packetfu 1.1.1 → 1.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/{README → README.rdoc} +2 -2
- metadata +58 -94
- data/INSTALL +0 -40
- data/LICENSE +0 -28
- data/examples/100kpackets.rb +0 -41
- data/examples/ackscan.rb +0 -38
- data/examples/arp.rb +0 -60
- data/examples/arphood.rb +0 -59
- data/examples/dissect_thinger.rb +0 -22
- data/examples/ethernet.rb +0 -10
- data/examples/examples.rb +0 -3
- data/examples/ids.rb +0 -4
- data/examples/idsv2.rb +0 -6
- data/examples/new-simple-stats.rb +0 -52
- data/examples/oui.txt +0 -84177
- data/examples/packetfu-shell.rb +0 -113
- data/examples/simple-sniffer.rb +0 -40
- data/examples/simple-stats.rb +0 -50
- data/examples/slammer.rb +0 -33
- data/examples/uniqpcap.rb +0 -15
- data/lib/packetfu.rb +0 -147
- data/lib/packetfu/capture.rb +0 -169
- data/lib/packetfu/config.rb +0 -58
- data/lib/packetfu/inject.rb +0 -65
- data/lib/packetfu/packet.rb +0 -533
- data/lib/packetfu/pcap.rb +0 -594
- data/lib/packetfu/protos/arp.rb +0 -268
- data/lib/packetfu/protos/eth.rb +0 -296
- data/lib/packetfu/protos/hsrp.rb +0 -206
- data/lib/packetfu/protos/icmp.rb +0 -179
- data/lib/packetfu/protos/invalid.rb +0 -55
- data/lib/packetfu/protos/ip.rb +0 -378
- data/lib/packetfu/protos/ipv6.rb +0 -250
- data/lib/packetfu/protos/tcp.rb +0 -1127
- data/lib/packetfu/protos/udp.rb +0 -240
- data/lib/packetfu/structfu.rb +0 -294
- data/lib/packetfu/utils.rb +0 -194
- data/lib/packetfu/version.rb +0 -50
- data/test/all_tests.rb +0 -41
- data/test/arp_test.pcap +0 -0
- data/test/eth_test.pcap +0 -0
- data/test/ethpacket_spec.rb +0 -74
- data/test/icmp_test.pcap +0 -0
- data/test/ip_test.pcap +0 -0
- data/test/packet_spec.rb +0 -73
- data/test/packet_subclasses_spec.rb +0 -13
- data/test/packetfu_spec.rb +0 -90
- data/test/ptest.rb +0 -16
- data/test/sample-ipv6.pcap +0 -0
- data/test/sample.pcap +0 -0
- data/test/sample2.pcap +0 -0
- data/test/sample_hsrp_pcapr.cap +0 -0
- data/test/structfu_spec.rb +0 -335
- data/test/tcp_spec.rb +0 -101
- data/test/tcp_test.pcap +0 -0
- data/test/test_arp.rb +0 -135
- data/test/test_eth.rb +0 -91
- data/test/test_hsrp.rb +0 -20
- data/test/test_icmp.rb +0 -54
- data/test/test_inject.rb +0 -31
- data/test/test_invalid.rb +0 -28
- data/test/test_ip.rb +0 -69
- data/test/test_ip6.rb +0 -68
- data/test/test_octets.rb +0 -37
- data/test/test_packet.rb +0 -174
- data/test/test_pcap.rb +0 -209
- data/test/test_structfu.rb +0 -112
- data/test/test_tcp.rb +0 -327
- data/test/test_udp.rb +0 -73
- data/test/udp_test.pcap +0 -0
- data/test/vlan-pcapr.cap +0 -0
data/{README → README.rdoc}
RENAMED
metadata
CHANGED
@@ -1,8 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: packetfu
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
|
4
|
+
hash: 23
|
5
|
+
prerelease: false
|
6
|
+
segments:
|
7
|
+
- 1
|
8
|
+
- 1
|
9
|
+
- 2
|
10
|
+
version: 1.1.2
|
6
11
|
platform: ruby
|
7
12
|
authors:
|
8
13
|
- Tod Beardsley
|
@@ -10,7 +15,7 @@ autorequire:
|
|
10
15
|
bindir: bin
|
11
16
|
cert_chain: []
|
12
17
|
|
13
|
-
date: 2011-
|
18
|
+
date: 2011-10-01 00:00:00 -05:00
|
14
19
|
default_executable:
|
15
