hatriot / zarp Goto Github PK

Network Attack Tool

License: Other

Shell 0.01% Python 99.99%

zarp's Introduction

Introduction

Zarp is a network attack tool centered around the exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once, dumping sensitive information automatically or to the attacker directly. Various sniffers are included to automatically parse usernames and passwords from various protocols, as well as view HTTP traffic and more. DoS attacks are included to knock out various systems and applications. These tools open up the possibility for very complex attack scenarios on live networks quickly, cleanly, and quietly.

The long-term goal of zarp is to become the master command center of a network; to provide a modular, well-defined framework that provides a powerful overview and in-depth analysis of an entire network. This will come to light with the future inclusion of a web application front-end, which acts as the television screen, whereas the CLI interface will be the remote. This will provide network topology reports, host relationships, and more. zarp aims to be your window into the potential exploitability of a network and its hosts, not an exploitation platform itself; it is the manipulation of relationships and trust felt within local intranets. Look for zeb, the web-app frontend to zarp, sometime in the future.

Current version: 1.5 Current dev version: 1.6

Installation

zarp is intended to be as dependency-free as possible. When available, zarp has opted to use pure or native Python implementations over requiring or importing huge libraries. Even as such, zarp requires the following to run:

Linux
Python 2.7.x
Scapy (packaged with zarp)

It is also recommended that user's have the following installed for access to specific modules:

airmon-ng suite (for all your wireless cracking needs)
tcpdump
libmproxy (packaged with zarp)
paramiko (SSH service)
nfqueue-bindings (packet modifier)

The recommended installation process is to run:

git clone git://github.com/hatRiot/zarp.git

pip install -r requirements.txt

You can then run:

sudo python zarp.py --update

to update zarp. The update flag will not work if you download the tarball from the Git page.

Scapy comes packaged with Zarp and no installation is required. Wifite is used for wireless AP cracking; a specific version (ballast-dev branch) is required. This comes packaged with zarp. There are some dependencies required for Scapy, but most should be pretty easy to install or already be installed.

Tool Overview

Broad categories are (see wiki for more information on these):

Poisoners
Denial of Service
Sniffers
Scanners
Services
Parameter
Attacks

CLI Usage and Shortcuts

> help

  zarp options:
    help            - This menu
    opts            - Dump zarp current settings
    exit            - Exit immediately
    bg          - Put zarp to background
    set [key] [value]   - Set key to value

  zarp module options:
    [int] [value]       - Set option [int] to value [value]
    [int] o         - View options for setting
    run (r)         - Run the selected module
    info            - Display module information

Modules can be navigated to by nesting entries:

bryan@debdev:~/tools/zarp$ sudo ./zarp.py 
[!] Loaded 34 modules.
     ____   __   ____  ____
    (__  ) / _\ (  _ \(  _ '
     / _/ /    \ )   / ) __/
    (____)\_/\_/(__\_)(__)  [Version: 0.1.5]

    [1] Poisoners       [5] Parameter
    [2] DoS Attacks     [6] Services 
    [3] Sniffers        [7] Attacks  
    [4] Scanners        [8] Sessions 

0) Back
> 6 2
    +-----+----------------+----------------------------+------+----------+-
    |     | Option         | Value                      | Type | Required | 
    +-----+----------------+----------------------------+------+----------+-
    | [1] | Displayed MOTD | b4ll4stS3c FTP Server v1.4 | str  | False    | 
    +-----+----------------+----------------------------+------+----------+-
    | [2] | Listen port    | 21                         | int  | False    | 
    +-----+----------------+----------------------------+------+----------+-
0) Back
FTP Server >

Nested entries go as far as modules will. Note that right now it's 'dumb' in that, if you enter in a ton of numbers, it's going to continue dumping that out as module selection!

Usage Examples

List of modules accessible from the command line:

bryan@debdev:~/tools/zarp$ sudo ./zarp.py --help
[!] Loaded 34 modules.
     ____   __   ____  ____
    (__  ) / _\ (  _ \(  _ '
     / _/ /    \ )   / ) __/
    (____)\_/\_/(__\_)(__)  [Version: 0.1.5]

usage: zarp.py [-h] [-q FILTER] [--update] [--wap] [--ftp] [--http] [--smb]
               [--ssh] [--telnet] [-w] [-s] [--service-scan]

optional arguments:
  -h, --help      show this help message and exit
  -q FILTER       Generic network sniff
  --update        Update Zarp

Services:
  --wap           Wireless access point
  --ftp           FTP server
  --http          HTTP Server
  --smb           SMB Service
  --ssh           SSH Server
  --telnet        Telnet server

Scanners:
  -w              Wireless AP Scan
  -s              Network scanner
  --service-scan  Service scanner
bryan@debdev:~/tools/zarp$

