コード例 #1
0
ファイル: wifi_deauth.cpp プロジェクト: Dry8r3aD/WifiDeauth
void WifiDeauth::listingAP(){
    Tins::SnifferConfiguration confSniff;
    confSniff.set_promisc_mode(true);
    confSniff.set_filter("type mgt subtype beacon");
    confSniff.set_rfmon(true);
    Tins::Sniffer sniffer(strSniffer, confSniff);
    if(flgPrint)
        std::cout << "[!] Listing Access-Point... [ Iterate : " << iterSniff << "pkts ]"<< std::endl;
    sniffer.sniff_loop(Tins::make_sniffer_handler(this, &WifiDeauth::callbackSniff), iterSniff);
}
コード例 #2
0
ファイル: main.cpp プロジェクト: andynunes/GoodShepherd
int main(int argc, const char* argv[]) {
   
   //default pcap capture filter
   string filter("tcp port 80");
   //default pcap interface name
   string iface("en1");
   //default pcap capture file name
   string pcap_file_name("");
   
   for (int cur_arg=1; cur_arg<argc; cur_arg++) {
		//check for verbose option
		if (strcmp(argv[cur_arg], "-v")==0) {
			verbose = true;
		}
      else if (strcmp(argv[cur_arg], "-offline")==0) {
         if (++cur_arg<argc) {
            DEBUG_STRING("Running in offline mode with file %s\n", argv[cur_arg]);
            offline = true;
            iface.assign(argv[cur_arg]);
         }
         else {
            EXIT_USAGE
         }
      }
   }

   Shephard* Jesus = new Shephard();
   saint = Jesus;

   try {
      HttpSniffer sniffer(iface, filter, received_packet);
      sniffer.start();
   } catch (exception &e) {
      cerr << e.what() << endl;
      return EXIT_FAILURE;
   }

   return EXIT_SUCCESS;
}
コード例 #3
0
ファイル: main.c プロジェクト: 7h3rAm/arp-secur
int
main (int argc, char **argv) {

	int c, valid, bnr = 9, showpopup = 0, flags = 0;			/* temporary vars */
	char errbuf[PCAP_ERRBUF_SIZE];						/* error buffer */

	libnet_t *l;								/* libnet handle for address retrieval */
	char libnet_errbuf[LIBNET_ERRBUF_SIZE];					/* libnet error messages */

	char start_time[24], end_time[24];
	time_t acurtime, bcurtime;
	struct tm *aloctime, *bloctime;

	struct configuration conf, *config=&conf;				/* struct to hold config for current session */
	struct validated_queue *start = NULL, *end = NULL;			/* pointers to validated queue */

	/* get current system time */
	acurtime = time (NULL);

	/* convert it to local time representation */
	aloctime = localtime (&acurtime);

	/* format time struct into a char array */
	strftime (start_time, 24, "%d/%b/%Y %H:%M:%S", aloctime);

	/* load default params in config struct */
	config->flags = 0;
	config->verbose = 0;
	config->queue_size = 0;
	config->dev = NULL;
	config->dport = HTTP;
	config->mode = DETECT;
	config->gtimeout = TIME_OUT;
	config->scan_type = SYN_SCAN;

	config->a_port_name = "HTTP";
	config->a_scan_type = "SYN_SCAN";

	/* parse and load cmd-line params in config struct */
	while ((c = getopt (argc, argv, "hi:p:Parsfuetvg:o")) != -1) {
		switch (c) {
			case 'h':
				print_usage ();
				exit (EXIT_SUCCESS);
			case 'i':
				config->dev = optarg;
				break;
			case 'p':
				if (1 <= atoi (optarg) && 65535 >= atoi (optarg)) {
					config->dport = atoi (optarg);
				}
				break;
			case 'P':
				config->mode = PREVENT;
				break;
			case 'a':
				config->scan_type = ACK_SCAN;
				config->flags = config->flags | ACK;
				flags = flags | ACK;
				break;
			case 'r':
				config->scan_type = RST_SCAN;
				config->flags = config->flags | RST;
				flags = flags | RST;
				break;
			case 's':
				config->scan_type = SYN_SCAN;
				config->flags = config->flags | SYN;
				flags = flags | SYN;
				break;
			case 'f':
				config->scan_type = FIN_SCAN;
				config->flags = config->flags | FIN;
				flags = flags | FIN;
				break;
			case 'u':
				config->scan_type = UDP_SCAN;
				config->a_scan_type = "UDP_SCAN";
				break;
			case 'e':
				config->scan_type = ECHO_SCAN;
				config->a_scan_type = "ECHO_SCAN";
				break;
			case 't':
				config->scan_type = TSTAMP_SCAN;
				config->a_scan_type = "TSTAMP_SCAN";
				break;
			case 'v':
				config->verbose = 1;
				break;
			case 'g':