20
|
dependencies:
|
16
21
|
- !ruby/object:Gem::Dependency
|
@@ -21,9 +26,46 @@ dependencies:
|
|
21
26
|
requirements:
|
22
27
|
- - ">="
|
23
28
|
- !ruby/object:Gem::Version
|
29
|
+
hash: 63
|
30
|
+
segments:
|
31
|
+
- 0
|
32
|
+
- 9
|
33
|
+
- 2
|
24
34
|
version: 0.9.2
|
25
35
|
type: :development
|
26
36
|
version_requirements: *id001
|
37
|
+
- !ruby/object:Gem::Dependency
|
38
|
+
name: rspec
|
39
|
+
prerelease: false
|
40
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ">="
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
hash: 19
|
46
|
+
segments:
|
47
|
+
- 2
|
48
|
+
- 6
|
49
|
+
- 2
|
50
|
+
version: 2.6.2
|
51
|
+
type: :development
|
52
|
+
version_requirements: *id002
|
53
|
+
- !ruby/object:Gem::Dependency
|
54
|
+
name: sdoc
|
55
|
+
prerelease: false
|
56
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
hash: 23
|
62
|
+
segments:
|
63
|
+
- 0
|
64
|
+
- 2
|
65
|
+
- 0
|
66
|
+
version: 0.2.0
|
67
|
+
type: :development
|
68
|
+
version_requirements: *id003
|
27
69
|
description: PacketFu is a mid-level packet manipulation library for Ruby. With it, users can read, parse, and write network packets with the level of ease and fun they expect from Ruby. Note that this gem does not automatically require pcaprub, since users may install pcaprub through non-gem means.
|
28
70
|
email: todb@planb-security.net
|
29
71
|
executables: []
|
@@ -31,80 +73,11 @@ executables: []
|
|
31
73
|
extensions: []
|
32
74
|
|
33
75
|
extra_rdoc_files:
|
34
|
-
- README
|
35
76
|
- .document
|
77
|
+
- README.rdoc
|
36
78
|
files:
|
37
|
-
- lib/packetfu.rb
|
38
|
-
- lib/packetfu/version.rb
|
39
|
-
- lib/packetfu/structfu.rb
|
40
|
-
- lib/packetfu/capture.rb
|
41
|
-
- lib/packetfu/pcap.rb
|
42
|
-
- lib/packetfu/config.rb
|
43
|
-
- lib/packetfu/inject.rb
|
44
|
-
- lib/packetfu/protos/tcp.rb
|
45
|
-
- lib/packetfu/protos/eth.rb
|
46
|
-
- lib/packetfu/protos/ipv6.rb
|
47
|
-
- lib/packetfu/protos/udp.rb
|
48
|
-
- lib/packetfu/protos/arp.rb
|
49
|
-
- lib/packetfu/protos/ip.rb
|
50
|
-
- lib/packetfu/protos/invalid.rb
|
51
|
-
- lib/packetfu/protos/icmp.rb
|
52
|
-
- lib/packetfu/protos/hsrp.rb
|
53
|
-
- lib/packetfu/utils.rb
|
54
|
-
- lib/packetfu/packet.rb
|
55
|
-
- INSTALL
|
56
|
-
- LICENSE
|
57
|
-
- README
|
58
79
|
- .document
|
59
|
-
-
|
60
|
-
- test/test_icmp.rb
|
61
|
-
- test/udp_test.pcap
|
62
|
-
- test/sample2.pcap
|
63
|
-
- test/sample.pcap
|
64
|
-
- test/test_ip6.rb
|
65
|
-
- test/all_tests.rb
|
66
|
-
- test/test_invalid.rb
|
67
|
-
- test/packetfu_spec.rb
|
68
|
-
- test/test_packet.rb
|
69
|
-
- test/test_pcap.rb
|
70
|
-
- test/icmp_test.pcap
|
71
|
-
- test/test_udp.rb
|
72
|
-
- test/sample_hsrp_pcapr.cap
|
73
|
-
- test/tcp_spec.rb
|
74
|
-
- test/test_tcp.rb
|
75
|
-
- test/tcp_test.pcap
|
76
|
-
- test/test_arp.rb
|
77
|
-
- test/arp_test.pcap
|
78
|
-
- test/test_inject.rb
|
79
|
-
- test/test_eth.rb
|
80
|
-
- test/ethpacket_spec.rb
|
81
|
-
- test/packet_spec.rb
|
82
|
-
- test/vlan-pcapr.cap
|
83
|
-
- test/sample-ipv6.pcap
|
84
|
-
- test/test_hsrp.rb
|
85
|
-
- test/test_structfu.rb
|
86
|
-
