Class 2 Lab 4 ‐ Python ARP Scanner - Justin-Boyd/Ethical-Hacking-Class GitHub Wiki

Task 1: NPcap Installation

Step 1

  • Use SIP to install Python/PyCharm.

Step 2

  • Install NPcap.

Task 2: Identify the Network

Step 1

  • Enter PyCharm and create a new project and a new Python file

Step 2

  • Import the socket library and define a new function to detect details about the network. Note: Assign a relevant name to the function.
import socket
def get_details():

Step 3

  • In the function, create a variable for both the machine’s hostname and IP address.
host = socket.gethostname()
ip = socket.gethostbyname(host)

Step 4

  • Create a third variable to store the first three octets of the network. This network ID will be used later in the code. Note: The extracted string should include a dot as the last character.
net = ip[0:ip.rfind('.') + 1]

Task 3: Create the Scan Function

Step 1

  • Install Scapy from PyCharm. In PyCharm, click File in the menu bar and select Settings…

Step 2

  • Click the Plus icon on the right. Then type Scapy in the search bar. Once selected, click Install Package.

Step 3

  • Import the following libraries and their functions:
    • From the time library, add the sleep function.
    • From the scapy.layers.l2 library, add ARP and Ether functions.
    • From the scapy.all library, add * for everything.
from time import sleep
from scapy.layers.l2 import Ether, ARP
from scapy.all import *

Step 4

  • Create a new function that will handle the ARP scanning. It should receive a network ID and iterate over the full range of the fourth IP octet.
  • Note: The rest of the code in this task will be placed in a loop.
def arp_scanner(net):
 for port in range(255):

Step 5

  • In the loop, create a variable to represent a full IP address upon each iteration.
ip = net + str(port)

Step 6

  • Create a new variable to store an ARP packet. It should be broadcasted and aimed at one IP address at a time.
arp_request = Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip, hwdst="ff:ff:ff:ff:ff:ff")

Step 7

  • Use the previously created variable to send an ARP request to the network. Save the response to a new variable.
response = srp1(arp_request, timeout=1, verbose=0)

Step 8

  • Add a condition to check if a response was received. If so, print the IP and MAC address pair.
if response:
 print("IP: {}, MAC: {}".format(response.psrc, response.hwsrc))

Step 9

  • Use the sleep function to pause the script for 0.5 seconds upon each iteration.
time.sleep(0.5)

Task 4: Code Handling

Step 1

  • From the function created in Lab Task 2, call the function created in Lab Task 3 using the extracted network ID.
def get_details():
 host = socket.gethostname()
 ip = socket.gethostbyname(host)
 net = ip[0:ip.rfind('.') + 1]
 arp_scanner(net)

Step 2

  • Add a condition to run the function created in Lab Task 1 only if the file is directly executed.
if __name__ == '__main__':
 get_details()

Step 3

  • Run the script and observe the results

Final Code

import socket
from time import sleep
from scapy.layers.l2 import Ether, ARP
from scapy.all import *

def get_details():
    host = socket.gethostname()
    ip = socket.gethostbyname(host)
    net = ip[0:ip.rfind('.') + 1]
    arp_scanner(net)

def arp_scanner(net):
    for port in range(255):
        ip = net + str(port)
        arp_request = Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=ip, hwdst="ff:ff:ff:ff:ff:ff")
        response = srp1(arp_request, timeout=1, verbose=0)
        if response:
            print("IP: {}, MAC: {}".format(response.psrc, response.hwsrc))
        time.sleep(0.5)

if __name__ == '__main__':
    get_details()