python-arp 被动信息收集
概述
横向移动的时候由于局域网中可能存在未分配的IP,如果请求这些未分配的IP可能导致被发现(旁路检测设备),先可以做一下arp被动信息收集。当然对蜜罐类设备没用。
代码
from scapy.all import *
"""
arp信息被动收集
arp op=1 arp request information(brodcast)
arp op=2 arp reply information(unicast)
arp gratuitous op=1 sender IP address same as target IP and sender MAC address same as target MAC address
"""
# arp
arp_info = {}
# passive arp information collection
def arp_sniff():
return sniff(filter="arp",store=0,prn=arp_collect)
# arp information collect to dict like[IP:MAC]
def arp_collect(arp_pkg):
mac = arp_pkg[ARP].hwsrc
ip = arp_pkg[ARP].psrc
# 如果mac信息没存储在arp_info中就是新发现的mac
# 如果mac存在,分两种情况:新抓的包和原来IP不相等就是change,没有就什么都不用做
if arp_info.get(mac) == None:
arp_info[mac] = ip
print(mac,":",ip)
elif ip != arp_info[mac]:
arp_info[mac] = ip
print("change:")
print(mac,":",ip)
if __name__ == "__main__":
arp_sniff()
效果