- test/ptest.rb
|
87
|
-
- test/ip_test.pcap
|
88
|
-
- test/eth_test.pcap
|
89
|
-
- test/test_ip.rb
|
90
|
-
- test/structfu_spec.rb
|
91
|
-
- test/packet_subclasses_spec.rb
|
92
|
-
- examples/oui.txt
|
93
|
-
- examples/uniqpcap.rb
|
94
|
-
- examples/dissect_thinger.rb
|
95
|
-
- examples/examples.rb
|
96
|
-
- examples/simple-stats.rb
|
97
|
-
- examples/arphood.rb
|
98
|
-
- examples/simple-sniffer.rb
|
99
|
-
- examples/ethernet.rb
|
100
|
-
- examples/arp.rb
|
101
|
-
- examples/slammer.rb
|
102
|
-
- examples/packetfu-shell.rb
|
103
|
-
- examples/idsv2.rb
|
104
|
-
- examples/ackscan.rb
|
105
|
-
- examples/ids.rb
|
106
|
-
- examples/new-simple-stats.rb
|
107
|
-
- examples/100kpackets.rb
|
80
|
+
- README.rdoc
|
108
81
|
has_rdoc: true
|
109
82
|
homepage: https://github.com/todb/packetfu
|
110
83
|
licenses:
|
@@ -119,34 +92,25 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
119
92
|
requirements:
|
120
93
|
- - ">="
|
121
94
|
- !ruby/object:Gem::Version
|
95
|
+
hash: 3
|
96
|
+
segments:
|
97
|
+
- 0
|
122
98
|
version: "0"
|
123
99
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
124
100
|
none: false
|
125
101
|
requirements:
|
126
102
|
- - ">="
|
127
103
|
- !ruby/object:Gem::Version
|
104
|
+
hash: 3
|
105
|
+
segments:
|
106
|
+
- 0
|
128
107
|
version: "0"
|
129
|
-
requirements:
|
130
|
-
|
131
|
-
- rspec, v2.6.2 or later, for testing
|
132
|
-
- pcaprub v0.9.2 or later, for packet capture/inject
|
108
|
+
requirements: []
|
109
|
+
|
133
110
|
rubyforge_project: packetfu
|
134
|
-
rubygems_version: 1.
|
111
|
+
rubygems_version: 1.3.7
|
135
112
|
signing_key:
|
136
113
|
specification_version: 3
|
137
114
|
summary: PacketFu is a mid-level packet manipulation library.
|
138
|
-
test_files:
|
139
|
-
|
140
|
-
- test/test_icmp.rb
|
141
|
-
- test/test_ip6.rb
|
142
|
-
- test/test_invalid.rb
|
143
|
-
- test/test_packet.rb
|
144
|
-
- test/test_pcap.rb
|
145
|
-
- test/test_udp.rb
|
146
|
-
- test/test_tcp.rb
|
147
|
-
- test/test_arp.rb
|
148
|
-
- test/test_inject.rb
|
149
|
-
- test/test_eth.rb
|
150
|
-
- test/test_hsrp.rb
|
151
|
-
- test/test_structfu.rb
|
152
|
-
- test/test_ip.rb
|
115
|
+
test_files: []
|
116
|
+
|
data/INSTALL
DELETED
@@ -1,40 +0,0 @@
|
|
1
|
-
== INSTALL
|
2
|
-
|
3
|
-
Installation is pretty straightforward -- it's a gem now!
|
4
|
-
|
5
|
-
$ rvm gem install packetfu
|
6
|
-
|
7
|
-
Not using rvm? For shame! Get it now, it will make your life 100x better.
|
8
|
-
|
9
|
-
$ links http://rvm.beginrescueend.com/
|
10
|
-
|
11
|
-
If you are installing from a source checkout, just run (as root / rvmsudo):
|
12
|
-
|
13
|
-
$ rvmsudo ./setup.rb
|
14
|
-
$ sudo ruby ./setup.rb # If not on rvm, and seriously what is wrong with you?
|
15
|
-
|
16
|
-
== Testing
|
17
|
-
|
18
|
-
The easiest way to test the installation is to run PacketFu via
|
19
|
-
irb, using the example shell in the "examples" directory:
|
20
|
-
|
21
|
-
% sudo irb -r packetfu-shell.rb
|
22
|
-
|
23
|
-
After the banner, you should see something like:
|
24
|
-
|
25
|
-
>>> Use $packetfu_default.config for salient networking details.