				if (1 <= atoi (optarg) && 9 >= atoi (optarg)) {
					config->gtimeout = atoi (optarg);
				}
				break;
			case 'o':
				showpopup = 1;
				break;
			case '?':
				if ('i' == optopt || 'p' == optopt) {
					print_usage ();
					exit (EXIT_FAILURE);
				} else if (isprint (optopt)) {
					printf ("\n [-] unknown option `-%c'\n", optopt);
					print_usage ();
					exit (EXIT_FAILURE);
				} else {
					printf ("\n unknown option character `\\x%x'\n", optopt);
					print_usage ();
					exit (EXIT_FAILURE);
				}
			default:
				print_usage ();
				exit (EXIT_FAILURE);
		}
	}

	if (0 == flags) { config->flags = SYN; }
	else if (ACK == flags) { config->a_scan_type = "ACK_SCAN"; }
	else if (RST == flags) { config->a_scan_type = "RST_SCAN"; }
	else if (SYN == flags) { config->a_scan_type = "SYN_SCAN"; }
	else if (FIN == flags) { config->a_scan_type = "FIN_SCAN"; }

	/* print an ASCII-ART banner */
	print_banner ();

	switch (config->dport) {
		case HTTP:
				config->a_port_name = "HTTP";
				break;
		case FTP:
				config->a_port_name = "FTP";
				break;
		case TELNET:
				config->a_port_name = "TELNET";
				break;
		case SSH:
				config->a_port_name = "SSH";
				break;
		case SMTP:
				config->a_port_name = "SMTP";
				break;
		default:
				config->a_port_name = "UNKNOWN";
				break;
	}

	/* check if we are root, else exit */
	if (0 != getuid ()) {
		printf ("\n [!] you need to be root buddy...\n\n");
		exit (EXIT_FAILURE);
	}

	/* find a capture device if not specified on command-line */
	if (config->dev == NULL) {
		config->dev = pcap_lookupdev (errbuf);
		if (config->dev == NULL) {
			printf ("\n [-] could not find default device: %s\n\n", errbuf);
			exit (EXIT_FAILURE);
		}
	}

	/* initialize libnet library to find local mac and ip addresses */
	l = libnet_init (LIBNET_LINK, config->dev, libnet_errbuf);
	if (NULL == l) {
		printf ("\n [-] libnet_init() failed: %s\n\n", libnet_errbuf);
		exit (EXIT_FAILURE);
	}

	/* fetch local mac address */
	config->macaddr = libnet_get_hwaddr (l);
	if (NULL == config->macaddr) {
		printf ("\n [-] could not fetch local mac address: %s\n\n", libnet_geterror (l));
		libnet_destroy (l);
		exit (EXIT_FAILURE);
	} else {
		snprintf (config->llmac, 18, "%02x:%02x:%02x:%02x:%02x:%02x",
				config->macaddr->ether_addr_octet[0], config->macaddr->ether_addr_octet[1],
				config->macaddr->ether_addr_octet[2], config->macaddr->ether_addr_octet[3],
				config->macaddr->ether_addr_octet[4], config->macaddr->ether_addr_octet[5]);
	}

