arp_scan 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/README.md +11 -16
- data/arp_scan.gemspec +0 -1
- data/lib/arp_scan/arp_scanner.rb +12 -3
- data/lib/arp_scan/scan_report.rb +12 -0
- data/lib/arp_scan/scan_result_processor.rb +18 -8
- data/lib/arp_scan/version.rb +1 -1
- data/spec/arp_scan_spec.rb +1 -1
- data/spec/scan_result_processor_spec.rb +14 -0
- data/spec/test_output_2.txt +9 -0
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 35970ca5fd7010c821b2a553e4852e0b3e4cbccf186aa57a1ce26ac0ad6c049c
|
|
4
|
+
data.tar.gz: 1c63484f637139d6de689c29e9014ecce4d222506bc837c33a4edd75802944b4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: da55cbe303db00aca3fa6fa24818cedbf40f525b329d986a56cd5d9dfe16071a7f84e2c2a7fe74c9172e3e5debd0077a5337d51cd4942eba022289bd3bf09e21
|
|
7
|
+
data.tar.gz: 80c489f8604c905e732bb13fb48c7d2a3f13a8e923a28d71cb68e5d74774b1359805b160c02ea46bba5ee71ca8af16b9597674fed9b8cdd1de7231bb82223dab
|
data/.gitignore
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
*.gem
|
data/README.md
CHANGED
|
@@ -7,23 +7,12 @@ Very simple wrapper for using and parsing output from `arp-scan`.
|
|
|
7
7
|
|
|
8
8
|
You will need to make sure `arp-scan` is installed. See the arp-scan homepage at http://www.nta-monitor.com/tools/arp-scan/
|
|
9
9
|
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
* Edit `/etc/sudoers` to allow user to run `arp-scan` as root without a
|
|
14
|
-
password.
|
|
15
|
-
|
|
16
|
-
`user host = (root) NOPASSWD: /usr/bin/arp-scan`
|
|
17
|
-
|
|
18
|
-
* Set the SUID bit on the `arp-scan` bin:
|
|
19
|
-
|
|
20
|
-
`sudo chmod u+s /usr/bin/arp-scan`
|
|
21
|
-
|
|
22
|
-
* Run your Ruby code as root (I wouldn't do this)
|
|
23
|
-
|
|
24
|
-
I use the SUID method but if you have other people logging into your machine you
|
|
25
|
-
should probably go with the `/etc/sudoers` method.
|
|
10
|
+
`arp-scan` generally requires root privs to run. I use `setcap` to give it the
|
|
11
|
+
raw socket privs it needs so normal users can run it without sudo:
|
|
26
12
|
|
|
13
|
+
```shell
|
|
14
|
+
sudo setcap cap_net_raw+ep /usr/bin/arp-scan
|
|
15
|
+
```
|
|
27
16
|
|
|
28
17
|
## Notes
|
|
29
18
|
|
|
@@ -86,6 +75,12 @@ first_host.mac => '00:11:22:33:44:55'
|
|
|
86
75
|
first_host.oui => "NIC Manufacturer"
|
|
87
76
|
```
|
|
88
77
|
|
|
78
|
+
## Run the Tests
|
|
79
|
+
```ruby
|
|
80
|
+
cd arp_scan/spec
|
|
81
|
+
rspec .
