Merge pull request #23 from Pepelux/spoof

Spoof & Sniff
Pepelux · Sep 23, 2022 · a1d1483 · a1d1483
2 parents 9390911 + a8b2e74
commit a1d1483
Show file tree

Hide file tree

Showing 10 changed files with 884 additions and 70 deletions.
diff --git a/arpspoof.py b/arpspoof.py
@@ -0,0 +1,26 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+__author__ = 'Jose Luis Verdeguer'
+__version__ = '3.1.1'
+__license__ = "GPL"
+__copyright__ = "Copyright (C) 2015-2022, SIPPTS"
+__email__ = "[email protected]"
+
+from modules.arpspoof import ArpSpoof
+from lib.params import get_spoof_args
+
+
+def main():
+    ip, verbose, gw = get_spoof_args()
+
+    s = ArpSpoof()
+    s.ip = ip
+    s.verbose = verbose
+    s.gw = gw
+
+    s.start()
+
+
+if __name__ == '__main__':
+    main()
diff --git a/changelog.txt b/changelog.txt
@@ -16,6 +16,10 @@ devel version
   - added param user to set the From and To user (by default is prefix+extension). If is set, the prefix only will be applied to Auth User
 - siptshark:
   - new module to extract info from a PCAP file
+- arpspoof:
+  - new module to do an ARP cache poisoning
+- sipsniff:
+  - new module to sniff SIP traffic
 - sipdigestleak:
   - added tls support
   - added param --local-ip to force it in case of multiple IP addresses

diff --git a/lib/functions.py b/lib/functions.py
@@ -48,6 +48,24 @@ def get_free_port():
     return port
 
 
+def system_call(command):
+    p = subprocess.Popen([command], stdout=subprocess.PIPE, shell=True)
+    return p.stdout.read()
+
+
+def searchInterface():
+    ifaces = netifaces.interfaces()
+    local_ip = get_machine_default_ip()
+    networkInterface = ''
+
+    for iface in ifaces:
+        data = netifaces.ifaddresses(iface)
+        if str(data).find(local_ip) != -1:
+            networkInterface = iface
+
+    return networkInterface
+
+
 def ping(host, time='1'):
     # parameter = '-n' if platform.system().lower() == 'windows' else '-c'
     ping = 'ping -t 1 -c 1 -W %s %s >/dev/null' % (time, host)
@@ -59,6 +77,22 @@ def ping(host, time='1'):
         return False
 
 
+def get_default_gateway_mac():
+    return system_call("route -n get default | grep 'gateway' | awk '{print $2}'").decode()
+
+
+def get_default_gateway_linux():
+    """Read the default gateway directly from /proc."""
+    with open("/proc/net/route") as fh:
+        for line in fh:
+            fields = line.strip().split()
+            if fields[1] != '00000000' or not int(fields[3], 16) & 2:
+                # If not default route or not RTF_GATEWAY, skip it
+                continue
+
+            return socket.inet_ntoa(struct.pack("<L", int(fields[2], 16)))
+
+
 def get_machine_default_ip(type='ip'):
     """Return the default gateway IP for the machine."""
     gateways = netifaces.gateways()
@@ -80,6 +114,92 @@ def default_ip(family):
     return default_ip(netifaces.AF_INET) or default_ip(netifaces.AF_INET6)
 
 
+def _enable_mac_iproute():
+    cmd = 'sudo sysctl -w net.inet.ip.forwarding=1'
+    try:
+        exec(cmd)
+    except:
+        print(RED + '\nError executing %s. Please execute it manually' %
+              cmd + WHITE)
+
+
+def _disable_mac_iproute():
+    cmd = 'sudo sysctl -w net.inet.ip.forwarding=0'
+    try:
+        exec(cmd)
+    except:
+        print(RED + '\nError executing %s. Please execute it manually' %
+              cmd + WHITE)
+
+
+def _enable_linux_iproute():
+    """
+    Enables IP route ( IP Forward ) in linux-based distro
+    """
+
+    file_path = "/proc/sys/net/ipv4/ip_forward"
+    with open(file_path) as f:
+        if f.read() == 1:
+            # already enabled
+            return
+    with open(file_path, "w") as f:
+        print(1, file=f)
+
+
+def _disable_linux_iproute():
+    """
+    Disables IP route ( IP Forward ) in linux-based distro
+    """
+    file_path = "/proc/sys/net/ipv4/ip_forward"
+    with open(file_path) as f:
+        if f.read() == 0:
+            # already enabled
+            return
+    with open(file_path, "w") as f:
+        print(0, file=f)
+
+# def _enable_windows_iproute():
+#     """
+#     Enables IP route (IP Forwarding) in Windows
+#     """
+#     from services import WService
+#     # enable Remote Access service
+#     service = WService("RemoteAccess")
+#     service.start()
+
+
+def disable_ip_route(verbose=1):
+    """
+    Disables IP forwarding
+    """
+    if verbose > 0:
+        print("[!] Disabling IP Routing...")
+    # _enable_windows_iproute() if "nt" in os.name else _disable_linux_iproute()
+        ops = platform.system()
+        if ops == 'Darwin':
+            _disable_mac_iproute()
+        if ops == 'Linux':
+            _disable_linux_iproute()
+    if verbose > 0:
+        print("[!] IP Routing disabled.")
+
+
+def enable_ip_route(verbose=1):
+    """
+    Enables IP forwarding
+    """
+    if verbose > 0:
+        print("[!] Enabling IP Routing...")
+    # _enable_windows_iproute() if "nt" in os.name else _enable_linux_iproute()
+        ops = platform.system()
+        if ops == 'Darwin':
+            _enable_mac_iproute()
+        if ops == 'Linux':
+            _enable_linux_iproute()
+    if verbose > 0:
+        print("[!] IP Routing enabled.")
+
+
 def ip2long(ip):
     """
     Convert an IP string to long

