网络安全检测工具 - ARP攻击、ICMP洪泛、TCP攻击检测和网络扫描
import tkinter as tk
import os
import sys
import time
import threading
import netifaces
from scapy.all import *
from scapy.layers.l2 import ARP
from tkinter import messagebox
from scapy.layers.l2 import getmacbyip
from scapy.layers.inet import IP, ICMP
from scapy.layers.inet import TCP
class DetectionPage(tk.Toplevel):
def __init__(self, master, title):
super().__init__(master)
self.title(title)
self.geometry('400x150')
self.interface = 'ens33'
self.timeout = 30
self.thread = None
self.stop_event = threading.Event()
self.frame = tk.Frame(self)
self.frame.pack()
self.status_label = tk.Label(self.frame, text='Idle')
self.status_label.pack()
self.start_button = tk.Button(self.frame, text='Start', command=self.start_detection)
self.start_button.pack()
self.stop_button = tk.Button(self.frame, text='Stop', command=self.stop_detection, state=tk.DISABLED)
self.stop_button.pack()
def start_detection(self):
self.status_label.config(text='Running')
self.start_button.config(state=tk.DISABLED)
self.stop_button.config(state=tk.NORMAL)
self.thread = threading.Thread(target=self.run)
self.thread.start()
def stop_detection(self):
self.status_label.config(text='Idle')
self.start_button.config(state=tk.NORMAL)
self.stop_button.config(state=tk.DISABLED)
self.stop_event.set()
if self.thread:
self.thread.join()
def run(self):
pass # 子类需要重写此方法
class ArpDetectorPage(DetectionPage):
def __init__(self, master):
super().__init__(master, 'ARP Detection')
self.attacker_ip = None
self.attacker_mac = None
self.ip_mac_map = {}
def run(self):
self.attacker_ip = netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr']
self.attacker_mac = getmacbyip(self.attacker_ip)
print(f'Attacker IP: {self.attacker_ip}, MAC: {self.attacker_mac}')
self.timer = 0
while not self.stop_event.is_set():
self.scan_network()
self.detect_arp_spoofing()
time.sleep(5)
self.timer += 5
if self.timer >= self.timeout:
print('No ARP spoofing detected')
self.stop_event.set()
def scan_network(self):
for ip in netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr'].split('.')[:-1]:
for i in range(1, 255):
target_ip = f'{ip}.{i}'
if target_ip != self.attacker_ip:
arp_request = ARP(pdst=target_ip)
arp_reply = sr1(arp_request, timeout=1, verbose=0)
if arp_reply and arp_reply.hwsrc not in ('00:00:00:00:00:00', self.attacker_mac):
self.ip_mac_map[target_ip] = arp_reply.hwsrc
def detect_arp_spoofing(self):
for target_ip, target_mac in self.ip_mac_map.items():
arp_request = ARP(op=1, pdst=target_ip, hwdst=target_mac, psrc=self.attacker_ip, hwsrc=self.attacker_mac)
arp_reply = sr1(arp_request, timeout=1, verbose=0)
if arp_reply and arp_reply.hwsrc != target_mac:
print(f'ARP spoofing detected: {target_ip} ({target_mac}) -> {arp_reply.hwsrc}')
class IcmpFloodDetectorPage(DetectionPage):
def __init__(self, master):
super().__init__(master, 'ICMP Flood Detection')
self.target_ip = '192.168.197.1'
def run(self):
self.timer = 0
while not self.stop_event.is_set():
self.detect_icmp_flood()
time.sleep(5)
self.timer += 5
if self.timer >= self.timeout:
print('No ICMP flood detected')
self.stop_event.set()
def detect_icmp_flood(self):
icmp_request = IP(dst=self.target_ip)/ICMP()
icmp_reply = sr1(icmp_request, timeout=1, verbose=0)
if icmp_reply:
print(f'ICMP flood detected: {icmp_reply.src} -> {icmp_reply.dst}')
class TcpAttackDetectorPage(DetectionPage):
def __init__(self, master):
super().__init__(master, 'TCP Attack Detection')
self.target_ip = '192.168.197.1'
def run(self):
self.timer = 0
while not self.stop_event.is_set():
self.detect_tcp_attack()
time.sleep(5)
self.timer += 5
if self.timer >= self.timeout:
print('No TCP attack detected')
self.stop_event.set()
def detect_tcp_attack(self):
tcp_request = IP(dst=self.target_ip)/TCP()
tcp_reply = sr1(tcp_request, timeout=1, verbose=0)
if tcp_reply:
print(f'TCP attack detected: {tcp_reply.src} -> {tcp_reply.dst}')
class NetworkScannerPage(DetectionPage):
def __init__(self, master):
super().__init__(master, 'Network Scanner')
self.ip_mac_map = {}
def run(self):
self.timer = 0
while not self.stop_event.is_set():
self.scan_network()
time.sleep(5)
self.timer += 5
if self.timer >= self.timeout:
print('Network scan completed')
self.stop_event.set()
def scan_network(self):
for ip in netifaces.ifaddresses(self.interface)[netifaces.AF_INET][0]['addr'].split('.')[:-1]:
for i in range(1, 255):
target_ip = f'{ip}.{i}'
arp_request = ARP(pdst=target_ip)
arp_reply = sr1(arp_request, timeout=1, verbose=0)
if arp_reply and arp_reply.hwsrc not in ('00:00:00:00:00:00', get_if_hwaddr(self.interface)):
self.ip_mac_map[target_ip] = arp_reply.hwsrc
print(f'Network devices: {self.ip_mac_map}')
class MainWindow(tk.Tk):
def __init__(self):
super().__init__()
self.title('网络安全检测工具')
self.geometry('400x350')
self.arp_button = tk.Button(self, text='ARP攻击检测', command=lambda: ArpDetectorPage(self))
self.arp_button.pack()
self.icmp_button = tk.Button(self, text='ICMP洪泛检测', command=lambda: IcmpFloodDetectorPage(self))
self.icmp_button.pack()
self.tcp_button = tk.Button(self, text='TCP攻击检测', command=lambda: TcpAttackDetectorPage(self))
self.tcp_button.pack()
self.network_button = tk.Button(self, text='网络扫描', command=lambda: NetworkScannerPage(self))
self.network_button.pack()
self.mainloop()
# 启动主窗口
if __name__ == '__main__':
MainWindow()
代码解释
-
DetectionPage基类- 提供了检测页面的基本框架,包括:
- 界面布局 (
status_label,start_button,stop_button) - 启动检测方法 (
start_detection) - 停止检测方法 (
stop_detection) run方法,需要子类重写
- 界面布局 (
- 提供了检测页面的基本框架,包括:
-
子类 (ARP, ICMP, TCP, Network Scanner)
- 继承
DetectionPage - 重写
run方法,实现具体的检测逻辑 - 每个子类都包含相应的检测参数和方法
- 继承
-
主窗口 (
MainWindow)- 创建四个按钮,对应四个检测页面
- 绑定按钮点击事件,创建相应的检测页面对象
- 使用
lambda函数传递参数,避免按钮点击时直接执行检测逻辑
使用说明
-
确保已安装
scapy和netifaces库:pip install scapy netifaces -
运行代码。
-
点击按钮启动相应的检测功能。
-
可以修改代码中的
interface、target_ip和timeout参数来适应不同的网络环境。
注意
- 本代码仅供学习参考,请勿用于非法用途。
- 使用本工具需要一定的网络安全知识。
- 在实际使用中,可能需要根据具体情况对代码进行调整。
原文地址: https://www.cveoy.top/t/topic/jnXa 著作权归作者所有。请勿转载和采集!