基于 Python 的网络安全工具:ARP欺骗、ICMP泛洪和TCP攻击检测
import tkinter as tk
import os
import sys
import time
import threading
import netifaces
from scapy.all import *
from scapy.layers.l2 import ARP
from tkinter import messagebox
from scapy.layers.l2 import getmacbyip
from scapy.layers.inet import IP, ICMP
from scapy.layers.inet import TCP
class ArpDetectorPage:
def __init__(self, master, timeout):
self.master = master
self.timeout = timeout
self.interface = 'ens33'
self.ip_mac_map = {}
self.attacker_ip = None
self.attacker_mac = None
self.thread = None
self.stop_event = threading.Event()
self.frame = tk.Frame(self.master)
self.frame.pack()
self.status_label = tk.Label(self.frame, text='Idle')
self.status_label.pack()
self.start_button = tk.Button(self.frame, text='Start', command=self.start_detection)
self.start_button.pack()
self.stop_button = tk.Button(self.frame, text='Stop', command=self.stop_detection, state=tk.DISABLED)
self.stop_button.pack()
def start_detection(self):
self.status_label.config(text='Running')
self.start_button.config(state=tk.DISABLED)
self.stop_button.config(state=tk.NORMAL)
self.thread = threading.Thread(target=self.run)
self.thread.start()
def stop_detection(self):
self.status_label.config(text='Idle')
self.start_button.config(state=tk.NORMAL)
self.stop_button.config(state=tk.DISABLED)
self.stop_event.set()
self.thread.join()
def run(self):
self.attacker_ip = netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr']
self.attacker_mac = getmacbyip(self.attacker_ip)
print(f'Attacker IP: {self.attacker_ip}, MAC: {self.attacker_mac}')
while not self.stop_event.is_set():
self.scan_network()
self.detect_arp_spoofing()
time.sleep(5)
self.timer += 5
if self.timer >= self.timeout:
print('No ARP spoofing detected')
self.stop_event.set()
def scan_network(self):
for ip in netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr'].split('.')[:-1]:
for i in range(1, 255):
target_ip = f'{ip}.{i}'
if target_ip != self.attacker_ip:
arp_request = ARP(pdst=target_ip)
arp_reply = sr1(arp_request, timeout=1, verbose=0)
if arp_reply and arp_reply.hwsrc not in ('00:00:00:00:00:00', self.attacker_mac):
self.ip_mac_map[target_ip] = arp_reply.hwsrc
def detect_arp_spoofing(self):
for target_ip, target_mac in self.ip_mac_map.items():
arp_request = ARP(op=1, pdst=target_ip, hwdst=target_mac, psrc=self.attacker_ip, hwsrc=self.attacker_mac)
arp_reply = sr1(arp_request, timeout=1, verbose=0)
if arp_reply and arp_reply.hwsrc != target_mac:
print(f'ARP spoofing detected: {target_ip} ({target_mac}) -> {arp_reply.hwsrc}')
class ArpDetectorPageUI:
def __init__(self, master):
self.master = master
self.master.title('ARP Detector')
self.master.geometry('400x150')
self.timeout_label = tk.Label(self.master, text='Detection Time (s)')
self.timeout_label.pack()
self.timeout_entry = tk.Entry(self.master)
self.timeout_entry.pack()
self.start_button = tk.Button(self.master, text='Start', command=self.start_detection)
self.start_button.pack()
def start_detection(self):
timeout = int(self.timeout_entry.get())
self.master.withdraw()
ArpDetectorPage(self.master, timeout)
class IcmpFloodDetectorPage:
def __init__(self, master, timeout):
self.master = master
self.timeout = timeout
self.interface = 'ens33'
self.target_ip = '192.168.197.1'
self.thread = None
self.stop_event = threading.Event()
self.frame = tk.Frame(self.master)
self.frame.pack()
self.status_label = tk.Label(self.frame, text='Idle')
self.status_label.pack()
self.start_button = tk.Button(self.frame, text='Start', command=self.start_detection)
self.start_button.pack()
self.stop_button = tk.Button(self.frame, text='Stop', command=self.stop_detection, state=tk.DISABLED)
self.stop_button.pack()
def start_detection(self):
self.status_label.config(text='Running')
