Strumenti network

Da Eidosystem.
Jump to navigation Jump to search

DA AGGIUNGERE L'INDEX


Strumenti per trovare DHCP Server:

Script Python:

Usage: ./rogue_dhcp_check.py <interface_name> [timeout in seconds] 

#!/usr/bin/env python3

# This script sends a DHCP discover on the specified interface
# then waits for the specified number of seconds (default: 5)
# for replies from DHCP servers and prints the results.

# Install dependencies:
#   sudo apt install python3-pip
#   sudo pip3 install scapy # do not use the one in Ubuntu apt (as of 18.04)

# scapy API: https://scapy.readthedocs.io/en/latest/api/scapy.layers.html

# TODO
#
# * What if a single DHCP server replies twice
#   or the rogue DHCP server is spoofing MAC addresses?
# * Support plain BOOTP servers
#

import os
import sys
from scapy.all import *

def die(err):
    print(err, file=sys.stderr)
    sys.exit(1)

def usage(file=sys.stdout):
    print("Usage:", sys.argv[0], "<interface_name> [timeout in seconds]", file=file)

if len(sys.argv) < 2 or len(sys.argv) > 3:
    usage(sys.stderr)
    sys.exit(1)

iface = sys.argv[1]
timeout = 5
if len(sys.argv) == 3:
    try:
        timeout = int(sys.argv[2])
    except:
        usage(sys.stderr)
        sys.exit(1)
        
    if timeout < 1:
        timeout = 5

if os.geteuid() != 0:
    die("You must be root to send DHCP packets")

conf.checkIPaddr = False

try:
    fam, hw = get_if_raw_hwaddr(iface)
except OSError as e:
    die(e)
    
dhcp_discover = Ether(dst="ff:ff:ff:ff:ff:ff") / IP(src="0.0.0.0", dst="255.255.255.255") / UDP(sport=68, dport=67) / BOOTP(chaddr=hw) / DHCP(options=[("message-type","discover"), "end"])

print("Sending DHCP Discover packet on interface", iface)
print("Waiting", timeout, "seconds for reply")

ans, unans = srp(dhcp_discover, multi=True, timeout=timeout)

dhcp_servers = {}
for snd, rcv in ans:

    # We only care about message-type == 2
    # a.k.a. DHCP Offers
    is_offer = False
    for opt in rcv.payload.payload.payload.payload.options:
        if opt[0] == 'message-type':
            if opt[1] == 2:
                is_offer = True
            
    if not is_offer:
        continue
    
    # rcv.fields: list fields
    # rcv.payload: the decoded payload
    
    if not rcv.src in dhcp_servers:
        dhcp_servers[rcv.src] = {'MAC': rcv.src, 'IP': rcv.payload.src, 'offer': rcv.payload.payload.payload.yiaddr, 'options': rcv.payload.payload.payload.payload.options}

print('')
print("Received", len(ans), "replies from", len(dhcp_servers), "different (based on MAC address) DHCP server(s)")
print('')
if len(dhcp_servers) > 1:
    print("WARNING: Looks like there might be more than one DHCP server on your network")
    print('')
    
for mac in dhcp_servers:
    server = dhcp_servers[mac]
    print("DHCP server", mac)
    print("  Server IP:", server['IP'])
    print("  Offer IP:", server['offer'])
    print("  Options:")
    for opt in server['options']:
        if opt[0] == 'message-type':
            print('    message-type:', DHCPTypes[opt[1]])
        else:
            print('    ' + str(opt[0])+':', opt[1])
    print('')
Estratto da "https://wiki.eidosystem.com/index.php?title=Strumenti_network&oldid=13"