Skip to content

Home

Jump to bottom Edit New page
hatRiot edited this page Nov 5, 2012 · 17 revisions

NOTE: This is still very much a work in progress, and not all functionality is yet implemented. I will update this readme with a link to the blogpost regarding this.

#[ZARP] Version 0.03A
Network Attack Tool
@ballastsec, @dronesec

#[INTRODUCTION] Zarp is a network attack tool centered around exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once, dumping sensitive information automatically or to the attacker directly. Various sniffers are included to automatically parse usernames and passwords from various protocols, as well as view HTTP traffic and more. DoS attacks are included to knock out various systems and applications. These tools open up the possibility for very complex attack scenarios on live networks quickly, cleanly, and quietly.

#[TOOL OVERVIEW] [POISONERS]
ARP, DNS, DHCP, NBNS

[DOS]
Teardrop, IPv6 NDP RA, Nestea, LAND, TCP SYN, SMB2

[SNIFFERS]
HTTP, Password and Username

[SCANNERS]
Network Scanner, Service Scanner, Access Point Scanner

[EMULATE SERVICES]
HTTP, SSH, FTP

[PARAMETER]
WEP Crack, WPA2 Crack, Router pwn

[CLI USAGE AND SHORTCUTS]
If you want to clear the screen, typing gibberish ('asdf') will wipe the screen and reprint the current menu.

Typing 'quit' will close out of the application, no matter where you are. Note that this is a 'hard quit', so any running sessions may not be closed gracefully.

Typing 'info [module]' will dump information and usage about the specified module.

#[USE EXAMPLES]

Command line options

bryan@devbox:~/zarp$ sudo ./zarp.py --help
Usage: zarp.py [options]

Options:
  -h, --help           show this help message and exit
  -q FILTER            Quick network sniff with filter
  --debug              Launch Zarp with error logging

  Scanners:
    -s SCAN            Quick network map
    --finger           Fingerprint scan packets
    -a                 Service scan
    -w                 Wireless AP scan
    --channel=CHANNEL  Set channel to scan on

  Spoofers:
    --nbns             NBNS Spoofing
    --ssh              SSH server
    --ftp              FTP server
    --http             HTTP server
bryan@devbox:~/zarp$

Main menu

bryan@devbox:~/zarp$ sudo ./zarp.py
            [ZARP]
        [Version 0.03A]
    [1] Poisoners    [2] DoS Attacks
    [3] Sniffers     [4] Scanners
    [5] Parameter    [6] Spoofer
    [7] Sessions

0) Back
>

ARP Poisoning Session

    [1] ARP Poison
    [2] DNS Poison
    [3] DHCP Poison

0) Back
> 1
[!] Using interface [eth2:08:00:27:2d:7a:6d]
[!] Enter host to poison:   192.168.1.88
[!] Enter address to spoof: 192.168.1.1
[!] Spoof IP 192.168.1.88 from victim 192.168.1.1.  Is this correct? y
[!] Initializing ARP poison..
    [1] ARP Poison
    [2] DNS Poison
    [3] DHCP Poison

0) Back
> 0
            [ZARP]
        [Version 0.02]
    [1] Poisoners    [2] DoS Attacks
    [3] Sniffers     [4] Scanners
    [5] Parameter    [6] Sessions

0) Back
> 6

    [Running sessions]
[!] ARP POISONS [arp]:
    [0] 192.168.1.88


    [1] Stop session
[2] View session
    [3] Start session logger
    [4] Stop session logger

0) Back
>

Add a custom footer
Add a custom sidebar
Clone this wiki locally