diff --git a/lib/params.py b/lib/params.py
@@ -47,7 +47,7 @@ def get_sipscan_args():
 ''')
 
     # Add arguments
-    parser.add_argument('-i', '--ip', type=str, help='Host/IP address/network (ex: mysipserver.com | 192.168.0.10 | 192.168.0.0/24 | 192.168.0.0-255.255.0.0)', dest="ipaddr")
+    parser.add_argument('-i', '--ip', type=str, help='Host/IP address/network (ex: mysipserver.com | 192.168.0.10 | 192.168.0.0/24)', dest="ipaddr")
     parser.add_argument('-r', '--remote_port', type=str, help='Ports to scan. Ex: 5060 | 5070,5080 | 5060-5080 | 5060,5062,5070-5080 | ALL for 1-65536 (default: 5060)', dest='remote_port', default='5060')
     parser.add_argument('-p', '--proto', type=str, help='Protocol: udp|tcp|tls|all (default: udp)', dest='proto', default='udp')
     parser.add_argument('-m', '--method', type=str, help='Method used to scan: options, invite, register (default: options)', dest='method', default='options')
@@ -442,7 +442,7 @@ def get_sipcrack_args():
 ''' + BWHITE + '''BY ''' + GREEN + ''' █▀▀ ██▄ █▀▀ ██▄ █▄▄ █▄█ █░█''' + BWHITE + '''
 
 ''' + BLUE + ''' -= SIP digest authentication cracking =-''' + WHITE,
-        epilog=WHITE + '''Bruteforce charsets
+        epilog=BWHITE + '''Bruteforce charsets
 -------------------
 ascii_letters             # The ascii_lowercase and ascii_uppercase constants
 alphabet=ascii_lowercase  # The lowercase letters: abcdefghijklmnopqrstuvwxyz
@@ -937,7 +937,7 @@ def get_tshark_args():
 ''' + BWHITE + '''BY ''' + GREEN + ''' █▀▀ ██▄ █▀▀ ██▄ █▄▄ █▄█ █░█''' + BWHITE + '''
 
 ''' + BLUE + ''' -= TShark filters =-''' + WHITE,
-        epilog=WHITE + '''
+        epilog=BWHITE + '''
 Filters:
 -------
 stats               SIP packet statistics
@@ -992,3 +992,98 @@ def get_tshark_args():
         print('[-] Error')
         sys.exit(1)
 