Main menu when launched with the command line GUI:

bryan@devbox:~/zarp$ sudo ./zarp.py
[!] Loaded 33 modules.
     ____   __   ____  ____
    (__  ) / _\ (  _ \(  _ '
     / _/ /    \ )   / ) __/
    (____)\_/\_/(__\_)(__)
        [Version 0.1.4]         
    [1] Poisoners       [5] Parameter
    [2] DoS Attacks     [6] Services 
    [3] Sniffers        [7] Attacks  
    [4] Scanners        [8] Sessions 

0) Back
>

Navigating a module is pretty simple, and there are really only a few commands to know. When in the context of a module, the command 'info' can be used to dump a help or informational string:

ARP Spoof > info
--------------------------------------------------------- 
The heart and soul of zarp.  This module exploits the ARP
protocol to redirect all traffic through the attacker's 
chosen system. 

http://en.wikipedia.org/wiki/ARP_poison
---------------------------------------------------------
    +-----+------------------------------------+-------+------+----------+-
    |     | Option                             | Value | Type | Required | 
    +-----+------------------------------------+-------+------+----------+-
    | [1] | Interval to send respoofed packets | 2     | int  | False    | 
    +-----+------------------------------------+-------+------+----------+-
    | [2] | Address to spoof from target       | None  | ip   | True     | 
    +-----+------------------------------------+-------+------+----------+-
    | [3] | Target to poison                   | None  | ip   | True     | 
    +-----+------------------------------------+-------+------+----------+-
0) Back
ARP Spoof >

To set an option, give it the option number followed by the value:

ARP Spoof > 2 192.168.1.219

If an option supports a choice list, give it the option number followed by the lowercase letter o:

HTTP Sniffer > 2 o
[!] Options: ['Site Only', 'Request String', 'Request and Payload', 'Session IDs', 'Custom Regex']
    +-----+-----------------------------+--------------+-------+----------+-
    |     | Option                      | Value        | Type  | Required | 
    +-----+-----------------------------+--------------+-------+----------+-
    | [1] | Regex for level 5 verbosity | None         | regex | False    | 
    +-----+-----------------------------+--------------+-------+----------+-
    | [2] | Output verbosity            | 1            | int   | False    | 
    +-----+-----------------------------+--------------+-------+----------+-
    | [3] | Address to sniff from       | 192.168.1.97 | ip    | False    | 
    +-----+-----------------------------+--------------+-------+----------+-
0) Back
HTTP Sniffer >

Modules, once all required options are set, can be run by specifying a lowercase '''r'''.

Future/Current Development

Moved to freedcamp; please send me an email if you'd like to contribute.

zarp's People

Contributors

Stargazers

Watchers

Forkers

infodox 0xo0o0 babarnazmi loveshell cherry-wb overflowingint xewn sixtynine oriumpor wyyqyl winpa01 zyan03 kernelbitch mushinnomushin zeroisstart brygit nullmode jiangzhw ethical-falc0n quietllin pratiklodha95 stanleyweatherfield kiaans bitland rolinston mcreddy91 wushenwu goslingl winter91 tempbottle 0x0mar cheyl antsfee gitsocket ivansalomon franklinrony ksksks2222 584251395 danstol molotof 0xr0ot toutiao linkp2p yacoding yagami0939 atlantech o1oo1o1o ridter drptbl raum01 zaratros shalekesan securityigi r00tb0x ksmaheshkumar morris254 michalkoczwara chiller89 hamdi-charef alexanderpi sidtechnical kozodomo fritexvz stodar cybercracke mataram jay5791900 candito pachucx ompster merkazox raden fatihgol vrkansagara nomad-vino wuhaa11 bvpatel wutthinun miauwuffmiau theethical sh4ttel2 jlthames2 reality9 zigitax coldcain switchkiller mcdiamondz cybernetics eyedeekay ghaspaer sobhydo nntoan skylarker lucabongiorni yusuf-khabbush jmmacias77 felipeg48 estomagado signedbytes djgrasss

zarp's Issues

Zarp wont start

Hi!
i have installed all dependencies but zarp wont work, this is the error:

root@bt:~/zarp# python zarp.py --update
Traceback (most recent call last):
File "zarp.py", line 11, in
import stream
File "/root/zarp/src/core/stream.py", line 4, in
from collections import OrderedDict
ImportError: cannot import name OrderedDict

Thanks in advance

README.md ineffectual command

README.md states the git clone command is:
git clone git://github.com/hatRiot/zarp.git
When it should be:
git clone https://github.com/hatRiot/zarp.git

Simple typo error

work not well on windows

as the titile~

zarp can not run

Traceback (most recent call last):
File "./zarp.py", line 229, in
main()
File "./zarp.py", line 88, in main
loader.load()
File "./zarp.py", line 71, in load
'src.modules.attacks.%s' % module, 'attacks'), module)
File "/usr/lib/python2.7/importlib/init.py", line 37, in import_module
import(name)
File "/home/x4ng/下载/zarp-master/src/modules/attacks/beef_hook.py", line 2, in
from libmproxy import controller, proxy, platform
File "/home/x4ng/下载/zarp-master/src/lib/libmproxy/proxy.py", line 19, in
from netlib import odict, tcp, http, wsgi, certutils, http_status, http_auth
ImportError: No module named netlib

where netlib is?

