ARP, ICMP Flood, TCP Attack and Network Scanner Detector
{ "title": "ARP, ICMP Flood, TCP Attack and Network Scanner Detector", "description": "This application provides a GUI-based solution for detecting ARP spoofing, ICMP flooding, TCP attacks, and scanning your network for active devices. It features individual pages for each detection type, allowing you to control and monitor them separately.", "keywords": "ARP spoofing detection, ICMP flood detection, TCP attack detection, network scanner, GUI, Python, Scapy, netifaces", "content": "```python import tkinter as tk import os import sys import time import threading import netifaces from scapy.all import * from scapy.layers.l2 import ARP from tkinter import messagebox from scapy.layers.l2 import getmacbyip
class ArpDetectorPage: def init(self, master, timeout): self.master = master self.timeout = timeout self.interface = 'ens33' self.ip_mac_map = {} self.attacker_ip = None self.attacker_mac = None self.thread = None self.stop_event = threading.Event()
self.frame = tk.Frame(self.master)
self.frame.pack()
self.status_label = tk.Label(self.frame, text='Idle')
self.status_label.pack()
self.start_button = tk.Button(self.frame, text='Start', command=self.start_detection)
self.start_button.pack()
self.stop_button = tk.Button(self.frame, text='Stop', command=self.stop_detection, state=tk.DISABLED)
self.stop_button.pack()
def start_detection(self):
self.status_label.config(text='Running')
self.start_button.config(state=tk.DISABLED)
self.stop_button.config(state=tk.NORMAL)
self.thread = threading.Thread(target=self.run)
self.thread.start()
def stop_detection(self):
self.status_label.config(text='Idle')
self.start_button.config(state=tk.NORMAL)
self.stop_button.config(state=tk.DISABLED)
self.stop_event.set()
self.thread.join()
def run(self):
self.attacker_ip = netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr']
self.attacker_mac = getmacbyip(self.attacker_ip)
print(f'Attacker IP: {self.attacker_ip}, MAC: {self.attacker_mac}')
while not self.stop_event.is_set():
self.scan_network()
self.detect_arp_spoofing()
time.sleep(5)
self.timer += 5
if self.timer >= self.timeout:
print('No ARP spoofing detected')
self.stop_event.set()
def scan_network(self):
for ip in netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr'].split('.')[:-1]:
for i in range(1, 255):
target_ip = f'{ip}.{i}'
if target_ip != self.attacker_ip:
arp_request = ARP(pdst=target_ip)
arp_reply = sr1(arp_request, timeout=1, verbose=0)
if arp_reply and arp_reply.hwsrc not in ('00:00:00:00:00:00', self.attacker_mac):
self.ip_mac_map[target_ip] = arp_reply.hwsrc
def detect_arp_spoofing(self):
for target_ip, target_mac in self.ip_mac_map.items():
arp_request = ARP(op=1, pdst=target_ip, hwdst=target_mac, psrc=self.attacker_ip, hwsrc=self.attacker_mac)
arp_reply = sr1(arp_request, timeout=1, verbose=0)
if arp_reply and arp_reply.hwsrc != target_mac:
print(f'ARP spoofing detected: {target_ip} ({target_mac}) -> {arp_reply.hwsrc}')
class ArpDetectorPageUI: def init(self, master): self.master = master self.master.title('ARP Detector') self.master.geometry('400x150')
self.timeout_label = tk.Label(self.master, text='Detection Time (s)')
self.timeout_label.pack()
self.timeout_entry = tk.Entry(self.master)
self.timeout_entry.pack()
self.start_button = tk.Button(self.master, text='Start', command=self.start_detection)
self.start_button.pack()
def start_detection(self):
timeout = int(self.timeout_entry.get())
self.master.withdraw()
ArpDetectorPage(self.master, timeout)
