网络安全检测工具:Python实现ARP欺骗、ICMP泛洪和TCP攻击检测
import tkinter as tk
import os
import sys
import time
import threading
import netifaces
from scapy.all import *
from scapy.layers.l2 import ARP
from tkinter import messagebox
from scapy.layers.l2 import getmacbyip
class ArpDetector:
def __init__(self, interface):
self.interface = interface
self.ip_mac_map = {}
self.attacker_ip = None
self.attacker_mac = None
self.thread = None
self.stop_event = threading.Event()
self.timeout = 60 # 检测时间为60秒
def start(self):
self.thread = threading.Thread(target=self.run)
self.thread.start()
def stop(self):
self.stop_event.set()
self.thread.join()
def run(self):
self.attacker_ip = netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr']
self.attacker_mac = getmacbyip(self.attacker_ip)
print(f'Attacker IP: {self.attacker_ip}, MAC: {self.attacker_mac}')
start_time = time.time()
while not self.stop_event.is_set() and time.time() - start_time < self.timeout:
self.scan_network()
self.detect_arp_spoofing()
time.sleep(5)
if not self.stop_event.is_set():
print('No ARP spoofing detected')
def scan_network(self):
for ip in netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr'].split('.')[:-1]:
for i in range(1, 255):
target_ip = f'{ip}.{i}'
if target_ip != self.attacker_ip:
arp_request = ARP(pdst=target_ip)
arp_reply = sr1(arp_request, timeout=1, verbose=0)
if arp_reply and arp_reply.hwsrc not in ('00:00:00:00:00:00', self.attacker_mac):
self.ip_mac_map[target_ip] = arp_reply.hwsrc
def detect_arp_spoofing(self):
for target_ip, target_mac in self.ip_mac_map.items():
arp_request = ARP(op=1, pdst=target_ip, hwdst=target_mac, psrc=self.attacker_ip, hwsrc=self.attacker_mac)
arp_reply = sr1(arp_request, timeout=1, verbose=0)
if arp_reply and arp_reply.hwsrc != target_mac:
print(f'ARP spoofing detected: {target_ip} ({target_mac}) -> {arp_reply.hwsrc}')
class IcmpFloodDetector:
def __init__(self, interface):
self.interface = interface
self.attacker_ip = None
self.thread = None
self.stop_event = threading.Event()
self.timeout = 60 # 检测时间为60秒
def start(self):
self.thread = threading.Thread(target=self.run)
self.thread.start()
def stop(self):
self.stop_event.set()
self.thread.join()
def run(self):
self.attacker_ip = netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr']
print(f'Attacker IP: {self.attacker_ip}')
start_time = time.time()
while not self.stop_event.is_set() and time.time() - start_time < self.timeout:
self.detect_icmp_flood()
time.sleep(5)
if not self.stop_event.is_set():
print('No ICMP flood detected')
def detect_icmp_flood(self):
icmp_packets = sniff(filter=f'icmp and src host {self.attacker_ip}', timeout=1, count=10)
if len(icmp_packets) == 10:
print('ICMP flood detected')
# ... 其他类定义 ...
if __name__ == '__main__':
users = [{'username': 'admin', 'password': 'admin'}]
login_window = LoginWindow()
main_window = MainWindow()
原文地址: https://www.cveoy.top/t/topic/jnU6 著作权归作者所有。请勿转载和采集!