Can't install on Mac OS9 running on a G4 powerbook

Please call to discuss fixes 1-900-bwall-unf

OSX pcapy to dnet

I'd originally had a problem with pcapy not being installed but after doing a pip install, I somehow got it to work but now it's having a problem with the dnet module not existing.

Any help is appreciated.

OSX!!!!!

AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHh

can't poison entire subnet

Currently Zarp lacks the ability (as far as I can tell) to poison an entire subnet/network.Which would be a extremely useful feature.

zarp.py and modules not working

python zarp.py
Traceback (most recent call last):
File "/home/blanco/zarp/zarp.py", line 14, in
import config
File "/home/blanco/zarp/src/core/config.py", line 106
except Exception, e:
^^^^^^^^^^^^
SyntaxError: multiple exception types must be parenthesized

create a tag for the release

Please start creating release tags for source code so it would be possible to download the tarball.

flask

can't find flask version?

could not find a version that satisfies the requirement Flask==0.10.1 (from -r requirements.txt (line 1)) (from versions: )
No matching distribution found for Flask==0.10.1 (from -r requirements.txt (line 1))

zarp

"there needs to be a ******* version update to zarp" -bwall

Error with the module DHCP SPOOF

Hi to all,
I like this tool and I want report this bug.
If I active the module dhcp spoof, and on my virtual machine windows i put these commands:
ipconfig /release
ipconfig /renew

On the zarp console I have this error:

0) Back
> Exception in thread Thread-5:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 552, in __bootstrap_inner
    self.run()
  File "/usr/lib/python2.7/threading.py", line 505, in run
    self.__target(*self.__args, **self.__kwargs)
  File "/root/zarp/src/modules/poison/dhcp.py", line 50, in netsniff
    stopper=self.test_stop, stopperTimeout=3)
  File "/root/zarp/src/lib/scapy/sendrecv.py", line 594, in sniff
    r = prn(p)
  File "/root/zarp/src/modules/poison/dhcp.py", line 142, in pkt_handler
    log_msg('Sent DHCP offer for \'%s\' to \'%s\''
NameError: global name 'log_msg' is not defined

I want also report that if I fix the problem about the function 'log_msg' I encurred into this error:

Handed '192.168.40.130' out to '00:0c:29:8a:d1:cb'
Exception in thread Thread-1:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 552, in __bootstrap_inner
    self.run()
  File "/usr/lib/python2.7/threading.py", line 505, in run
    self.__target(*self.__args, **self.__kwargs)
  File "/root/zarp/src/modules/poison/dhcp.py", line 50, in netsniff
    stopper=self.test_stop, stopperTimeout=3)
  File "/root/zarp/src/lib/scapy/sendrecv.py", line 594, in sniff
    r = prn(p)
  File "/root/zarp/src/modules/poison/dhcp.py", line 106, in pkt_handler
    tmp = ARPSpoof()
NameError: global name 'ARPSpoof' is not defined

Replace Deprecated Commands module with Subprocess

According to the official Python documentation, commands (https://docs.python.org/2/library/commands.html) has been deprecated since Python 2.6 and is not included in Python 3.x. Therefore, I think it may be helpful to replace commands with the newer functionality.

I will make a pull request with the changes if this is something that you find okay, hatRiot.

Host appears to still be up

When I try to preform a LAND DoS I get a Error that says hosts appears to still be up. Can someone please help me with this. Thanks in advance! :)

Error when running "sudo ./zarp.py"

the output shows as below:
[-] Module src.modules.services.ssh failed to load! (No module named paramiko)
[-] Module src.modules.attacks.beef_hook failed to load! (No module named netlib)
[-] Module src.modules.attacks.replacer failed to load! (No module named netlib)
[-] Module src.modules.attacks.pemod failed to load! (No module named netlib)
[!] Loaded 32 modules.

How can I fix these module-lack problem?
Thx.

Crash on Password Sniffing Session view

When I attempt to view the password sniffer output, I get a traceback:

Traceback (most recent call last):
File "./zarp.py", line 267, in
main()
File "./zarp.py", line 228, in main
session_manager.menu()
File "/opt/zarp/src/core/session_manager.py", line 31, in menu
stream.view_session(module, number)
File "/opt/zarp/src/core/stream.py", line 259, in view_session
mod.view()
File "/opt/zarp/src/modules/sniffer/password_sniffer.py", line 128, in view
pptable(table)
File "/opt/zarp/src/core/config.py", line 131, in pptable
headers = rows[0]
IndexError: list index out of range

Full steps and commands I've documented here:
http://pastebin.com/3VfP83wk

OSX

OSX!!!!!!!!!!!!