class IcmpFloodDetectorPage: def init(self, master, timeout): self.master = master self.timeout = timeout self.interface = 'ens33' self.attacker_ip = None self.thread = None self.stop_event = threading.Event()
self.frame = tk.Frame(self.master)
self.frame.pack()
self.status_label = tk.Label(self.frame, text='Idle')
self.status_label.pack()
self.start_button = tk.Button(self.frame, text='Start', command=self.start_detection)
self.start_button.pack()
self.stop_button = tk.Button(self.frame, text='Stop', command=self.stop_detection, state=tk.DISABLED)
self.stop_button.pack()
def start_detection(self):
self.status_label.config(text='Running')
self.start_button.config(state=tk.DISABLED)
self.stop_button.config(state=tk.NORMAL)
self.thread = threading.Thread(target=self.run)
self.thread.start()
def stop_detection(self):
self.status_label.config(text='Idle')
self.start_button.config(state=tk.NORMAL)
self.stop_button.config(state=tk.DISABLED)
self.stop_event.set()
self.thread.join()
def run(self):
self.attacker_ip = netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr']
print(f'Attacker IP: {self.attacker_ip}')
while not self.stop_event.is_set():
self.detect_icmp_flood()
time.sleep(5)
self.timer += 5
if self.timer >= self.timeout:
print('No ICMP spoofing detected')
self.stop_event.set()
def detect_icmp_flood(self):
icmp_packets = sniff(filter=f'icmp and src host {self.attacker_ip}', timeout=1, count=10)
if len(icmp_packets) == 10:
print('ICMP flood detected')
class IcmpFloodDetectorPageUI: def init(self, master): self.master = master self.master.title('ICMP Flood Detector') self.master.geometry('400x150')
self.timeout_label = tk.Label(self.master, text='Detection Time (s)')
self.timeout_label.pack()
self.timeout_entry = tk.Entry(self.master)
self.timeout_entry.pack()
self.start_button = tk.Button(self.master, text='Start', command=self.start_detection)
self.start_button.pack()
def start_detection(self):
timeout = int(self.timeout_entry.get())
self.master.withdraw()
IcmpFloodDetectorPage(self.master, timeout)
class TcpAttackDetectorPage: def init(self, master, timeout): self.master = master self.timeout = timeout self.interface = 'ens33' self.attacker_ip = None self.thread = None self.stop_event = threading.Event()
self.frame = tk.Frame(self.master)
self.frame.pack()
self.status_label = tk.Label(self.frame, text='Idle')
self.status_label.pack()
self.start_button = tk.Button(self.frame, text='Start', command=self.start_detection)
self.start_button.pack()
self.stop_button = tk.Button(self.frame, text='Stop', command=self.stop_detection, state=tk.DISABLED)
self.stop_button.pack()
def start_detection(self):
self.status_label.config(text='Running')
self.start_button.config(state=tk.DISABLED)
self.stop_button.config(state=tk.NORMAL)
self.thread = threading.Thread(target=self.run)
self.thread.start()
def stop_detection(self):
self.status_label.config(text='Idle')
self.start_button.config(state=tk.NORMAL)
self.stop_button.config(state=tk.DISABLED)
self.stop_event.set()
self.thread.join()
def run(self):
self.attacker_ip = netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr']
print(f'Attacker IP: {self.attacker_ip}')
while not self.stop_event.is_set():
self.detect_tcp_attack()
time.sleep(5)
self.timer += 5
if self.timer >= self.timeout:
print('No TCP spoofing detected')
self.stop_event.set()
def detect_tcp_attack(self):
tcp_packets = sniff(filter=f'tcp and src host {self.attacker_ip}', timeout=1, count=10)
if len(tcp_packets) == 10:
print('TCP attack detected')
class TcpAttackDetectorPageUI: def init(self, master): self.master = master self.master.title('TCP Attack Detector') self.master.geometry('400x150')
self.timeout_label = tk.Label(self.master, text='Detection Time (s)')
