{"id":20276671,"url":"https://github.com/eonraider/arp-spoofer","last_synced_at":"2025-04-08T04:18:45.210Z","repository":{"id":50465797,"uuid":"308875722","full_name":"EONRaider/Arp-Spoofer","owner":"EONRaider","description":"A pure-Python ARP Cache Poisoning (a.k.a \"ARP Spoofing\") tool","archived":false,"fork":false,"pushed_at":"2021-12-15T20:55:25.000Z","size":172,"stargazers_count":280,"open_issues_count":0,"forks_count":28,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-03-24T10:14:57.880Z","etag":null,"topics":["arp-poisoning","arp-spoofing","ethical-hacking","network-programming","penetration-testing"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EONRaider.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-10-31T12:22:16.000Z","updated_at":"2025-03-14T01:43:30.000Z","dependencies_parsed_at":"2022-08-26T11:32:35.489Z","dependency_job_id":null,"html_url":"https://github.com/EONRaider/Arp-Spoofer","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EONRaider%2FArp-Spoofer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EONRaider%2FArp-Spoofer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EONRaider%2FArp-Spoofer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EONRaider%2FArp-Spoofer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EONRaider","download_url":"https://codeload.github.com/EONRaider/Arp-Spoofer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247773726,"owners_count":20993639,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arp-poisoning","arp-spoofing","ethical-hacking","network-programming","penetration-testing"],"created_at":"2024-11-14T13:15:08.472Z","updated_at":"2025-04-08T04:18:45.180Z","avatar_url":"https://github.com/EONRaider.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Python 3 ARP Spoofing Tool\n\n![Python Version](https://img.shields.io/badge/python-3.x-blue?style=for-the-badge\u0026logo=python)\n![OS](https://img.shields.io/badge/OS-GNU%2FLinux-red?style=for-the-badge\u0026logo=linux)\n[![CodeFactor Grade](https://img.shields.io/codefactor/grade/github/EONRaider/Arp-Spoofer?label=CodeFactor\u0026logo=codefactor\u0026style=for-the-badge)](https://www.codefactor.io/repository/github/eonraider/arp-spoofer)\n[![License](https://img.shields.io/github/license/EONRaider/Packet-Sniffer?style=for-the-badge)](https://github.com/EONRaider/Packet-Sniffer/blob/master/LICENSE)\n\n[![Reddit](https://img.shields.io/badge/Reddit-EONRaider-FF4500?style=flat-square\u0026logo=reddit)](https://www.reddit.com/user/eonraider)\n[![Discord](https://img.shields.io/badge/Discord-EONRaider-7289DA?style=flat-square\u0026logo=discord)](https://discord.gg/KVjWBptv)\n[![Twitter](https://img.shields.io/badge/Twitter-eon__raider-38A1F3?style=flat-square\u0026logo=twitter)](https://twitter.com/intent/follow?screen_name=eon_raider)\n\nA pure-Python ARP Cache Poisoning (a.k.a. \"ARP Spoofing\") tool that leverages\na low-level assembly of Ethernet II frames and ARP packets.\n\nThis application maintains no dependencies on third-party modules and can be \nrun by any Python 3.x interpreter.\n\n## Installation\n\nSimply clone this repository with `git clone` and execute the `arpspoof.py` file \nas described in the following **Usage** section.\n\n```\nuser@host:~/DIR$ git clone https://github.com/EONRaider/Arp-Spoofer.git\n```\n\n## Usage\n```\narpspoof.py [-h] [-i INTERFACE] [--attackermac MAC] [--gatemac MAC]\n [--targetmac MAC] [--gateip IP] [--interval TIME] [-d | -f]\n TARGET_IP\n\nExecute ARP Cache Poisoning attacks (a.k.a \"ARP Spoofing\") on local networks.\n\npositional arguments:\n TARGET_IP IP address currently assigned to the target.\n\noptional arguments:\n -h, --help show this help message and exit\n -i INTERFACE, --interface INTERFACE\n Interface on the attacker machine to send packets\n from.\n --attackermac MAC MAC address of the NIC from which the attacker machine\n will send the spoofed ARP packets.\n --gatemac MAC MAC address of the NIC associated to the gateway.\n --targetmac MAC MAC address of the NIC associated to the target.\n --gateip IP IP address currently assigned to the gateway.\n --interval TIME Time in between each transmission of spoofed ARP\n packets (defaults to 0.5 seconds).