├── README.md
├── arp-scanner-forloop.sh
└── arp-scanner.sh


/README.md:
--------------------------------------------------------------------------------
 1 | # arp-scanner
 2 | 
 3 | NOTE: this doesn't work & I lost a bunch of code at some points. sorry, not sorry.
 4 | 
 5 | A simple bash script to scan common networks with ARP requests to steal a found internal IP address, if DHCP does not automatically assign one on startup.
 6 | 
 7 | Dependent on [arp-scan](https://github.com/royhills/arp-scan), which discovers IP:MAC:VENDOR for us.
 8 | This script could easily be modified to steal MAC addresses using [macchanger](https://github.com/alobbs/macchanger) if desired, which would be useful for bypassing MAC-based access control lists (ACLs).
 9 | 
10 | To-do:
11 | * Add arguments
12 | * Add capability for stealing IP or MAC... or both
13 | * Check for binary
14 | * Default help() function
15 | * Put into container with arp-scan
16 | 
17 | This isn't to be considered a "finished" product. I've been lazy with this & lost a bunch of code.
18 | 


--------------------------------------------------------------------------------
/arp-scanner-forloop.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # A simple bash script to scan common networks with ARP requests to steal a found internal IP address, if DHCP does not automatically assign one.
 3 | # Only works on wired connections - must be connected to network via Ethernet, even if no IP is assigned, not for wireless
 4 | # Startup script on Linux systems
 5 | 
 6 | # Sleep for 15 seconds before executing, this way DHCP client has time to try to do it's thang
 7 | sleep 15
 8 | 
 9 | # Variables - modify wired_int for your system's interface requiring an IP address
10 | wired_int="eth0"
11 | wired_ip="$(ifconfig $wired_int 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://')"
12 | verify_ip="^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$"
13 | 
14 | # Check if IP is assigned to variable interface
15 | if [[ $wired_ip =~ $verify_ip ]]; then
16 |         echo "Interface received IP address: $wired_ip, DHCP is probably working"
17 | else
18 |       	echo "Interface has no IP address, DHCP is probably not working"
19 | 
20 | 	# Create log file
21 |        	sudo touch slog.txt
22 | 
23 |         # Bandwidth decreased from default value to prevent ARP packet loss for optimal results, but slower
24 |        	bandwidth="100000"
25 |         fake_ip="192.168.50.5"
26 | 
27 |        	# Common network ranges, append output to slog.txt log file
28 | 	declare -a scan_networks=("192.168.0.0/24,192.168.1.0/24,192.168.2.0/24,192.168.10.0/24,172.16.0.0/24,172.16.1.0/24,172.16.2.0/24,172.16.10.0/24,10.0.0.0/24,10.0.1.0/24,10.0.2.0/24,10.0.10.0/24")
29 | 
30 | 	for ip in "${scan_networks[@]}"
31 | 	do
32 | 		sudo arp-scan --arpspa $fake_ip -g -B $bandwidth -I=$wired_int $ip |grep -P '^\d+(\.\d+){3}\s'|tee -a slog.txt
33 | 	done
34 | 
35 | 	# Set static IP to X.X.X.250. Uses last network found in log file because scanned results are appended to slog.txt
36 | 	sudo ifconfig $wired_int $(tail -1 slog.txt | cut -d"." -f1,2,3).250/24 up
37 | fi
38 | 


--------------------------------------------------------------------------------
/arp-scanner.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # A simple bash script to scan common networks with ARP requests to steal a found internal IP address, if DHCP does not automatically assign one.
 3 | # Only works on wired connections - must be connected to network via Ethernet, even if no IP is assigned, not for wireless
 4 | # Startup script on Linux systems
 5 | 
 6 | # Sleep for 30 seconds before executing, this way DHCP client has time to try to do it's thang
 7 | sleep 30
 8 | 
 9 | # Variables - modify wired_int for your system's interface requiring an IP address
10 | wired_int="eth0"
11 | wired_ip="$(ifconfig $wired_int 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://')"
12 | verify_ip="^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$"
13 | 
14 | # Check if IP is assigned to variable interface
15 | if [[ $wired_ip =~ $verify_ip ]]; then
16 |         echo "Interface received IP address: $wired_ip, DHCP is probably working"
17 | else
18 |       	echo "Interface has no IP address, DHCP is probably not working"
19 | 
20 | 	# Create log file
21 |        	sudo touch slog.txt
22 | 
23 |         # Bandwidth decreased from default value to prevent ARP packet loss for optimal results, but slower
24 |        	bandwidth="100000"
25 |         fake_ip="192.168.50.5"
26 |         
27 |        	# Common network ranges, append output to slog.txt log file
28 |        	sudo arp-scan --arpspa $fake_ip -g -B $bandwidth --interface=$wired_int 192.168.0.0/24 |grep -P '^\d+(\.\d+){3}\s'|tee -a slog.txt
29 |        	sudo arp-scan --arpspa $fake_ip -g -B $bandwidth --interface=$wired_int 192.168.1.0/24 |grep -P '^\d+(\.\d+){3}\s'|tee -a slog.txt
30 |        	sudo arp-scan --arpspa $fake_ip -g -B $bandwidth --interface=$wired_int 192.168.2.0/24 |grep -P '^\d+(\.\d+){3}\s'|tee -a slog.txt
31 |        	sudo arp-scan --arpspa $fake_ip -g -B $bandwidth --interface=$wired_int 192.168.10.0/24 |grep -P '^\d+(\.\d+){3}\s'|tee -a slog.txt
32 |         sudo arp-scan --arpspa $fake_ip -g -B $bandwidth --interface=$wired_int 172.16.0.0/24 |grep -P '^\d+(\.\d+){3}\s'|tee -a slog.txt
33 |        	sudo arp-scan --arpspa $fake_ip -g -B $bandwidth --interface=$wired_int 172.16.1.0/24 |grep -P '^\d+(\.\d+){3}\s'|tee -a slog.txt
34 |        	sudo arp-scan --arpspa $fake_ip -g -B $bandwidth --interface=$wired_int 172.16.2.0/24 |grep -P '^\d+(\.\d+){3}\s'|tee -a slog.txt
35 |        	sudo arp-scan --arpspa $fake_ip -g -B $bandwidth --interface=$wired_int 172.16.10.0/24 |grep -P '^\d+(\.\d+){3}\s'|tee -a slog.txt
36 |         sudo arp-scan --arpspa $fake_ip -g -B $bandwidth --interface=$wired_int 10.0.0.0/24 |grep -P '^\d+(\.\d+){3}\s'|tee -a slog.txt
37 |        	sudo arp-scan --arpspa $fake_ip -g -B $bandwidth --interface=$wired_int 10.0.1.0/24 |grep -P '^\d+(\.\d+){3}\s'|tee -a slog.txt
38 |        	sudo arp-scan --arpspa $fake_ip -g -B $bandwidth --interface=$wired_int 10.0.2.0/24 |grep -P '^\d+(\.\d+){3}\s'|tee -a slog.txt
39 |        	sudo arp-scan --arpspa $fake_ip -g -B $bandwidth --interface=$wired_int 10.0.10.0/24 |grep -P '^\d+(\.\d+){3}\s'|tee -a slog.txt
40 | 
41 | 	# Set static IP to X.X.X.250. Uses last network found in log file because scanned results are appended to slog.txt
42 | 	sudo ifconfig $wired_int $(tail -1 slog.txt | cut -d"." -f1,2,3).250/24 up
43 | fi
44 | 


--------------------------------------------------------------------------------