Python ARP Spoofing Detector: Real-time Network Security Monitoring
ARP Spoofing Detector: Secure Your Network with Python
This script implements an ARP spoofing detector using the powerful Python libraries Scapy and Tkinter. It constantly monitors your network for suspicious ARP traffic and provides real-time alerts in a user-friendly graphical interface.
Key Features:
- Real-time ARP Monitoring: Continuously scans the network for ARP requests and replies.
- ARP Spoofing Detection: Detects attempts to spoof MAC addresses for specific IP addresses.
- Visual Alerts: Displays alerts in a Tkinter window when ARP spoofing is detected.
- User-configurable Timeout: Allows you to set the detection time interval.
Code:
import threading
import time
import tkinter as tk
import netifaces
from scapy.all import * # Import Scapy for network packet manipulation
from getmac import getmacbyip # Import getmac for MAC address resolution
class ArpDetectorPage:
def __init__(self, master, timeout):
self.master = master
self.timeout = timeout
self.interface = 'ens33' # Replace with your network interface
self.ip_mac_map = {}
self.attacker_ip = None
self.attacker_mac = None
self.thread = None
self.stop_event = threading.Event()
self.timer = 0
self.frame = tk.Frame(self.master)
self.frame.pack()
self.status_label = tk.Label(self.frame, text='Idle')
self.status_label.pack()
self.start_button = tk.Button(self.frame, text='Start', command=self.start_detection)
self.start_button.pack()
self.stop_button = tk.Button(self.frame, text='Stop', command=self.stop_detection, state=tk.DISABLED)
self.stop_button.pack()
def start_detection(self):
self.status_label.config(text='Running')
self.start_button.config(state=tk.DISABLED)
self.stop_button.config(state=tk.NORMAL)
self.thread = threading.Thread(target=self.run)
self.thread.start()
def stop_detection(self):
self.status_label.config(text='Idle')
self.start_button.config(state=tk.NORMAL)
self.stop_button.config(state=tk.DISABLED)
self.stop_event.set()
self.thread.join()
def run(self):
self.attacker_ip = netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr']
self.attacker_mac = getmacbyip(self.attacker_ip)
print(f'Attacker IP: {self.attacker_ip}, MAC: {self.attacker_mac}')
while not self.stop_event.is_set():
self.scan_network()
self.detect_arp_spoofing()
time.sleep(5)
self.timer += 5
if self.timer >= self.timeout:
print('No ARP spoofing detected')
self.stop_event.set()
def scan_network(self):
for ip in netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr'].split('.')[:-1]:
for i in range(1, 255):
target_ip = f'{ip}.{i}'
if target_ip != self.attacker_ip:
arp_request = ARP(pdst=target_ip)
arp_reply = sr1(arp_request, timeout=1, verbose=0)
if arp_reply and arp_reply.hwsrc not in ('00:00:00:00:00:00', self.attacker_mac):
self.ip_mac_map[target_ip] = arp_reply.hwsrc
def detect_arp_spoofing(self):
for target_ip, target_mac in self.ip_mac_map.items():
arp_request = ARP(op=1, pdst=target_ip, hwdst=target_mac, psrc=self.attacker_ip, hwsrc=self.attacker_mac)
arp_reply = sr1(arp_request, timeout=1, verbose=0)
if arp_reply and arp_reply.hwsrc != target_mac:
print(f'ARP spoofing detected: {target_ip} ({target_mac}) -> {arp_reply.hwsrc}')
class ArpDetectorPageUI:
def __init__(self, master):
self.master = master
self.master.title('ARP Detector')
self.master.geometry('400x150')
self.timeout_label = tk.Label(self.master, text='Detection Time (s)')
self.timeout_label.pack()
self.timeout_entry = tk.Entry(self.master)
self.timeout_entry.pack()
self.start_button = tk.Button(self.master, text='Start', command=self.start_detection)
self.start_button.pack()
def start_detection(self):
timeout = int(self.timeout_entry.get())
self.master.withdraw()
ArpDetectorPage(self.master, timeout)
root = tk.Tk()
ArpDetectorPageUI(root)
root.mainloop()
Explanation:
- Import Libraries: Import necessary libraries for network manipulation (Scapy), threading, time, GUI (Tkinter), and MAC address resolution (getmac).
- ArpDetectorPage Class:
- Initialization: Sets up the Tkinter GUI with a status label, start button, and stop button.
- start_detection: Starts the detection process by creating a new thread and configuring UI elements.
- stop_detection: Stops the detection process, updates UI elements, and joins the thread.
- run: Continuously monitors the network for ARP spoofing attacks.
- scan_network: Scans the network for active devices and stores IP-MAC mappings.
- detect_arp_spoofing: Checks for ARP spoofing attempts by sending ARP requests and comparing received replies with the known mappings.
- ArpDetectorPageUI Class: Creates the main window for the ARP detector with an input field for the detection timeout and a start button.
To run the code:
- Install necessary libraries:
pip install scapy getmac - Replace
ens33with the name of your network interface. - Run the Python script.
Note: This script requires administrative privileges to work on most systems. You may need to run it as administrator (e.g., using sudo python your_script.py).
This ARP spoofing detector can help you identify and prevent malicious activities on your network, improving your overall security posture.
原文地址: https://www.cveoy.top/t/topic/jnVI 著作权归作者所有。请勿转载和采集!