\n --disassociate Execute a disassociation attack in which a randomized\n MAC address is set for the attacker machine,\n effectively making the target host send packets to a\n non-existent gateway.\n -f, --ipforward Temporarily enable forwarding of IPv4 packets on the\n attacker system until the next reboot. Set this to\n intercept information between the target host and the\n gateway, performing a man-in-the-middle attack.\n Requires administrator privileges.\n```\n\n\n## Running the Application\n\n#### METHOD I: \"Too long, didn't read\"\n\u003ctable\u003e\n\u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd\u003eObjective\u003c/td\u003e\n \u003ctd\u003ePerform the attack with a single command and script-kid our way \n to victory\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eExecution\u003c/td\u003e\n \u003ctd\u003e\u003cb\u003esudo python3 arpspoof.py TARGET_IP -f\u003c/b\u003e\u003c/td\u003e\n \u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\n#\n\n#### METHOD II: Detailed Usage\n\n\u003ctable\u003e\n\u003cthead\u003e\n \u003ctr\u003e\n \u003cth colspan=\"2\"\u003eStep 1 of 2\u003c/th\u003e\n \u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd\u003eObjective\u003c/td\u003e\n \u003ctd\u003ePerform an \u003ca href=\"https://en.wikipedia.org/wiki/ARP_spoofing\" \n target=\"_blank\" rel=\"noopener noreferrer\"\u003eARP Cache Poisoning\u003c/a\u003e with \n \u003ca href=\"https://en.wikipedia.org/wiki/Man-in-the-middle_attack\" \n target=\"_blank\" rel=\"noopener noreferrer\"\u003eMan-in-the-middle (MITM)\n \u003c/a\u003e attack against a target with IP address \u003cb\u003e10.0.1.6\u003c/b\u003e on our \n local network segment\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eExecution\u003c/td\u003e\n \u003ctd\u003e\u003cb\u003esudo python3 arpspoof.py 10.0.1.6 -f\u003c/b\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eOutcome\u003c/td\u003e\n \u003ctd\u003eAutomatic configuration and subsequent transmission of spoofed ARP \n packets until EOF signal (Ctrl-C). Refer to sample output below.\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eObservations\u003c/td\u003e\n \u003ctd\u003eNotice how the remaining settings are automatically obtained, \n including a setup for forwarding of IPv4 packets to enable a MITM \n attack (set by the -f switch)\u003c/td\u003e\n \u003c/tr\u003e \n \u003c/tbody\u003e\n\u003c/table\u003e\n\n- Sample Output\n\n```\nuser@host:~$ sudo python3 arpspoof.py 10.0.1.6 -f\n \n[\u003e\u003e\u003e] ARP Spoofing configuration:\n [+] IPv4 Forwarding .....................True\n [+] Interface .....................eth0\n [+] Attacker MAC ........08:92:27:dc:3a:71\n [+] Gateway IP .................10.0.1.1\n [+] Gateway MAC ........52:93:d0:92:c5:06\n [+] Target IP .................10.0.1.6\n [+] Target MAC ........91:8b:28:93:af:07\n\n[!] ARP packets ready. Execute the attack with these settings? (Y/N) y\n\n[+] ARP Spoofing attack initiated. Press Ctrl-C to abort.\n```\n\n\u003ctable\u003e\n\u003cthead\u003e\n \u003ctr\u003e\n \u003cth colspan=\"2\"\u003eStep 2 of 2\u003c/th\u003e\n \u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n \u003ctr\u003e\n \u003ctd\u003eObjective\u003c/td\u003e\n \u003ctd\u003eCheck the traffic generated by the attack and make sure it is actually working\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eExecution\u003c/td\u003e\n \u003ctd\u003eUse an inspection tool such as \u003ca href=\"https://github.com/EONRaider/Packet-Sniffer\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eNetwork Packet Sniffer\u003c/a\u003e\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eOutcome\u003c/td\u003e\n \u003ctd\u003eRefer to sample output below\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003eObservations\u003c/td\u003e\n \u003ctd\u003eCheck that packets #5 and #6 map the gateway and target IP addresses to the attacker MAC address (meaning that the attack was successful)\u003c/td\u003e\n \u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\n- Sample Output\n\n```\n[\u003e] Packet #1 at 14:10:12:\n [+] MAC ......08:92:27:dc:3a:71 -\u003e ff:ff:ff:ff:ff:ff\n [+] ARP Who has 10.0.1.6 ? -\u003e Tell 10.0.1.5\n[\u003e] Packet #2 at 14:10:12:\n [+] MAC ......91:8b:28:93:af:07 -\u003e 08:92:27:dc:3a:71\n [+] ARP ...............10.0.1.6 -\u003e Is