|
|
82
|
+
```
|
|
83
|
+
|
|
89
84
|
|
|
90
85
|
|
|
91
86
|
|
data/arp_scan.gemspec
CHANGED
data/lib/arp_scan/arp_scanner.rb
CHANGED
|
@@ -7,14 +7,23 @@ module ARPScan
|
|
|
7
7
|
# delegates the parsing of the scan results to the ScanResultProcessor module.
|
|
8
8
|
#
|
|
9
9
|
module ARPScanner
|
|
10
|
+
# get array of file extensions, relevant for Windows
|
|
11
|
+
def self.exts
|
|
12
|
+
ENV['PATHEXT'] ? ENV['PATHEXT'].split(';') : ['']
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
# get array of paths
|
|
16
|
+
def self.paths
|
|
17
|
+
ENV['PATH'].split(File::PATH_SEPARATOR)
|
|
18
|
+
end
|
|
19
|
+
|
|
10
20
|
# I got this method from: http://stackoverflow.com/questions/2108727
|
|
11
21
|
# Cross-platform way of finding an executable in the $PATH.
|
|
12
22
|
#
|
|
13
23
|
# which('ruby') #=> /usr/bin/ruby
|
|
14
24
|
#
|
|
15
25
|
def self.which(cmd)
|
|
16
|
-
|
|
17
|
-
ENV['PATH'].split(File::PATH_SEPARATOR).each do |path|
|
|
26
|
+
paths.each do |path|
|
|
18
27
|
exts.each do |ext|
|
|
19
28
|
exe = File.join(path, "#{cmd}#{ext}")
|
|
20
29
|
return exe if File.executable?(exe) && !File.directory?(exe)
|
|
@@ -32,6 +41,6 @@ module ARPScan
|
|
|
32
41
|
ScanResultProcessor.process(result_string, argument_string)
|
|
33
42
|
end
|
|
34
43
|
|
|
35
|
-
private_class_method :which
|
|
44
|
+
private_class_method :which, :exts, :paths
|
|
36
45
|
end
|
|
37
46
|
end
|
data/lib/arp_scan/scan_report.rb
CHANGED
|
@@ -17,6 +17,14 @@ module ARPScan
|
|
|
17
17
|
#
|
|
18
18
|
attr_reader :datalink
|
|
19
19
|
|
|
20
|
+
# IP address of interface
|
|
21
|
+
#
|
|
22
|
+
attr_reader :ipv4
|
|
23
|
+
|
|
24
|
+
# MAC address of the interface
|
|
25
|
+
#
|
|
26
|
+
attr_reader :mac
|
|
27
|
+
|
|
20
28
|
# `arp-scan` version number.
|
|
21
29
|
#
|
|
22
30
|
attr_reader :version
|
|
@@ -46,6 +54,8 @@ module ARPScan
|
|
|
46
54
|
@hosts = hash[:hosts]
|
|
47
55
|
@interface = hash[:interface]
|
|
48
56
|
@datalink = hash[:datalink]
|
|
57
|
+
@ipv4 = hash[:ipv4]
|
|
58
|
+
@mac = hash[:mac]
|
|
49
59
|
@version = hash[:version]
|
|
50
60
|
@range_size = Integer(hash[:range_size])
|
|
51
61
|
@scan_time = Float(hash[:scan_time])
|
|
@@ -74,6 +84,8 @@ module ARPScan
|
|
|
74
84
|
{ hosts: @hosts.map(&:to_hash),
|
|
75
85
|
interface: @interface,
|
|
76
86
|
datalink: @datalink,
|
|
87
|
+
ipv4: @ipv4,
|
|
88
|
+
mac: @mac,
|
|
77
89
|
version: @version,
|
|
78
90
|
range_size: @range_size,
|
|
79
91
|
scan_time: @scan_time,
|
|
@@ -10,16 +10,24 @@ module ARPScan
|
|
|
10
10
|
module ScanResultProcessor
|
|
11
11
|
# Regex to capture IP address, MAC address, and OUI information
|
|
12
12
|
#
|
|
13
|
-
HOST_ENTRY_REGEX = /(\d+.\d+.\d+.\d+)\s(\w\w:\w\w:\w\w:\w\w:\w\w:\w\w)\s(.*)
|
|
13
|
+
HOST_ENTRY_REGEX = /(\d+.\d+.\d+.\d+)\s(\w\w:\w\w:\w\w:\w\w:\w\w:\w\w)\s(.*)/
|
|
14
14
|
|
|
15
15
|
# Regex to capture interface and datalink
|
|
16
16
|
#
|
|
17
|
-
INTERFACE_SUMMARY_REGEX = /
|
|
17
|
+
INTERFACE_SUMMARY_REGEX = /
|
|
18
|
+
^Interface:\s+(?<interface>[^,\n]+),
|
|
19
|
+
(?:\s*datalink)?\s*type:\s*(?<datalink>[^\n,]+?)(?=,\s*MAC:|$)
|
|
20
|
+
(?:,\s*MAC:\s*(?<mac>[0-9A-Fa-f]{2}(?::[0-9A-Fa-f]{2}){5}))?