+
+def get_spoof_args():
+    parser = argparse.ArgumentParser(
+        formatter_class=lambda prog: argparse.RawDescriptionHelpFormatter(
+            prog, max_help_position=50),
+        description= RED + u'''
+░█████╗░██████╗░██████╗░  ░██████╗██████╗░░█████╗░░█████╗░███████╗
+██╔══██╗██╔══██╗██╔══██╗  ██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔════╝
+███████║██████╔╝██████╔╝  ╚█████╗░██████╔╝██║░░██║██║░░██║█████╗░░
+██╔══██║██╔══██╗██╔═══╝░  ░╚═══██╗██╔═══╝░██║░░██║██║░░██║██╔══╝░░
+██║░░██║██║░░██║██║░░░░░  ██████╔╝██║░░░░░╚█████╔╝╚█████╔╝██║░░░░░
+╚═╝░░╚═╝╚═╝░░╚═╝╚═╝░░░░░  ╚═════╝░╚═╝░░░░░░╚════╝░░╚════╝░╚═╝░░░░░
+
+''' + BWHITE + '''   ''' + GREEN + ''' █▀█ █▀▀ █▀█ █▀▀ █░░ █░█ ▀▄▀''' + BWHITE + '''
+''' + BWHITE + '''BY ''' + GREEN + ''' █▀▀ ██▄ █▀▀ ██▄ █▄▄ █▄█ █░█''' + BWHITE + '''
+
+''' + BLUE + ''' -= ARP Spoofing attack =-''' + WHITE,
+        epilog=BWHITE + '''
+ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) 
+messages over a local area network. This results in the linking of an attacker's MAC address with the IP address 
+of a legitimate computer or server on the network.
+ 
+''')
+
+    # Add arguments
+    parser.add_argument('-i', '--ip', type=str, help='Target IP address (ex: 192.168.0.10 | 192.168.0.0/24 | 192.168.0.1,192.168.0.2)', dest="ipaddr")
+    parser.add_argument('-gw', help='Set Gateway (by default try to get it)', dest='gw', default="")
+    parser.add_argument('-v', '--verbose', help='Increase verbosity (no data displayed by default)', dest='verbose', action="count")
+    parser.add_argument('-vv', '--more_verbose', help='Increase more verbosity', dest='more_verbose', action="count")
+
+    # Array for all arguments passed to script
+    args = parser.parse_args()
+
+    try:
+        IPADDR = args.ipaddr
+        GW = args.gw
+        VERBOSE = args.verbose
+
+        MORE_VERBOSE = args.more_verbose
+        if MORE_VERBOSE == 1:
+            VERBOSE = 2
+
+        return IPADDR, VERBOSE, GW
+    except ValueError:
+        print('[-] Error')
+        sys.exit(1)
+
+
+def get_sniff_args():
+    parser = argparse.ArgumentParser(
+        formatter_class=lambda prog: argparse.RawDescriptionHelpFormatter(
+            prog, max_help_position=50),
+        description= RED + u'''
+░██████╗██╗██████╗░  ░██████╗███╗░░██╗██╗███████╗███████╗
+██╔════╝██║██╔══██╗  ██╔════╝████╗░██║██║██╔════╝██╔════╝
+╚█████╗░██║██████╔╝  ╚█████╗░██╔██╗██║██║█████╗░░█████╗░░
+░╚═══██╗██║██╔═══╝░  ░╚═══██╗██║╚████║██║██╔══╝░░██╔══╝░░
+██████╔╝██║██║░░░░░  ██████╔╝██║░╚███║██║██║░░░░░██║░░░░░
+╚═════╝░╚═╝╚═╝░░░░░  ╚═════╝░╚═╝░░╚══╝╚═╝╚═╝░░░░░╚═╝░░░░░
+
+''' + BWHITE + '''   ''' + GREEN + ''' █▀█ █▀▀ █▀█ █▀▀ █░░ █░█ ▀▄▀''' + BWHITE + '''
+''' + BWHITE + '''BY ''' + GREEN + ''' █▀▀ ██▄ █▀▀ ██▄ █▄▄ █▄█ █░█''' + BWHITE + '''
+
+''' + BLUE + ''' -= SIP Network sniffing =-''' + WHITE,
+        epilog=BWHITE + '''
+Network sniffer for SIP protocol.
+ 
+''')
+
+    # Add arguments
+    parser.add_argument('-d', '--dev', help='Set Device (by default try to get it)', dest='dev', default="")
+    parser.add_argument('-o', '--output-file', type=str, help='Save output into a PCAP file', dest='ofile', default="")
+    parser.add_argument('-p', '--proto', help='Protocol to sniff: udp|tcp|tls|all', dest='proto', default="all")
+    parser.add_argument('-auth', help='Show only auth digest', dest='auth', action="count")
+    parser.add_argument('-v', '--verbose', help='Increase verbosity (no data displayed by default)', dest='verbose', action="count")
+    parser.add_argument('-vv', '--more_verbose', help='Increase more verbosity', dest='more_verbose', action="count")
+
+    # Array for all arguments passed to script
+    args = parser.parse_args()
+
+    try:
+        DEV = args.dev
+        OFILE = args.ofile
+        PROTO = args.proto
+        AUTH = args.auth
+        VERBOSE = args.verbose
+
+        MORE_VERBOSE = args.more_verbose
+        if MORE_VERBOSE == 1:
+            VERBOSE = 2
+
+        return DEV, OFILE, AUTH, VERBOSE, PROTO
+    except ValueError:
+        print('[-] Error')
+        sys.exit(1)