|
26
|
-
IP: 192.168.1.100 Mac: 00:1d:e0:54:2f:7e Gateway: 00:03:2f:32:a5:3c
|
27
|
-
Net: 192.168.1.0 Iface: wlan0
|
28
|
-
>>> Packet capturing/injecting enabled.
|
29
|
-
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
|
30
|
-
|
31
|
-
If not, then Something Went Wrong. It's most likely that you have either
|
32
|
-
an older or broken version of pcaprub (try installing the version provided
|
33
|
-
with Metasploit), or you have a very, very old version of libpcap (version
|
34
|
-
0.9.4 is the oldest tested version, and there's really no reason to not
|
35
|
-
be at least on 1.0.0).
|
36
|
-
|
37
|
-
== Complaints
|
38
|
-
|
39
|
-
If things don't work out, please contact todb@planb-security.net, and I'll
|
40
|
-
try to get you all sorted out.
|
data/LICENSE
DELETED
@@ -1,28 +0,0 @@
|
|
1
|
-
== LICENSE
|
2
|
-
|
3
|
-
Copyright (c) 2008-2011, Tod Beardsley
|
4
|
-
All rights reserved.
|
5
|
-
|
6
|
-
Redistribution and use in source and binary forms, with or without
|
7
|
-
modification, are permitted provided that the following conditions are met:
|
8
|
-
|
9
|
-
* Redistributions of source code must retain the above copyright
|
10
|
-
notice, this list of conditions and the following disclaimer.
|
11
|
-
* Redistributions in binary form must reproduce the above copyright
|
12
|
-
notice, this list of conditions and the following disclaimer in the
|
13
|
-
documentation and/or other materials provided with the distribution.
|
14
|
-
* Neither the name of Tod Beardsley nor the
|
15
|
-
names of its contributors may be used to endorse or promote products
|
16
|
-
derived from this software without specific prior written permission.
|
17
|
-
|
18
|
-
THIS SOFTWARE IS PROVIDED BY TOD BEARDSLEY ''AS IS'' AND ANY
|
19
|
-
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
20
|
-
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
21
|
-
DISCLAIMED. IN NO EVENT SHALL TOD BEARDSLEY BE LIABLE FOR ANY
|
22
|
-
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
23
|
-
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
24
|
-
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
25
|
-
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
26
|
-
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
27
|
-
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
28
|
-
|
data/examples/100kpackets.rb
DELETED
@@ -1,41 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
# Used mainly to test for memory leaks and to demo the preferred ways of
|
4
|
-
# reading and writing packets to and from pcap files.
|
5
|
-
require './examples' # For path setting slight-of-hand
|
6
|
-
require 'packetfu'
|
7
|
-
|
8
|
-
include PacketFu
|
9
|
-
puts "Generating packets... (#{Time.now.utc})"
|
10
|
-
|
11
|
-
File.unlink("/tmp/out.pcap") if File.exists? "/tmp/out.pcap"
|
12
|
-
start_time = Time.now.utc
|
13
|
-
count = 0
|
14
|
-
|
15
|
-
100.times do
|
16
|
-
@pcaps = []
|
17
|
-
1000.times do
|
18
|
-
u = UDPPacket.new
|
19
|
-
u.ip_src = [rand(2**32-1)].pack("N")
|
20
|
-
u.ip_dst = [rand(2**32-1)].pack("N")
|
21
|
-
u.recalc
|
22
|
-
@pcaps << u
|
23
|
-
end
|
24
|
-
pfile = PcapFile.new
|
25
|
-
res = pfile.array_to_file(:filename => "/tmp/out.pcap", :array => @pcaps, :append => true)
|
26
|
-
count += res.last
|
27
|
-
puts "Wrote #{count} packets in #{Time.now.utc - start_time} seconds"
|
28
|
-
end
|
29
|
-
|
30
|
-
read_bytes_start = Time.now.utc
|
31
|
-
puts "Reading packet bytes..."
|
32
|
-
packet_bytes = PcapFile.read_packet_bytes "/tmp/out.pcap"
|
33
|
-
puts "Read #{packet_bytes.size} packet byte blobs in #{Time.now.utc - read_bytes_start} seconds."
