-
Notifications
You must be signed in to change notification settings - Fork 1
/
DrSpoof.sh
236 lines (193 loc) · 9.34 KB
/
DrSpoof.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
#! /bin/bash
arg=$1
mode=$2
interface=$3
gateway=`ip route | grep default`
gateway=${gateway##*via}
gateway=${gateway%dev*}
if [ -z " $interface " ];then
channel=`iwlist $interface channel`
channel=${channel%)*}
channel=${channel##*l}
fi
if [ " $arg " = ' -r ' ] || [ " $arg " = ' --reset ' ]; then
interfacemon=$interface'mon'
airmon-ng stop $interfacemon ;
ifconfig $interface down ;
ifconfig $interface up ;
service network-manager restart ;
sleep 5
#==================================================================================================================================================
elif
[ " $arg " = ' -d ' ] || [ " $arg " = ' --defence ' ]; then
gtping=`ping $gateway -c 1`
gtping=${gtping%$gateway*} #retain the part before gateway
gtping=${gtping%$gateway*} #retain the part before gateway
gtping=${gtping%$gateway*} #retain the part before gateway
gtping=${gtping%$gateway*} #retain the part before gateway
if [ " $gtping " = " PING " ] ; then
MYVAR=`sudo arp $gateway -i $interface `
add=${MYVAR%C*} # retain the part after the C
add=${add##*r} # retain the part before the ether
if [ /usr/DrSpoof/ = false ] && [ /usr/DrSpoof/ != true ]; then
sudo mkdir /usr/DrSpoof
fi
mkdir -p /usr/DrSpoof/
touch /usr/DrSpoof/gateway.txt
echo $(date +"%D") ": DEFENSIVE MODE : The original address of the gateway is " $add >> /usr/DrSpoof/gateway.txt
arp $gateway -i $interface
arpout=`arp $gateway -i $interface`
echo ............................................................................................................................................
arpd=$add
carpd=$arpd
carpd=${carpd//[ ]/}
vendor=${carpd//[:]/}
vendor=${vendor:0:6}
while read line
do macid=${line:0:6}
vendor="${vendor^^}"
if [ " $macid " = " $vendor " ]
then
echo "Your current gateway is " $add " and your MAC Vendor is " ${line:(+6)}
fi
done < mac-vendors.txt
echo ..............................................................................................................................................
if [ " $mode " = ' -a ' ] || [ " $mode " = "--active " ];then
while true
do
output=`sudo arp $gateway -i $interface`
carpd=${output%C*} # delete the part after the C
carpd=${carpd##*r} # delete the part before the ether
arpd=${arpd//[ ]/}
carpd=${carpd//[ ]/}
if [ " $arpd " != " $carpd " ]; then
echo "Gateway changed from " $arpd " to " $carpd " at time " $(date +"%T")
echo $carpd "is spoofing O_o"
echo "network connection going down "
ifconfig $interface down
vendor=${carpd//[:]/}
vendor=${vendor:0:6}
while read line
do macid=${line:0:6}
vendor="${vendor^^}"
if [ " $macid " = " $vendor " ]
then
echo "MAC Vendor of the attacker is " ${line:(+6)}
macvendor=${line:(+6)}
fi
done < mac-vendors.txt
echo "Gateway changed from" $arpd " to" $carpd " at time " $(date +"%T") " on " $(date +"%D") "The attacker's MAC vendor is " $macvendor >> /usr/DrSpoof/log.txt
espeak 'network is being spoofed by '$carpd', connection, going down. Contact your network administrator.'
exit
fi ;
done;
elif [ " $mode " = ' -p ' ] || [ " $mode " = " --passive " ];then
mymac=`ifconfig $interface`
mymac=${mymac%tx*}
mymac=${mymac##*ether}
python mac_decoder.py $mymac $arpd $interface $arg
fi
else echo "Gateway not found"
fi
#==================================================================================================================================================
elif [ " $arg " = ' -o ' ] || [ " $arg " = ' --offence ' ]; then
gtping=`ping $gateway -c 1`
gtping=${gtping%$gateway*} #retain the part before gateway
gtping=${gtping%$gateway*} #retain the part before gateway
gtping=${gtping%$gateway*} #retain the part before gateway
gtping=${gtping%$gateway*} #retain the part before gateway
if [ " $gtping " = " PING " ] ; then
output=`sudo arp $gateway -i $interface `
add=${output%C*} # retain the part after the C
add=${add##*r} # retain the part before the ether
mkdir -p /usr/DrSpoof/
touch /usr/DrSpoof/gateway.txt
echo $(date +"%D") " : OFFENSIVE MODE : The original address of the gateway is " $add >> /usr/DrSpoof/gateway.txt
arp $gateway -i $interface
echo .................................................................................................................................................
