Showing
18 changed files
with
81 additions
and
0 deletions
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
No preview for this file type
File moved
File moved
File moved
File moved
No preview for this file type
No preview for this file type
No preview for this file type
File moved
Code/detection/ARPSpoofingDetection.py
0 → 100644
| 1 | +import os | ||
| 2 | +import time | ||
| 3 | + | ||
| 4 | +def ARPSpoofingDetection(): | ||
| 5 | + print("Check available hosts") | ||
| 6 | + os.system("fping -g 192.168.0.0/24 1>/dev/null 2>/dev/null") | ||
| 7 | + | ||
| 8 | + os.system("arp -a > arptable.txt") | ||
| 9 | + | ||
| 10 | + ARPtable = open("arptable.txt", "r") | ||
| 11 | + | ||
| 12 | + print("ARP Table below\n") | ||
| 13 | + for line in ARPtable : | ||
| 14 | + if line.find("incomplete") < 0 : | ||
| 15 | + print(line) | ||
| 16 | + | ||
| 17 | + ARPtable.seek(0) | ||
| 18 | + Hosts = list() | ||
| 19 | + | ||
| 20 | + for line in ARPtable : | ||
| 21 | + # MAC Address | ||
| 22 | + if line.find('.255') < 0 and line.find('incomplete') < 0 : | ||
| 23 | + part = line.partition("at") | ||
| 24 | + part = part[2] | ||
| 25 | + part = part.rpartition("on") | ||
| 26 | + MACAddress = part[0].rstrip().lstrip() | ||
| 27 | + | ||
| 28 | + for i in Hosts : | ||
| 29 | + if i == MACAddress : | ||
| 30 | + print("**ARP Spoofing Detected**\n") | ||
| 31 | + print(f"MAC Address : {MACAddress} \n") | ||
| 32 | + | ||
| 33 | + Hosts.append(MACAddress) | ||
| 34 | + | ||
| 35 | + | ||
| 36 | + | ||
| 37 | +while True : | ||
| 38 | + ARPSpoofingDetection() | ||
| 39 | + | ||
| 40 | + time.sleep(5) |
Code/detection/TFTPFuzzyDetection.py
0 → 100644
| 1 | +from scapy.all import * | ||
| 2 | +from scapy.arch.windows import get_windows_if_list | ||
| 3 | +import sys | ||
| 4 | + | ||
| 5 | +cnt = 0 | ||
| 6 | +def parse_packet(packet): | ||
| 7 | + global cnt | ||
| 8 | + if packet and packet.haslayer("UDP"): | ||
| 9 | + payload = str(packet[UDP].payload) | ||
| 10 | + if payload.find('octet') < 0: | ||
| 11 | + pass | ||
| 12 | + else: | ||
| 13 | + a = payload.partition("octet") | ||
| 14 | + a = a[0].rpartition('\\x01') | ||
| 15 | + filename = a[2].partition('\\x00') | ||
| 16 | + filename = filename[0] | ||
| 17 | + print("Fuzzing with length ", len(filename)) | ||
| 18 | + | ||
| 19 | + if len(filename) == 209 : | ||
| 20 | + print("error occurred") | ||
| 21 | + sys.exit(1) | ||
| 22 | + | ||
| 23 | + if len(filename) >= 190 : | ||
| 24 | + cnt += 1 | ||
| 25 | + | ||
| 26 | + if cnt > 10 : | ||
| 27 | + print("Fuzzing detected\n") | ||
| 28 | + | ||
| 29 | + | ||
| 30 | + | ||
| 31 | + # udp = packet.getlayer('UDP') | ||
| 32 | + # udp.show() | ||
| 33 | + | ||
| 34 | + | ||
| 35 | + | ||
| 36 | +interfaces = get_windows_if_list() | ||
| 37 | +#print(interfaces) | ||
| 38 | +sniff(filter="udp port 69", iface=r'Ethernet0', prn=parse_packet) | ||
| 39 | + | ||
| 40 | + | ||
| 41 | + |
-
Please register or login to post a comment