self.start_button.config(state=tk.DISABLED)
self.stop_button.config(state=tk.NORMAL)
self.thread = threading.Thread(target=self.run)
self.thread.start()
def stop_detection(self):
self.status_label.config(text='Idle')
self.start_button.config(state=tk.NORMAL)
self.stop_button.config(state=tk.DISABLED)
self.stop_event.set()
self.thread.join()
def run(self):
while not self.stop_event.is_set():
self.detect_icmp_flood()
time.sleep(5)
self.timer += 5
if self.timer >= self.timeout:
print('No ICMP flood detected')
self.stop_event.set()
def detect_icmp_flood(self):
icmp_request = IP(dst=self.target_ip)/ICMP()
icmp_reply = sr1(icmp_request, timeout=1, verbose=0)
if icmp_reply:
print(f'ICMP flood detected: {icmp_reply.src} -> {icmp_reply.dst}')
class IcmpFloodDetectorPageUI:
def __init__(self, master):
self.master = master
self.master.title('ICMP Flood Detector')
self.master.geometry('400x150')
self.timeout_label = tk.Label(self.master, text='Detection Time (s)')
self.timeout_label.pack()
self.timeout_entry = tk.Entry(self.master)
self.timeout_entry.pack()
self.start_button = tk.Button(self.master, text='Start', command=self.start_detection)
self.start_button.pack()
def start_detection(self):
timeout = int(self.timeout_entry.get())
self.master.withdraw()
IcmpFloodDetectorPage(self.master, timeout)
class TcpAttackDetectorPage:
def __init__(self, master, timeout):
self.master = master
self.timeout = timeout
self.interface = 'ens33'
self.target_ip = '192.168.197.1'
self.thread = None
self.stop_event = threading.Event()
self.frame = tk.Frame(self.master)
self.frame.pack()
self.status_label = tk.Label(self.frame, text='Idle')
self.status_label.pack()
self.start_button = tk.Button(self.frame, text='Start', command=self.start_detection)
self.start_button.pack()
self.stop_button = tk.Button(self.frame, text='Stop', command=self.stop_detection, state=tk.DISABLED)
self.stop_button.pack()
def start_detection(self):
self.status_label.config(text='Running')
self.start_button.config(state=tk.DISABLED)
self.stop_button.config(state=tk.NORMAL)
self.thread = threading.Thread(target=self.run)
self.thread.start()
def stop_detection(self):
self.status_label.config(text='Idle')
self.start_button.config(state=tk.NORMAL)
self.stop_button.config(state=tk.DISABLED)
self.stop_event.set()
self.thread.join()
def run(self):
while not self.stop_event.is_set():
self.detect_tcp_attack()
time.sleep(5)
self.timer += 5
if self.timer >= self.timeout:
print('No TCP attack detected')
self.stop_event.set()
def detect_tcp_attack(self):
tcp_request = IP(dst=self.target_ip)/TCP()
tcp_reply = sr1(tcp_request, timeout=1, verbose=0)
if tcp_reply:
print(f'TCP attack detected: {tcp_reply.src} -> {tcp_reply.dst}')
class TcpAttackDetectorPageUI:
def __init__(self, master):
self.master = master
self.master.title('TCP Attack Detector')
self.master.geometry('400x150')
self.timeout_label = tk.Label(self.master, text='Detection Time (s)')
self.timeout_label.pack()
self.timeout_entry = tk.Entry(self.master)
self.timeout_entry.pack()
self.start_button = tk.Button(self.master, text='Start', command=self.start_detection)
self.start_button.pack()
def start_detection(self):
timeout = int(self.timeout_entry.get())
self.master.withdraw()
TcpAttackDetectorPage(self.master, timeout)
class NetworkScannerPage:
def __init__(self, master):
self.master = master
self.interface = 'ens33'
self.ip_mac_map = {}
self.frame = tk.Frame(self.master)
self.frame.pack()
self.scan_button = tk.Button(self.frame, text='Scan', command=self.scan_network)
self.scan_button.pack()
self.result_label = tk.Label(self.frame, text='')
self.result_label.pack()
def scan_network(self):
for ip in netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr'].split('.')[:-1]:
