• 日期: 2025-03-20
  • 标签: 常规
import threading
import time
import netifaces
from scapy.all import ARP, sr1
import tkinter as tk
from getmac import getmacbyip

class ArpDetectorPage:
    def __init__(self, master, timeout):
        self.master = master
        self.timeout = timeout
        self.interface = 'ens33'
        self.ip_mac_map = {}
        self.attacker_ip = None
        self.attacker_mac = None
        self.thread = None
        self.stop_event = threading.Event()
        self.timer = 0

        self.frame = tk.Frame(self.master)
        self.frame.pack()

        self.status_label = tk.Label(self.frame, text='Idle')
        self.status_label.pack()

        self.start_button = tk.Button(self.frame, text='Start', command=self.start_detection)
        self.start_button.pack()

        self.stop_button = tk.Button(self.frame, text='Stop', command=self.stop_detection, state=tk.DISABLED)
        self.stop_button.pack()

    def start_detection(self):
        self.status_label.config(text='Running')
        self.start_button.config(state=tk.DISABLED)
        self.stop_button.config(state=tk.NORMAL)

        self.thread = threading.Thread(target=self.run)
        self.thread.start()

    def stop_detection(self):
        self.status_label.config(text='Idle')
        self.start_button.config(state=tk.NORMAL)
        self.stop_button.config(state=tk.DISABLED)

        self.stop_event.set()
        self.thread.join()

    def run(self):
        self.attacker_ip = netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr']
        self.attacker_mac = getmacbyip(self.attacker_ip)
        print(f'Attacker IP: {self.attacker_ip}, MAC: {self.attacker_mac}')

        while not self.stop_event.is_set():
            self.scan_network()
            self.detect_arp_spoofing()
            time.sleep(5)
            self.timer += 5
            if self.timer >= self.timeout:
                print('No ARP spoofing detected')
                self.stop_event.set()

    def scan_network(self):
        for ip in netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr'].split('.')[:-1]:
            for i in range(1, 255):
                target_ip = f'{ip}.{i}'
                if target_ip != self.attacker_ip:
                    arp_request = ARP(pdst=target_ip)
                    arp_reply = sr1(arp_request, timeout=1, verbose=0)
                    if arp_reply and arp_reply.hwsrc not in ('00:00:00:00:00:00', self.attacker_mac):
                        self.ip_mac_map[target_ip] = arp_reply.hwsrc

    def detect_arp_spoofing(self):
        for target_ip, target_mac in self.ip_mac_map.items():
            arp_request = ARP(op=1, pdst=target_ip, hwdst=target_mac, psrc=self.attacker_ip, hwsrc=self.attacker_mac)
            arp_reply = sr1(arp_request, timeout=1, verbose=0)
            if arp_reply and arp_reply.hwsrc != target_mac:
                print(f'ARP spoofing detected: {target_ip} ({target_mac}) -> {arp_reply.hwsrc}')

class ArpDetectorPageUI:
    def __init__(self, master):
        self.master = master
        self.master.title('ARP Detector')
        self.master.geometry('400x150')

        self.timeout_label = tk.Label(self.master, text='Detection Time (s)')
        self.timeout_label.pack()
        self.timeout_entry = tk.Entry(self.master)
        self.timeout_entry.pack()

        self.start_button = tk.Button(self.master, text='Start', command=self.start_detection)
        self.start_button.pack()

    def start_detection(self):
        timeout = int(self.timeout_entry.get())
        self.master.withdraw()
        ArpDetectorPage(self.master, timeout)

# Assuming you have a root window (self.root) created elsewhere
self.arp_button = tk.Button(self.root, text='ARP Detection', command=self.show_arp_page)

This code snippet provides a foundation for a basic ARP spoofing detection tool. It utilizes the following key components:

  • GUI: The code uses Tkinter to create a simple graphical interface for the tool.
  • Network Scanning: The tool scans the network to identify active devices and their MAC addresses.
  • ARP Spoofing Detection: The tool monitors ARP traffic and compares expected MAC addresses with received ones to detect potential spoofing attempts.
  • Threading: A separate thread is used to run the detection process in the background.
  • Timeout: A user-specified timeout is used to limit the detection duration.

To use this code, you will need to:

  1. Install necessary libraries: pip install scapy netifaces getmac
  2. Replace ens33 with the name of your network interface.
  3. Run the script.
  4. The GUI will appear, allowing you to set the detection time (in seconds) and start the detection process.

Note: This code provides a basic implementation. You might need to adjust the configuration (interface, timeout) and potentially add more advanced features for a fully functional tool in a real-world environment. Remember to run this tool with caution and ensure you have permission to scan the network.

ARP Spoofing Detection Tool: Python GUI for Network Security

原文地址: https://www.cveoy.top/t/topic/jnWM 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录