Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/josh0xA/Espionage
A Linux Packet Sniffing Suite for Automated MiTM Attacks
https://github.com/josh0xA/Espionage
arp-spoofing cybersecurity linux networking packet-capture packet-sniffer python3
Last synced: 21 days ago
JSON representation
A Linux Packet Sniffing Suite for Automated MiTM Attacks
- Host: GitHub
- URL: https://github.com/josh0xA/Espionage
- Owner: josh0xA
- License: mit
- Created: 2020-06-06T07:13:02.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-08-14T21:07:32.000Z (4 months ago)
- Last Synced: 2024-10-29T16:58:47.167Z (about 1 month ago)
- Topics: arp-spoofing, cybersecurity, linux, networking, packet-capture, packet-sniffer, python3
- Language: Python
- Homepage:
- Size: 989 KB
- Stars: 222
- Watchers: 11
- Forks: 47
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - josh0xA/Espionage - A Linux Packet Sniffing Suite for Automated MiTM Attacks (Python)
README
# Espionage - A Network Traffic Interceptor For Linux
## About Espionage
Espionage is a network packet sniffer that intercepts large amounts of data being passed through an interface. The tool allows users to to run normal and verbose traffic analysis that shows a live feed of traffic, revealing packet direction, protocols, flags, etc. Espionage can also spoof ARP so, all data sent by the target gets redirected through the attacker (MiTM). Espionage supports IPv4, TCP/UDP, ICMP, and HTTP. Espionage was written in Python 3.8 but it also supports version 3.6. This is the first version of the tool so please contact the developer if you want to help contribute and add more to Espionage. Note: This is not a Scapy wrapper, scapylib only assists with HTTP requests and ARP.## Installation
1: ```git clone https://www.github.com/josh0xA/Espionage.git```
2: ```cd Espionage```
3: ```sudo python3 -m pip install -r requirments.txt```
4: ```sudo python3 espionage.py --help```## Usage
1. ```sudo python3 espionage.py --normal --iface wlan0 -f capture_output.pcap```
Command 1 will execute a clean packet sniff and save the output to the pcap file provided. Replace ``wlan0`` with whatever your network interface is.
2. ```sudo python3 espionage.py --verbose --iface wlan0 -f capture_output.pcap```
Command 2 will execute a more detailed (verbose) packet sniff and save the output to the pcap file provided.
3. ```sudo python3 espionage.py --normal --iface wlan0```
Command 3 will still execute a clean packet sniff however, it will not save the data to a pcap file. Saving the sniff is recommended.
4. ```sudo python3 espionage.py --verbose --httpraw --iface wlan0```
Command 4 will execute a verbose packet sniff and will also show raw http/tcp packet data in bytes.
5. ```sudo python3 espionage.py --target --iface wlan0```
Command 5 will ARP spoof the target ip address and all data being sent will be routed back to the attackers machine (you/localhost).
6. ```sudo python3 espionage.py --iface wlan0 --onlyhttp```
Command 6 will only display sniffed packets on port 80 utilizing the HTTP protocol.
7. ```sudo python3 espionage.py --iface wlan0 --onlyhttpsecure```
Command 7 will only display sniffed packets on port 443 utilizing the HTTPS (secured) protocol.
8. ```sudo python3 espionage.py --iface wlan0 --urlonly```
Command 8 will only sniff and return sniffed urls visited by the victum. (works best with sslstrip).
* Press Ctrl+C in-order to stop the packet interception and write the output to file.## Menu
```
usage: espionage.py [-h] [--version] [-n] [-v] [-url] [-o] [-ohs] [-hr] [-f FILENAME] -i IFACE
[-t TARGET]optional arguments:
-h, --help show this help message and exit
--version returns the packet sniffers version.
-n, --normal executes a cleaner interception, less sophisticated.
-v, --verbose (recommended) executes a more in-depth packet interception/sniff.
-url, --urlonly only sniffs visited urls using http/https.
-o, --onlyhttp sniffs only tcp/http data, returns urls visited.
-ohs, --onlyhttpsecure
sniffs only https data, (port 443).
-hr, --httpraw displays raw packet data (byte order) recieved or sent on port 80.(Recommended) arguments for data output (.pcap):
-f FILENAME, --filename FILENAME
name of file to store the output (make extension '.pcap').(Required) arguments required for execution:
-i IFACE, --iface IFACE
specify network interface (ie. wlan0, eth0, wlan1, etc.)(ARP Spoofing) required arguments in-order to use the ARP Spoofing utility:
-t TARGET, --target TARGET
```
[![asciicast](https://asciinema.org/a/343152.svg)](https://asciinema.org/a/343152)## Writeup
A simple medium writeup can be found here:
[Click Here For The Official Medium Article](https://medium.com/@jshschiavone/intercepting-network-traffic-with-the-espionage-packet-sniffer-9af8aa86e45e?sk=deb56435cfc403131c426ac7ed7d9ff2)## Ethical Notice
The developer of this program, Josh Schiavone, written the following code for educational and ethical purposes only. The data sniffed/intercepted is not to be used for malicous intent. Josh Schiavone is not responsible or liable for misuse of this penetration testing tool. May God bless you all.### License
MIT License
Copyright (c) 2024 Josh Schiavone