/shARP

An anti-ARP-spoofing application software that use active and passive scanning methods to detect and remove any ARP-spoofer from the network.

Primary LanguageShellGNU General Public License v3.0GPL-3.0

                 ||                               _______       _______          
                 ||                  /\          |        ?    |        ?     
                 ||                 /  \         |         ?   |         ?    
                 ||                /    \        |         ?   |         ?    
           //    ||-------        /      \       |________?    |________?     
          //     ||      ||      /--------\      |     \       |              
         //_____ ||      ||     /          \     |      \      |              
              // ||      ||    /            \    |       \     |             
             //  ||      ||   /              \   |        \    |             
            //   ||      ||  /                \  |         \   |             

Description-

ARP spoofing allows an attacker to intercept data frames on a network, modify the traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such as denial of service, man in the middle, or session hijacking attacks. This anti- ARP spoofing program, (shARP) detects the presence of a third party in a private network actively. It has 2 mode: defensive and offensive.

Previous Releases - shARP_1.0

Prerequisites -

-Linux distro
-Python 2.7.x
-Aircrack-ng
-espeak (optional)
-Network card that supports monitor mode and packet injection

You can check if your linux wireless driver supports these functionalities from this page

What's new ?

shARP_2.0 can perform active scan as well as passive scans in both defensive and offensive modes.

Defensive mode - Defensive mode protects the end user from the spoofer by disconnecting the user's system from the network. This mode also alerts the user by an audio message as soon as spoofing is detected.

Offensive mode - Offensive mode disconnects the user's system from the network and further kicks out the attacker by sending De-authentication packets to his system, this doesn't let him reconnect to the network until the program is manually reset.

Active Scan - Use when your system is left idle most of the time. Active scan is most efficient method to protect you system and the network from ARP-spoofing incidents.

Passive Scan - Use when your system is busy transferring data through the network. Passive scan is efficient in for constant data transfering devices as your device and the network would be secured from ARP-spoofing incidents without compromising the speed or the network bandwidth.

Help

bash ./shARP.sh -h

screenshot from 2017-05-14 21-24-35

Defensive mode with active scanning

bash ./shARP.sh -d -a wlan0

screenshot from 2017-05-14 21-25-30

Defensive mode with Passive scanning

bash ./shARP.sh -d -p wlan0

screenshot from 2017-05-14 21-26-24

Offensive mode with Active scan

bash ./shARP.sh -o -a wlan0

screenshot from 2017-05-14 21-27-53

screenshot from 2017-05-14 21-28-47

Offensive mode with Passive scan

bash ./shARP.sh -o -p wlan0

screenshot from 2017-05-14 21-29-45

screenshot from 2017-05-14 21-29-54

Reset Network Card

bash ./shARP.sh -r wlan0

Reset your network card only when used with active mode or when the network adaptor doesn't work properly. Else you can switch back on your network connection manually.

screenshot from 2017-05-14 21-25-53

Records-

The program creates a log file in the folder /usr/shARP/ containing the details of the attack such as the attackers mac address, mac vendor, time and date of the attack.

One can identify the NIC of the attacker's system with the help of the obtained mac address. The whole program is designed specially for linux and is written in bash and python. In the offensive mode the program downloads an open-source application from with the permission of the user namely aircrack-ng (if not present in the user's system already). Visit https://www.aircrack-ng.org for more info.

Edits-

If you wish to get an audio alert please download espeak or comment out those lines in the source code.

Note-

  1. I won't suggest using this software over wired connections, especially in offensive mode as it might cause network instability.
  2. Use the offensive mode only with the NICs that supports monitor mode.
  3. Offensive mode does DOS attack on the ARP-spoofer. Use Offensive mode only after making sure that you have appropriate right(s) over the network and the device(s) connected to it and make sure that doing so is legal in your Country/State.
  4. Offensive mode will not work if your wifi card/driver doesn't support packet injection.