|
|
21
|
+
(?:,\s*IPv4:\s*(?<ipv4>(?:(?:25[0-5]|2[0-4]\d|1?\d?\d)\.){3}(?:25[0-5]|2[0-4]\d|1?\d?\d)))?
|
|
22
|
+
$
|
|
23
|
+
/x
|
|
24
|
+
|
|
25
|
+
|
|
18
26
|
|
|
19
27
|
# Regex to capture arp-scan version, scan range size, scan time, scan rate,
|
|
20
28
|
# and the number of responding hosts.
|
|
21
29
|
#
|
|
22
|
-
SCAN_SUMMARY_REGEX = %r{Ending arp-scan (?<version>.*): (?<range_size>.*) hosts scanned in (?<scan_time>.*) seconds \((?<scan_rate>.*) hosts/sec\). (?<reply_count>.*) responded}
|
|
30
|
+
SCAN_SUMMARY_REGEX = %r{Ending arp-scan (?<version>.*): (?<range_size>.*) hosts scanned in (?<scan_time>.*) seconds \((?<scan_rate>.*) hosts/sec\). (?<reply_count>.*) responded}
|
|
23
31
|
|
|
24
32
|
# This method does the actual processing of the arp-scan result string. It
|
|
25
33
|
# uses the Regexes to capture data then passes the results to ScanRepor.new
|
|
@@ -29,12 +37,14 @@ module ARPScan
|
|
|
29
37
|
results = {}
|
|
30
38
|
results[:hosts] = string.scan(HOST_ENTRY_REGEX).map { |entry| Host.new(*entry) }
|
|
31
39
|
results[:interface],
|
|
32
|
-
|
|
40
|
+
results[:datalink],
|
|
41
|
+
results[:mac],
|
|
42
|
+
results[:ipv4] = string.scan(INTERFACE_SUMMARY_REGEX)[0]
|
|
33
43
|
results[:version],
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
44
|
+
results[:range_size],
|
|
45
|
+
results[:scan_time],
|
|
46
|
+
results[:scan_rate],
|
|
47
|
+
results[:reply_count] = string.scan(SCAN_SUMMARY_REGEX)[0]
|
|
38
48
|
results[:arguments] = arguments
|
|
39
49
|
ScanReport.new(results)
|
|
40
50
|
end
|
data/lib/arp_scan/version.rb
CHANGED
data/spec/arp_scan_spec.rb
CHANGED
|
@@ -6,23 +6,37 @@ module ARPScan
|
|
|
6
6
|
describe ScanResultProcessor do
|
|
7
7
|
argument_string = '-l'
|
|
8
8
|
report_string = File.read './test_output.txt'
|
|
9
|
+
report_string_2 = File.read './test_output_2.txt'
|
|
9
10
|
report = ARPScan::ScanResultProcessor.process(report_string, argument_string)
|
|
11
|
+
report_2 = ARPScan::ScanResultProcessor.process(report_string_2, argument_string)
|
|
10
12
|
|
|
11
13
|
describe '#process' do
|
|
12
14
|
it 'processes arp-scan output to create a ScanReport object' do
|
|
13
15
|
expect(report.class).to eq(ARPScan::ScanReport)
|
|
16
|
+
expect(report_2.class).to eq(ARPScan::ScanReport)
|
|
14
17
|
end
|
|
15
18
|
|
|
16
19
|
it 'builds an array of Host objects' do
|
|
17
20
|
expect(report.hosts[0].class).to eq(ARPScan::Host)
|
|
21
|
+
expect(report_2.hosts[0].class).to eq(ARPScan::Host)
|
|
18
22
|
end
|
|
19
23
|
|
|
20
24
|
it 'parses the scan interface name' do
|
|
21
25
|
expect(report.interface).to eq('eth0')
|
|
26
|
+
expect(report_2.interface).to eq('enp4s0')
|
|
22
27
|
end
|
|
23
28
|
|
|
24
29
|
