Ownlan
Ownlan aims to be a simple, concise and useful pentesting LAN poisoning suite, Written in Ruby
and using PacketFU
for reading and sending the packets off the wire. I decided to make this suite of tools mainly due do to the lack of existing tools on Linux, on top of helping me understanding the whole process behind the scene. OwnLan got uniques features, with some exclusives and excitings attacks probably never ever used on a (pentesting) network.
Installation
Add this line to your application's Gemfile:
gem 'ownlan'
And then execute:
$ bundle
Or install it yourself as:
$ gem install ownaln
And require it in your application:
irb(main):001:0> require 'ownlan'
=> true
Usage
:warning: Important Note :warning:: Ownlan does only work on Linux based computers until I find a way for the gem to parse automatically the current mac address of the given interface in a Cross-Platform way. I might write a gem for this.
Video Tutorial
Configuration
You can pass multiple variables that will be used in the gem.
Ownlan.configure do |config|
config.attack = 'ntoa'
config.victim_ip = '192.168.0.1'
config.delay = 1.5
config.random_mac = true
config.interface = 'eth0'
end
You can also pass any of those options inline when loading an instance of Ownlan.
ownlan = Ownlan.new(attack: 'ntoa', victim_ip: '192.168.0.1', delay: 1.5, random_mac: true)
Launch Ownlan
In your Ruby code
Once configured, you can run your instance of Ownlan with:
ownlan.call
You are free to implement whatever way of your choice to handle concurrency: you can put this previous line in a thread
for instance.
Using the Command Line Interface
ownlan --attack client --target-ip 192.168.0.1 --interface eth0 --delay 0
Please look at the cli section for more advanced options.
Features
OwnLan has three features:
- Disconnect one or several users off the wire
- Protecting users from those kind of attacks
- Sending custom ARP + DHCP packets easily
Disconnecting users off the wire
The biggest part of OwnLan. It disconnects clients thanks to severals techniques:
Client side ARP Cache Poisoning (first duplex). The most used and common attack nowadays, the main purpose is to make a MITM attack, but alone (= without IP forwarding), it will disconnect the client. Used by
TuxCut
andArpspoof
. If no MAC Adress is given, yours will be given.Gateway side ARP Cache Poisoning (second duplex). A less known attack and powerful one, used by
NetCut
, the principle is to give the gateway a fake correspondancy of the victim MAC Adress to make the later one unreachable. If no MAC Adress is given, yours will be given.Neighbour Table Overflow attack. * The Neighbour Table Overflow attack will generate identifications packets to the specified target to completely isolate him from the network. The NTOA attack can be used to stress test client (gateway, computers) to see if they can undure heavy charges.
Protecting clients
- Resynchronize . This feature will instanciate a full duplex ARP attack to resynchronize the client to the Gateway. Very useful against active attacks.
Command Line Interface
You can also use the provided executable. Simple launch it in accordance to the following scheme:
ownlan --[] [sub-] --[other-option]
Where [options] are either:
-a, --attack=<s> Set an attack on a device on the network * Required: [sub-options] -p, --protect=<s> Protect a device from lan attacks * Required: [sub-options] -b, --broadcast=<s> Broadcast raw ARP packets to the wire. * Required Options : victim_ip, victim_mac, source_ip, source_mac
where [sub-options] are either:
client Set a First-Duplex disconnection attack (the client is targeted). If no source mac argument, yours will be given (useful for MITM Attacks). * Required options: victim_ip * Falcultative options: random_mac , source_mac gateway Set a Second-Duplex disconnection attack (the gateway is targeted). If no source mac argument, yours will be given (useful for MITM Attacks). * Required options: victim_ip * Falcultative options: random_mac , source_mac ntoa The client is targeted to get disconnected, using a neighbour table overflow attack. Requires a victim ip. * Required options: victim_ip * Falcultative options: random_mac resynchronize Operate a dual duplex attack on a victim to disconnect the attacker and heal the victim. Warning: If you are the victim, you will have to fill the optional options. * Required options: victim_ip * Optional options: victim_mac , gateway_mac
Where [Other Options] can be:
-d, --delay=<f> Set the time lapse delay between each packet (default: 0.5) -i, --interface=<s> Set the network interface which will be used (default: wlan0) -r, --random-source-mac If setted, the used origin addresses will be randomly generated. -t, --victim-ip=<s> Set the ip address of the target. -v, --victim-mac=<s> Set the mac address of the target -g, --gateway-ip=<s> Set the ip adress of the gateway -e, --gateway-mac=<s> Set the mac adress of the gateway. (for Protect only) -s, --source-mac=<s> Set the mac of the source mac address. -o, --source-ip=<s> Set the ip address of the originating packet. -n, --version Print version and exit -h, --help Show this message
Security
As a basic form of security KrakenClient provides a set of SHA512 checksums for
every Gem release. These checksums can be found in the checksum/
directory.
Although these checksums do not prevent malicious users from tampering with a
built Gem they can be used for basic integrity verification purposes.
The checksum of a file can be checked using the sha512sum
command. For
example:
$ sha512sum pkg/kraken_client-0.0.1.gem
d12d7d9c2a4fdfe075cbb7a141fa5f2195175891e4098c7e1a28c8bca655ab44fb9d67b6a2e3991d0f852026c5e4537fdf7e314575c68d1c80b3a4b1eb1c041f pkg/kraken_client-0.0.1.gem
Versioning
Ownlan follows Semantic Versioning 2.0.
Contributing
- Fork it ( https://github.com/shideneyu/ownlan/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request
Contact
Any question ? Feel free to contact me at contact(at)sidney.email
.
Any issue ? Open a ticket !
License
Copyright (c) 2016 Sidney Sissaoui
Released under the MIT license. See LICENSE.md for more details.