Install on Mac OS X?

Hi,

It currently unable to install on OS X, as your said Scapy is package inside Zarp but I got this error while import config

ImportError: No module named pcapy

Can't install Zarp OS X 10.10

I'm using Homebrew Python 2.7

After execute this command

pip install -r requirements.txt

I got this

OpenSSL/crypto/crl.c:6:23: error: static declaration of 'X509_REVOKED_dup' follows non-static declaration
    static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
                          ^
    /usr/local/opt/openssl/include/openssl/x509.h:751:15: note: previous declaration is here
    X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev);
                  ^
    1 error generated.
    error: command 'clang' failed with exit status 1

    ----------------------------------------
Command "/usr/local/opt/python/bin/python2.7 -c "import setuptools, tokenize;__file__='/private/tmp/pip-build-mk9jH8/pyOpenSSL/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-WMIzPp-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /private/tmp/pip-build-mk9jH8/pyOpenSSL

How to work with zarp?

Hello!
How to work with zarp? I read https://defense.ballastsecurity.net/wiki/index.php/Zarp
but I dont understand, how, for example, sniff traffic or smth else :D
For example, I start
3 sniffers
3 traffic sniffers
2 192.168.1.7 (some targeted ip in local network i want to sniff (it was android phone))
run
okay, it's running.. and what? :D how can I get results?
ok, I find I can set
3 start session loggers,
so it should log to some file..
but zarp just creates empty file and thats all :(

also I have a lot python (2.7.5) exceptions during work.
For example:
2 dos attacks
1 DHCP Starvation
run
and..:

Exception in thread Thread-26:
Traceback (most recent call last):
File "/usr/lib64/python2.7/threading.py", line 808, in __bootstrap_inner
self.run()
File "/usr/lib64/python2.7/threading.py", line 761, in run
self.__target(_self.__args, *_self.__kwargs)
File "/home/frodox/workspace/github/zarp/src/modules/dos/dhcp_starvation.py", line 48, in starve
sleep(self.config['interval'].value)
NameError: global name 'sleep' is not defined

zarp won't run

when ever I try and run zarp i get the following traceback:

Traceback (most recent call last):
File "./zarp.py", line 229, in
main()
File "./zarp.py", line 88, in main
loader.load()
File "./zarp.py", line 71, in load
'src.modules.attacks.%s' % module, 'attacks'), module)
File "/usr/lib/python2.7/importlib/init.py", line 37, in import_module
import(name)
File "zarp/src/modules/attacks/beef_hook.py", line 85, in
class Hooker(controller.Master):
NameError: name 'controller' is not defined

I am at the most up-to-date version of zarp from git

zarp.py not found

title said enough

MAC OSX 10.11.6

MAC OSX

sudo python2 ./zarp.py
[-] Module src.modules.attacks.beef_hook failed to load! (No module named netlib)
[-] Module src.modules.attacks.pemod failed to load! (No module named netlib)
[-] Module src.modules.attacks.replacer failed to load! (No module named netlib)
[!] Loaded 33 modules.
____ __ ____ ____
(__ ) / \ ( _ ( _ '
/ / / \ ) / ) __/
()//(_)() [Version: 0.1.8]

[1] Poisoners       [5] Parameter
[2] DoS Attacks     [6] Services 
[3] Sniffers        [7] Attacks  
[4] Scanners        [8] Sessions

zarp broken by pyOpenSSL and netlib

Hi, users are unable to run zarp due to dependency conflict with pyOpenSSL package.
As shown in the following full dependency graph of zarp, zarp requires pyOpenSSL==0.13.1，while netlib==0.11.1 requires pyOpenSSL>=0.14.

According to pip’s “first found wins” installation strategy, pyOpenSSL==0.13.1 is the actually installed version.
However, pyOpenSSL==0.13.1 does not satisfy pyOpenSSL>=0.14.

Dependency tree

zarp-0.1.8
| +-flask(version range:==0.10.1)
| | +-itsdangerous(version range:>=0.21)
| | +-jinja2(version range:>=2.4)
| | | +-markupsafe(version range:>=0.23)
| | +-werkzeug(version range:>=0.7)
| +-netlib(version range:==0.11.1)
| | +-passlib(version range:>=1.6.2)
| | +-pyasn1(version range:>=0.1.7)
| | +-pyopenssl(version range:>=0.14)
| +-paramiko(version range:==1.15.2)
| +-pyopenssl(version range:==0.13.1)

Thanks for your help.
Best,
Neolith

apt update Q