for i in range(1, 255):
target_ip = f'{ip}.{i}'
arp_request = ARP(pdst=target_ip)
arp_reply = sr1(arp_request, timeout=1, verbose=0)
if arp_reply and arp_reply.hwsrc not in ('00:00:00:00:00:00', get_if_hwaddr(self.interface)):
self.ip_mac_map[target_ip] = arp_reply.hwsrc
result = ''
for ip, mac in self.ip_mac_map.items():
result += f'{ip} ({mac})
'
self.result_label.config(text=result)
class NetworkScannerPageUI:
def __init__(self, master):
self.master = master
self.master.title('Network Scanner')
self.master.geometry('400x300')
self.network_scanner_page = NetworkScannerPage(self.master)
class LoginWindow:
def __init__(self):
self.root = tk.Tk()
self.root.title('Login')
self.root.geometry('300x150')
tk.Label(self.root, text='Username').place(x=50, y=30)
self.username_entry = tk.Entry(self.root)
self.username_entry.place(x=120, y=30)
tk.Label(self.root, text='Password').place(x=50, y=60)
self.password_entry = tk.Entry(self.root, show='*')
self.password_entry.place(x=120, y=60)
self.login_button = tk.Button(self.root, text='Login', command=self.login)
self.login_button.place(x=100, y=100)
self.register_button = tk.Button(self.root, text='Register', command=self.register)
self.register_button.place(x=170, y=100)
self.root.mainloop()
def show_main_window(self):
self.root.destroy()
MainWindow()
def login(self):
username = self.username_entry.get()
password = self.password_entry.get()
for user in users:
if user['username'] == username and user['password'] == password:
# 登录成功,跳转到主界面
self.show_main_window()
return
# 登录失败,弹出错误提示
messagebox.showinfo('错误', '用户名或密码错误')
def register(self):
username = self.username_entry.get()
password = self.password_entry.get()
for user in users:
if user['username'] == username:
# 用户名已存在,弹出错误提示
messagebox.showerror('错误', '用户名已存在')
return
# 用户名不存在,将新用户添加到用户列表中
users.append({'username': username, 'password': password})
# 注册成功,弹出成功提示
messagebox.showinfo('提示', '注册成功,请登录')
class MainWindow:
def __init__(self):
self.root = tk.Tk()
self.root.title('网络安全工具')
self.root.geometry('400x350')
self.arp_button = tk.Button(self.root, text='ARP 检测', command=self.show_arp_page)
self.arp_button.pack()
self.icmp_button = tk.Button(self.root, text='ICMP 泛洪检测', command=self.show_icmp_page)
self.icmp_button.pack()
self.tcp_button = tk.Button(self.root, text='TCP 攻击检测', command=self.show_tcp_page)
self.tcp_button.pack()
self.network_button = tk.Button(self.root, text='网络扫描器', command=self.show_network_page)
self.network_button.pack()
self.root.mainloop()
def show_arp_page(self):
arp_page = tk.Toplevel(self.root)
ArpDetectorPageUI(arp_page)
def show_icmp_page(self):
icmp_page = tk.Toplevel(self.root)
IcmpFloodDetectorPageUI(icmp_page)
def show_tcp_page(self):
tcp_page = tk.Toplevel(self.root)
TcpAttackDetectorPageUI(tcp_page)
def show_network_page(self):
network_page = tk.Toplevel(self.root)
NetworkScannerPageUI(network_page)
if __name__ == '__main__':
users = [{'username': 'admin', 'password': 'admin'}]
login_window = LoginWindow()
代码解释:
该代码使用 Python 构建了一个网络安全工具,用于检测和防止各种网络攻击。它包含以下功能:
- ARP 欺骗检测: 检测并阻止 ARP 欺骗攻击。
- ICMP 泛洪检测: 检测并阻止 ICMP 泛洪攻击。
- TCP 攻击检测: 检测并阻止 TCP SYN 泛洪攻击。
- 网络扫描器: 扫描网络并列出所有连接的设备。
代码结构:
该代码由以下几个类组成:
ArpDetectorPage: 负责 ARP 欺骗检测功能的页面。IcmpFloodDetectorPage: 负责 ICMP 泛洪检测功能的页面。TcpAttackDetectorPage: 负责 TCP 攻击检测功能的页面。NetworkScannerPage: 负责网络扫描功能的页面。LoginWindow: 登录窗口,用于验证用户身份。MainWindow: 主窗口,包含所有功能按钮。
代码实现:
每个功能页面都继承自 tk.Frame 类,并包含以下方法:
__init__: 初始化页面,创建 UI 控件。start_detection: 启动检测线程。stop_detection: 停止检测线程。run: 检测线程的主循环,负责执行检测逻辑。
使用方法:
- 运行代码,将弹出一个登录窗口。
- 输入用户名和密码(默认用户名和密码均为 admin)。
- 登录成功后,将进入主窗口,点击相应的按钮即可使用相应的功能。
注意:
- 该代码需要安装以下 Python 库:
scapy,netifaces,tkinter。 - 在运行代码之前,请确保已连接到网络。
- 该代码仅供学习和测试使用,请勿用于非法目的。
原文地址: https://www.cveoy.top/t/topic/jnW9 著作权归作者所有。请勿转载和采集!