ARPTool is my project for UAM's Communication Networks II course. It has two main programs, both written in Python 3.6+.
ARPTool works on Linux and macOS. It uses several third party libraries, which can be installed running pip:
pip install -r requirements.txtIt provides a nice CLI to see the devices on the LAN and perform ARP spoofing attacks on them.
sudo python attacker.py
To ARP spoof a device just select it using the arrows and press Enter or Space. An asterisk indicates whether a device is being spoofed or not. IP Forwarding can be enabled or disabled pressing Tab. Spoofed devices won't have Internet access unless IP Forwarding is enabled. To quit, press q or Control+C. Click here for a more detailed explanation.
This program will notify the user if an ARP spoofing attack is detected. To quit, just press Control+C. For a more thorough description click here.
It works detecting duplicates on the ARP cache (using ip neigh or arp -a). It's not the most effective detector because the victim might not have the attacker's MAC address on their ARP cache. It does not require root permission
python detector.py --passiveEvery ARP is-at message received will be analyzed. For instance if "192.168.1.1 is at 00:11:22:33:44:55" is received, a "Who has 192.168.1.1?" message will be sent to the broadcast address. If we get a different MAC address than 00:11:22:33:44:55 an ARP spoofing attack is probably happening.
sudo python detector.py --activeBy default, the detector won't show the same notification twice in less than 10 seconds, to avoid a notification flood. That threshold can be modified using the delay flag. Some examples are shown below.
python detector --passive --delay 60sudo python detector --active --delay 30