|
34
|
-
|
35
|
-
read_packets_start = Time.now.utc
|
36
|
-
puts "Reading packets..."
|
37
|
-
packet_bytes = PcapFile.read_packets "/tmp/out.pcap"
|
38
|
-
puts "Read #{packet_bytes.size} parsed packets in #{Time.now.utc - read_packets_start} seconds."
|
39
|
-
|
40
|
-
|
41
|
-
|
data/examples/ackscan.rb
DELETED
@@ -1,38 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
require 'packetfu'
|
3
|
-
# Portscanning!
|
4
|
-
# Run this on one machine
|
5
|
-
#cap = Capture.new(:iface=>'wlan0') # or whatever your interface is
|
6
|
-
#cap.show_live(:filter => 'src net 209.85.165')
|
7
|
-
# Run this on another:
|
8
|
-
#cap = Capture.new(:iface=>'wlan0') # or whatever your interface is
|
9
|
-
#cap = Capture.new(:iface=>'wlan0') # or whatever your interface is
|
10
|
-
# Run this on the third
|
11
|
-
def do_scan
|
12
|
-
puts "Generating packets..."
|
13
|
-
pkt_array = gen_packets.sort_by {rand}
|
14
|
-
puts "Dumping them on the wire..."
|
15
|
-
inj = PacketFu::Inject.new(:iface => ARGV[0])
|
16
|
-
inj.array_to_wire(:array=>pkt_array)
|
17
|
-
puts "Done!"
|
18
|
-
end
|
19
|
-
|
20
|
-
def gen_packets
|
21
|
-
config = PacketFu::Utils.whoami?(:iface=>ARGV[0])
|
22
|
-
pkt = PacketFu::TCPPacket.new(:config=>config, :flavor=>"Windows")
|
23
|
-
pkt.payload ="all I wanna do is ACK ACK ACK and a RST and take your money"
|
24
|
-
pkt.ip_daddr="209.85.165.0" # One of Google's networks
|
25
|
-
pkt.tcp_flags.ack=1
|
26
|
-
pkt.tcp_dst=81
|
27
|
-
pkt_array = []
|
28
|
-
256.times do |i|
|
29
|
-
pkt.ip_dst.o4=i
|
30
|
-
pkt.tcp_src = rand(5000 - 1025) + 1025
|
31
|
-
pkt.recalc
|
32
|
-
pkt_array << pkt.to_s
|
33
|
-
end
|
34
|
-
pkt_array
|
35
|
-
end
|
36
|
-
|
37
|
-
do_scan
|
38
|
-
|
data/examples/arp.rb
DELETED
@@ -1,60 +0,0 @@
|
|
1
|
-
# This is a somewhat contrived and verbose demonstration of how to implement ARP manually.
|
2
|
-
#
|
3
|
-
# It's contrived because this is really how PacketFu::Utils got born; something similiar
|
4
|
-
# (and a wee bit cleaner) is already available as Packet::Utils::arp, since knowing the
|
5
|
-
# MAC address of a target IP turns out to be pretty useful day-to-day.
|
6
|
-
|
7
|
-
require 'examples' # For path setting slight-of-hand
|
8
|
-
require 'packetfu'
|
9
|
-
|
10
|
-
def usage
|
11
|
-
if ARGV[0].nil?
|
12
|
-
raise ArgumentError, "You need an IP address to start with."
|
13
|
-
elsif !Process.euid.zero?
|
14
|
-
raise SecurityError, "You need to be root to run this."
|
15
|
-
end
|
16
|
-
end
|
17
|
-
|
18
|
-
usage unless target_ip = ARGV[0] # Need a target IP.
|
19
|
-
usage unless Process.euid.zero? # Need to be root.
|
20
|
-
IPAddr.new(target_ip) # Check to see it's really an IP address, and not a herring or something.
|
21
|
-
|
22
|
-
$packetfu_default = PacketFu::Config.new(PacketFu::Utils.whoami?).config
|
23
|
-
|
24
|
-
def arp(target_ip)
|
25
|
-
|
26
|
-
arp_pkt = PacketFu::ARPPacket.new(:flavor => "Windows")
|
27
|
-
arp_pkt.eth_saddr = arp_pkt.arp_saddr_mac = $packetfu_default[:eth_saddr]
|
28
|
-
arp_pkt.eth_daddr = "ff:ff:ff:ff:ff:ff"
|
29
|
-
arp_pkt.arp_daddr_mac = "00:00:00:00:00:00"
|
30
|
-
|
31
|
-
arp_pkt.arp_saddr_ip = $packetfu_default[:ip_saddr]
|
32
|
-
arp_pkt.arp_daddr_ip = target_ip
|
33
|
-
|
34
|
-
# Stick the Capture object in its own thread.
|
35
|
-
|
36
|
-
cap_thread = Thread.new do
|
37
|
-
cap = PacketFu::Capture.new(:start => true,
|
38
|
-
:filter => "arp src #{target_ip} and ether dst #{arp_pkt.eth_saddr}")
|
39
|
-
arp_pkt.to_w # Shorthand for sending single packets to the default interface.