	/* fetch local ip address */
	config->ipaddr = libnet_get_ipaddr4 (l);
	if (-1 == config->ipaddr) {
		printf ("\n [-] could not fetch local ip address: %s\n\n", libnet_geterror (l));
		libnet_destroy (l);
		exit (EXIT_FAILURE);
	} else {
		snprintf (config->llip, 16, "%s", libnet_addr2name4 (config->ipaddr, LIBNET_DONT_RESOLVE));
	}

	printf (" [+] session started at %s \n", start_time);
	printf (" [+] default configuration and cmd-line parameters loaded\n");
	printf (" [+] device: \"%s\", mode: \"%s\", port: \"%s\", scan-type: \"%s\"\n",
		config->dev, (config->mode)? "PREVENT" : "DETECT", config->a_port_name,	config->a_scan_type);

	/* start repeat loop */

	/* call sniffer module to fill up our config struct with packet fields */
	printf (" [+] calling arp-sniffer module to capture incoming arp packets\n");
	config = sniffer (config);

	printf ("\n [+] above arp packet was captured and respective fields were saved for analysis\n");
	printf (" [+] calling anamoly-detection module to perform static analysis on saved packet fields\n");

	/* call static_analysis module to perform some static checks on packet fields */
	valid = static_analysis (conf);
	if (EXIT_FAILURE == valid) {
		printf (" [+] analyzed arp packet seems to be specially-crafted. kernel might have added the"
			" poisonous SIP-SMAC entry in arp cache\n");
		if (DETECT == conf.mode) {
			printf (" [+] you need to clean up arp cache manually. delete entry for SIP (%s) - SMAC (%s)\n",
				conf.a_sip, conf.a_sha);
			printf (" [+] to automate this process, please terminate this session and restart arp-secur"
				" in PREVENT mode, i.e with -P switch\n");

		} else if (PREVENT == conf.mode) {
			printf (" [+] cleaning up arp cache by deleting entry for SIP (%s) - SMAC (%s)\n",
				conf.a_sip, conf.a_sha);
				cache_cleanup (conf.a_sip, conf.a_sha);
		}
	} else {
		printf (" [+] analyzed arp packet does not seem to be specially-crafted\n");

		/* check if we have already processed (and validated) the ip-mac pair... */
		if (0 < conf.queue_size) {
			printf (" [+] calling known-traffic-filter module to check if we have validated"
				" IP - MAC (%s - %s) pair earlier (queue_size: %d)\n",
				conf.a_sip, conf.a_sha, conf.queue_size);
			known_traffic_filter (start, conf.a_sip, conf.a_sha, conf.queue_size);
		} else {
			printf (" [+] no IP-MAC pairs have been validated yet (queue_size: %d)\n", conf.queue_size);
		}

		/* ...hmmm, seems to be a new mac-ip pair. let's validate it then... */
		printf (" [+] calling spoof-detection module to validate IP - MAC (%s - %s) pair\n", conf.a_sip, conf.a_sha);
		valid = spoof_detector (conf, start, end);

		if (0 == valid) {
			printf ("\n [+] try other scan types before determining the validity of the IP - MAC (%s - %s)\n",
				conf.a_sip, conf.a_sha);
			if (DETECT == conf.mode) {
				printf (" [+] for safety reasons, you need to clean up arp cache manually."
					" delete entry for (%s - %s)\n", conf.a_sip, conf.a_sha);
				printf (" [+] to automate this process from now onwards,"
					" restart arp-secur in PREVENT mode, i.e with -P switch\n");
			} else if (PREVENT == conf.mode) {
				printf (" [+] cleaning up arp cache by deleting entry for SIP (%s) - SMAC (%s)\n",
					conf.a_sip, conf.a_sha);
				cache_cleanup (conf.a_sip, conf.a_sha);
			}
		}

		/* display session summary in a system popup notification */
		if (1 == showpopup) {
			alert (conf.a_sip, conf.a_sha, valid);
		}

		/* end repeat loop */

		/* end arp-secur session */
		bcurtime = time (NULL);
		bloctime = localtime (&bcurtime);
		strftime (end_time, 24, "%d/%b/%Y %H:%M:%S", bloctime);
		printf ("\n [+] session finished at %s\n\n", end_time);

	}

	return 0;

}//main