self.timeout_label.pack()
self.timeout_entry = tk.Entry(self.master)
self.timeout_entry.pack()
self.start_button = tk.Button(self.master, text='Start', command=self.start_detection)
self.start_button.pack()
def start_detection(self):
timeout = int(self.timeout_entry.get())
self.master.withdraw()
TcpAttackDetectorPage(self.master, timeout)
class NetworkScannerPage: def init(self, master): self.master = master self.interface = 'ens33' self.ip_mac_map = {} self.thread = None self.stop_event = threading.Event()
self.frame = tk.Frame(self.master)
self.frame.pack()
self.status_label = tk.Label(self.frame, text='Idle')
self.status_label.pack()
self.start_button = tk.Button(self.frame, text='Start', command=self.start_detection)
self.start_button.pack()
self.stop_button = tk.Button(self.frame, text='Stop', command=self.stop_detection, state=tk.DISABLED)
self.stop_button.pack()
def start_detection(self):
self.status_label.config(text='Running')
self.start_button.config(state=tk.DISABLED)
self.stop_button.config(state=tk.NORMAL)
self.thread = threading.Thread(target=self.run)
self.thread.start()
def stop_detection(self):
self.status_label.config(text='Idle')
self.start_button.config(state=tk.NORMAL)
self.stop_button.config(state=tk.DISABLED)
self.stop_event.set()
self.thread.join()
def run(self):
while not self.stop_event.is_set():
self.scan_network()
time.sleep(10)
def scan_network(self):
for ip in netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr'].split('.')[:-1]:
for i in range(1, 255):
target_ip = f'{ip}.{i}'
if target_ip not in self.ip_mac_map:
arp_request = ARP(pdst=target_ip)
arp_reply = sr1(arp_request, timeout=1, verbose=0)
if arp_reply and arp_reply.hwsrc not in ('00:00:00:00:00:00', 'ff:ff:ff:ff:ff:ff'):
self.ip_mac_map[target_ip] = arp_reply.hwsrc
print(f'Found: {target_ip} ({arp_reply.hwsrc})')
self.save_to_file(target_ip, arp_reply.hwsrc)
def save_to_file(self, ip, mac):
with open('network_scan.txt', 'a') as f:
f.write(f'{ip},{mac}
')
class NetworkScannerPageUI: def init(self, master): self.master = master self.master.title('Network Scanner') self.master.geometry('400x100')
self.start_button = tk.Button(self.master, text='Start', command=self.start_detection)
self.start_button.pack()
def start_detection(self):
self.master.withdraw()
NetworkScannerPage(self.master)
class MainMenu: def init(self): self.root = tk.Tk() self.root.title('Network Security Monitor') self.root.geometry('400x300')
self.arp_button = tk.Button(self.root, text='ARP Detection', command=self.open_arp_detector)
self.arp_button.pack(pady=10)
self.icmp_button = tk.Button(self.root, text='ICMP Flood Detection', command=self.open_icmp_flood_detector)
self.icmp_button.pack(pady=10)
self.tcp_button = tk.Button(self.root, text='TCP Attack Detection', command=self.open_tcp_attack_detector)
self.tcp_button.pack(pady=10)
self.network_button = tk.Button(self.root, text='Network Scanner', command=self.open_network_scanner)
self.network_button.pack(pady=10)
self.root.mainloop()
def open_arp_detector(self):
self.root.withdraw()
arp_window = tk.Toplevel(self.root)
ArpDetectorPageUI(arp_window)
def open_icmp_flood_detector(self):
self.root.withdraw()
icmp_window = tk.Toplevel(self.root)
IcmpFloodDetectorPageUI(icmp_window)
def open_tcp_attack_detector(self):
self.root.withdraw()
tcp_window = tk.Toplevel(self.root)
TcpAttackDetectorPageUI(tcp_window)
def open_network_scanner(self):
self.root.withdraw()
network_window = tk.Toplevel(self.root)
NetworkScannerPageUI(network_window)
if name == 'main': main_menu = MainMenu()
原文地址: https://www.cveoy.top/t/topic/jnVE 著作权归作者所有。请勿转载和采集!