|
40
|
-
target_mac = nil
|
41
|
-
while target_mac.nil?
|
42
|
-
if cap.save > 0
|
43
|
-
arp_response = PacketFu::Packet.parse(cap.array[0])
|
44
|
-
target_mac = arp_response.arp_saddr_mac if arp_response.arp_saddr_ip = target_ip
|
45
|
-
end
|
46
|
-
sleep 0.1 # Check for a response ten times per second.
|
47
|
-
end
|
48
|
-
puts "#{target_ip} is-at #{target_mac}"
|
49
|
-
# That's all we need.
|
50
|
-
exit 0
|
51
|
-
end
|
52
|
-
|
53
|
-
# Timeout for cap_thread
|
54
|
-
sleep 3; puts "Oh noes! Couldn't get an arp out of #{target_ip}. Maybe it's not here."
|
55
|
-
exit 1
|
56
|
-
end
|
57
|
-
|
58
|
-
arp(target_ip)
|
59
|
-
|
60
|
-
|
data/examples/arphood.rb
DELETED
@@ -1,59 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
# A simple local network fingerprinter. Uses the OUI list.
|
4
|
-
|
5
|
-
require 'examples'
|
6
|
-
require 'packetfu'
|
7
|
-
require 'open-uri'
|
8
|
-
|
9
|
-
$oui_prefixes = {}
|
10
|
-
$arp_results = []
|
11
|
-
def build_oui_list
|
12
|
-
if ARGV[0].nil?
|
13
|
-
puts "Fetching the oui.txt from IEEE, it'll be a second. Avoid this with #{$0} <filename>."
|
14
|
-
oui_file = open("http://standards.ieee.org/regauth/oui/oui.txt")
|
15
|
-
else
|
16
|
-
oui_file = File.open(ARGV[0], "rb")
|
17
|
-
end
|
18
|
-
oui_file.each do |oui_line|
|
19
|
-
maybe_oui = oui_line.scan(/^[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}/i)[0]
|
20
|
-
unless maybe_oui.nil?
|
21
|
-
oui_value = maybe_oui
|
22
|
-
oui_vendor = oui_line.split(/\(hex\)\s*/n)[1] || "PRIVATE"
|
23
|
-
$oui_prefixes[oui_value] = oui_vendor.chomp
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
|
-
build_oui_list
|
29
|
-
|
30
|
-
$root_ok = true if Process.euid.zero?
|
31
|
-
|
32
|
-
def arp_everyone
|
33
|
-
my_net = PacketFu::Config.new(PacketFu::Utils.whoami?(:iface => 'wlan0'))
|
34
|
-
threads = []
|
35
|
-
network = "192.168.2"
|
36
|
-
print "Arping around..."
|
37
|
-
253.times do |i|
|
38
|
-
threads[i] = Thread.new do
|
39
|
-
this_host = network + ".#{i+1}"
|
40
|
-
print "."
|
41
|
-
colon_mac = PacketFu::Utils.arp(this_host,my_net.config)
|
42
|
-
unless colon_mac.nil?
|
43
|
-
hyphen_mac = colon_mac.tr(':','-').upcase[0,8]
|
44
|
-
else
|
45
|
-
hyphen_mac = colon_mac = "NOTHERE"
|
46
|
-
end
|
47
|
-
$arp_results << "%s : %s / %s" % [this_host,colon_mac,$oui_prefixes[hyphen_mac]]
|
48
|
-
end
|
49
|
-
end
|
50
|
-
threads.join
|
51
|
-
end
|
52
|
-
|
53
|
-
if $root_ok
|
54
|
-
arp_everyone
|
55
|
-
puts "\n"
|
56
|
-
sleep 3
|
57
|
-
$arp_results.sort.each {|a| puts a unless a =~ /NOTHERE/}
|
58
|
-
end
|
59
|
-
|