it 'parses the datalink type information' do
|
|
25
30
|
expect(report.datalink).to eq('EN10MB (Ethernet)')
|
|
31
|
+
expect(report_2.datalink).to eq('EN10MB')
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
it 'parses the ip of the scanner on newer versions of arp-scan' do
|
|
35
|
+
expect(report_2.ipv4).to eq('10.0.0.5')
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
it 'parses the MAC of the scanner on newer versions of arp-scan' do
|
|
39
|
+
expect(report_2.mac).to eq('a1:b2:c3:d4:e5:f6')
|
|
26
40
|
end
|
|
27
41
|
|
|
28
42
|
it 'parses the version of arp-scan that ran the scan' do
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
Interface: enp4s0, type: EN10MB, MAC: a1:b2:c3:d4:e5:f6, IPv4: 10.0.0.5
|
|
2
|
+
Starting arp-scan 1.10.0 with 256 hosts (https://github.com/royhills/arp-scan)
|
|
3
|
+
10.0.0.1 11:22:33:44:55:66 GL Technologies (Hong Kong) Limited
|
|
4
|
+
10.0.0.100 aa:bb:cc:dd:ee:ff SHENZHEN ZHIBOTONG ELECTRONICS CO.,LTD
|
|
5
|
+
10.0.0.213 1a:2b:3c:4d:e5:f6 (Unknown)
|
|
6
|
+
|
|
7
|
+
3 packets received by filter, 0 packets dropped by kernel
|
|
8
|
+
Ending arp-scan 1.10.0: 256 hosts scanned in 1.965 seconds (130.28 hosts/sec). 3 responded
|
|
9
|
+
|
metadata
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: arp_scan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Michael Rodrigues
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
12
11
|
dependencies: []
|
|
13
12
|
description: Use the arp-scan utility from your ruby programs.
|
|
14
13
|
email:
|
|
@@ -17,6 +16,7 @@ executables: []
|
|
|
17
16
|
extensions: []
|
|
18
17
|
extra_rdoc_files: []
|
|
19
18
|
files:
|
|
19
|
+
- ".gitignore"
|
|
20
20
|
- Gemfile
|
|
21
21
|
- Gemfile.lock
|
|
22
22
|
- LICENSE.txt
|
|
@@ -35,11 +35,11 @@ files:
|
|
|
35
35
|
- spec/scan_result_processor_spec.rb
|
|
36
36
|
- spec/spec_helper.rb
|
|
37
37
|
- spec/test_output.txt
|
|
38
|
+
- spec/test_output_2.txt
|
|
38
39
|
homepage: https://github.com/mikerodrigues/arp_scan
|
|
39
40
|
licenses:
|
|
40
41
|
- MIT
|
|
41
42
|
metadata: {}
|
|
42
|
-
post_install_message:
|
|
43
43
|
rdoc_options: []
|
|
44
44
|
require_paths:
|
|
45
45
|
- lib
|
|
@@ -54,8 +54,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
54
54
|
- !ruby/object:Gem::Version
|
|
55
55
|
version: '0'
|
|
56
56
|
requirements: []
|
|
57
|
-
rubygems_version: 3.
|
|
58
|
-
signing_key:
|
|
57
|
+
rubygems_version: 3.7.1
|
|
59
58
|
specification_version: 4
|
|
60
59
|
summary: A ruby wrapper for the arp-scan utility.
|
|
61
60
|
test_files:
|
|
@@ -66,3 +65,4 @@ test_files:
|
|
|
66
65
|
- spec/scan_result_processor_spec.rb
|
|
67
66
|
- spec/spec_helper.rb
|
|
68
67
|
- spec/test_output.txt
|
|
68
|
+
- spec/test_output_2.txt
|