('400x300')

    self.status_label = tk.Label(self.root, text='Idle')
    self.status_label.pack()

    self.start_button = tk.Button(self.root, text='Start', command=self.start_detection)
    self.start_button.pack()

    self.stop_button = tk.Button(self.root, text='Stop', command=self.stop_detection, state=tk.DISABLED)
    self.stop_button.pack()

    self.root.mainloop()

def start_detection(self):
    'Starts all detection and scanning threads.'
    self.status_label.config(text='Running')
    self.start_button.config(state=tk.DISABLED)
    self.stop_button.config(state=tk.NORMAL)

    self.arp_detector = ArpDetector('ens33')
    self.arp_detector.start()

    self.icmp_flood_detector = IcmpFloodDetector('ens33')
    self.icmp_flood_detector.start()

    self.tcp_attack_detector = TcpAttackDetector('ens33')
    self.tcp_attack_detector.start()

    self.network_scanner = NetworkScanner('ens33')
    self.network_scanner.start()

def stop_detection(self):
    'Stops all detection and scanning threads.'
    self.status_label.config(text='Idle')
    self.start_button.config(state=tk.NORMAL)
    self.stop_button.config(state=tk.DISABLED)

    self.arp_detector.stop()
    self.icmp_flood_detector.stop()
    self.tcp_attack_detector.stop()
    self.network_scanner.stop()

if name == 'main': login_window = LoginWindow() # main_window = MainWindow() # This line is commented to prevent launching the main window before successful login

# You need to implement the show_main_window() function in LoginWindow class
# and call it after successful login within the login() function.
# Example: self.show_main_window() = MainWindow() will create the main window after successful login
# This is how you can connect login and main window
Python Network Security Scanner: Detect ARP Spoofing, ICMP Flood, TCP Attacks

原文地址: https://www.cveoy.top/t/topic/jnT3 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录