arpd=$add
carpd=$arpd
carpd=${carpd//[ ]/}
vendor=${carpd//[:]/}
vendor=${vendor:0:6}
while read line
do macid=${line:0:6}
vendor="${vendor^^}"
if [ " $macid " = " $vendor " ]
then
echo "Your current gateway is " $add " and your MAC Vendor is " ${line:(+6)}
fi
done < mac-vendors.txt
echo .................................................................................................................................................
if [ " $mode " = ' -a ' ] || [ " $mode " = "--active " ];then
while true
do
MYVAR=`sudo arp $gateway -i $interface`
carpd=${MYVAR%C*} # retain the part after the C
carpd=${carpd##*r} # retain the part before the ether
arpd=${arpd//[ ]/}
carpd=${carpd//[ ]/}
if [ " $arpd " != " $carpd " ]; then
echo "Gateway changed from " $arpd " to " $carpd " at time " $(date +"%T")
echo $carpd "is spoofing O_o"
echo "network connection going down "
vendor=${carpd//[:]/}
vendor=${vendor:0:6}
while read line
do macid=${line:0:6}
if [ " $macid " = " $vendor " ]
then
echo "MAC Vendor of the attacker is " ${line:(+6)}
macvendor=${line:(+6)}
fi
done < mac-vendors.txt
echo "Gateway changed from " $arpd " to " $carpd " at time " $(date +"%T") " on " $(date +"%D") "The attacker's MAC vendor is " $macvendor >> /usr/DrSpoof/log.txt
hash aircrack-ng >> /usr/DrSpoof/hash1.txt
hash airmon-ng >> /usr/DrSpoof/hash2.txt
r1hash=$(cat /usr/DrSpoof/hash1.txt)
r2hash=$(cat /usr/DrSpoof/hash2.txt)
if [ " $r2hash " = "bash: hash: airmon-ng: not found" ] || [ " $r1hash " = "bash: hash: aircrack-ng: not found" ] ;then
sudo apt-get install aircrack-ng
echo "airmon-ng and aircrack-ng are starting"
else
echo "airmon-ng and aircrack-ng are starting"
fi
sudo airmon-ng start $interface
sudo airmon-ng check kill
sudo airmon-ng start $interface'mon' $channel
while true
do sudo aireplay-ng -0 1000 -a $arpd -c $carpd $interface'mon'
done
exit
fi
done
elif [ " $mode " = ' -p ' ] || [ " $mode " = " --passive " ];then
mymac=`ifconfig $interface`
mymac=${mymac%tx*}
mymac=${mymac##*ether}
python mac_decoder.py $mymac $arpd $interface $arg
fi
else echo "Gateway not found" ;
fi
#======================================================================================================================================================
elif [ " $arg " = ' -h ' ] || [ " $arg " = ' --help ' ]; then
echo "bash ./DrSpoof.sh --[option] --[mode] [interface] "
echo ""
echo "[option]"
echo "-d OR --defence = defend your system from arp spoofing or man in the middle attacks"
echo ""
echo "-o OR --offence = remove the arp spoofer from the network :WARNING: network inteface would go down while removing the spoofer "
echo " from the network. aircrack-ng would get installed in your system if not present beforehand."
echo " An active internet connection would be required for this purpose "
echo ""
echo "-r OR --reset = reset network interface card and network manager (suggested to use after operating the offensive mode.)"
echo ""
echo "[mode]"
echo "-a OR --active = uses active scanning method. Recommended while the system is idle most of the time. "
echo ""
echo "-p OR --passive = uses passive scanning method. Recommended while the system is busy with data transfer via your wireless network "
echo ""
echo "[interface] = the network device you are currently using "
else
echo "use bash ./DrSpoof.sh -[option] ........... use bash ./DrSpoof.sh -h for help"
fi