-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathdetect_mac.py
97 lines (69 loc) · 2.3 KB
/
detect_mac.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#!/usr/bin/python
'''
Requirements:
python 2.7
pip install scapy
Give python high privileges (scapy requires root privileges):
sudo setcap cap_net_raw=eip /usr/bin/python2.7
This script will scan your network for unauzhorized connected devices
First you will need to create a a whitelist of trusted devices in a file named: macs.json in the same folder as this script
Example:
{"c4:41:0d:13:9c:4a": true, "a4:b3:1d:d2:11:f9": true}
If you do not create this file it will be automatically generated by this script and will allow you to interactively add discovered MAC's to the list
Trusted MAC Addresses will be added to the file with a True flag
Untrusted MAC Addresses will be added with a False flag (acts as a dismiss alert) you will not be alerted again about the unknown address but you can see it in the file listed as false.
'''
import string, sys, time
from scapy.all import *
conf.verb = 0
import json
import os
IP_RANGE = "10.0.0.1/24"
T_SLEEP = 10
def loadOrCreateMacs():
tmpMacs = {}
if not os.path.isfile("macs.json"):
file = open("macs.json","w")
file.write(json.dumps(tmpMacs))
file.close()
else:
file = open("macs.json","r")
tmpMacs = json.loads(file.read())
file.close()
return tmpMacs
def saveMacFile(pMacs):
file = open("macs.json", "w")
file.write(json.dumps(pMacs))
file.close()
def macExists(macAddr):
macs = loadOrCreateMacs()
return macAddr in macs
def addTrusted(macAddr):
macs = loadOrCreateMacs()
macs[macAddr] = True
saveMacFile(macs)
def addNotTrusted(macAddr):
macs = loadOrCreateMacs()
macs[macAddr] = False
saveMacFile(macs)
def arpping(host):
try:
ans,unans=srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=host),timeout=2)
for s,r in ans:
if not macExists(r.src):
print "Unknown MAC Address Detected: " + r.src + " IP Address: " + r.psrc
q = raw_input("Do you trust this MAC? (Y/n)")
if (q != "n"):
print("Adding Trusted MAC Address with True Flag " + r.src + " to " + os.getcwd() + "/macs.json")
addTrusted(r.src)
elif (q == "n"):
print("Dismiss Warning by Adding The UnTrusted MAC Address with False Flag " + r.src + " to " + os.getcwd() + "/macs.json")
addNotTrusted(r.src)
except Exception, e:
print e
def main():
while True:
arpping(IP_RANGE)
time.sleep(T_SLEEP)
if __name__ == '__main__':
main()