at 91:8b:28:93:af:07\n[\u003e] Packet #3 at 14:10:12:\n [+] MAC ......08:92:27:dc:3a:71 -\u003e 91:8b:28:93:af:07\n [+] IPv4 ..............10.0.1.5 -\u003e 10.0.1.6 | PROTO: UDP TTL: 64\n [+] UDP ..................52949 -\u003e 54663\n[\u003e] Packet #4 at 14:10:12:\n [+] MAC ......91:8b:28:93:af:07 -\u003e 08:92:27:dc:3a:71\n [+] IPv4 ..............10.0.1.6 -\u003e 10.0.1.5 | PROTO: ICMP TTL: 64\n [+] ICMP ..............10.0.1.6 -\u003e 10.0.1.5 | Type: OTHER\n[\u003e] Packet #5 at 14:10:18:\n [+] MAC ......08:92:27:dc:3a:71 -\u003e 52:54:00:12:35:00\n [+] ARP ...............10.0.1.6 -\u003e Is at 08:92:27:dc:3a:71\n[\u003e] Packet #6 at 14:10:18:\n [+] MAC ......08:92:27:dc:3a:71 -\u003e 91:8b:28:93:af:07\n [+] ARP ...............10.0.1.1 -\u003e Is at 08:92:27:dc:3a:71\n```\n\n*And that's it! The attack will persist until otherwise aborted.*\n\n#\n\n### But how is this possible?\n\nThe simplest command for this tool consists of\n`sudo python3 arpspoof.py TARGET_IP`\n\nThen where do the remaining settings such as Target MAC, Gateway IP and\nAttacker MAC come from? How is IPv4 forwarding enabled?\n\nA brief explanation can be found in the docstring of the `ARPSetupProxy`\nclass in the\n[packets.py](https://github.com/EONRaider/Arp-Spoofer/blob/master/packets.py)\nfile:\n\n\u003e Performs a best-effort attempt to query the system and network for\ninformation necessary to build the ARP attack packets. **It allows the\nuser to initiate an attack by simply supplying the target's IP\naddress**. *All other required settings are looked up from the\nattacker system's ARP and routing tables and by probing ephemeral\nports on the target host.*\n\nThis tool prioritizes the automated gathering of all information\nrequired to initiate the attack, releasing the Penetration Tester from\ngoing through all the manual processes required by similar tools.\n\nWith that in mind we have that **the following operations are the ones \nexecuted by the application to obtain each setting:**\n- `IPv4 Forwarding`: Execute an overwriting of the value 0 to 1 in the\n file `/proc/sys/net/ipv4/ip_forward`.\n- `Interface`: Parse the attacker's routing table and look for\ninterfaces mapping valid routes to the gateway.\n- `Attacker MAC`: Bind to interface and query its name from `socket`\n- `Gateway IP`: Parse the attacker's routing table and find the route\nwith `0x0003` flag set.\n- `Gateway MAC`: Parse the attacker's ARP table looking for devices\nwith `Gateway IP`.\n- `Target MAC`: Send a UDP datagram with an empty byte string to a\nrandom ephemeral port on the target system (effectively making the\nattacker system execute an ARP request followed by an ICMP probe\nto the broadcast address) and then reading the newly written\ninformation from the ARP table.\n\n## Legal Disclaimer\n\nThe use of code contained in this repository, either in part or in its totality,\nfor engaging targets without prior mutual consent is illegal. **It is\nthe end-user's responsibility to obey all applicable local, state\nand federal laws.**\n\nDevelopers assume **no liability** and are not\nresponsible for misuses or damages caused by any code contained\nin this repository in any event that, accidentally or otherwise, it comes to\nbe utilized by a threat agent or unauthorized entity as a means to compromise\nthe security, privacy, confidentiality, integrity and/or availability of\nsystems and their associated resources by leveraging the exploitation of known\nor unknown vulnerabilities present in said systems, including, but not limited\nto, the implementation of security controls, human- or electronically-enabled.\n\nThe use of this code is **only** endorsed by the developers in those\ncircumstances directly related to **educational environments** or\n**authorized penetration testing engagements** whose declared purpose is that\nof finding and mitigating vulnerabilities in systems, limiting their exposure\nto compromises and exploits employed by malicious agents as defined in their\nrespective threat models.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feonraider%2Farp-spoofer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feonraider%2Farp-spoofer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feonraider%2Farp-spoofer/lists"}