added arpspoof package and CLI tool, several improvements and refactorings

Author: shadowy-pycoder

arpspoof/arpspoof.go

@@ -0,0 +1,89 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"net/netip"
+	"os"
+	"os/signal"
+	"regexp"
+	"time"
+
+	"github.com/rs/zerolog"
+	"github.com/shadowy-pycoder/colors"
+	"github.com/shadowy-pycoder/mshark/arpspoof"
+	"github.com/shadowy-pycoder/mshark/network"
+)
+
+var (
+	app           = "marpspoof"
+	ipPortPattern = regexp.MustCompile(
+		`\b(?:\d{1,3}\.){3}\d{1,3}(?::(6553[0-5]|655[0-2]\d|65[0-4]\d{2}|6[0-4]\d{3}|[1-5]?\d{1,4}))?\b`,
+	)
+)
+
+func root(args []string) error {
+	conf := &arpspoof.ARPSpoofConfig{}
+	flags := flag.NewFlagSet(app, flag.ExitOnError)
+	flags.StringVar(
+		&conf.Targets,
+		"t",
+		"",
+		"Targets for ARP spoofing. Example: \"targets 10.0.0.1,10.0.0.5-10,192.168.1.*,192.168.10.0/24\" (Default: entire subnet)",
+	)
+	gw := flags.String("g", "", "IPv4 address of custom gateway (Default: default gateway)")
+	flags.StringVar(&conf.Interface, "i", "", "The name of the network interface. Example: eth0 (Default: default interface)")
+	flags.BoolVar(&conf.FullDuplex, "f", false, "Run ARP spoofing in fullduplex mode")
+	flags.BoolVar(&conf.Debug, "d", false, "Enable debug logging")
+	flags.BoolFunc("I", "Display list of interfaces and exit.", func(flagValue string) error {
+		if err := network.DisplayInterfaces(); err != nil {
+			fmt.Fprintf(os.Stderr, "%s: %v\n", app, err)
+			os.Exit(2)
+		}
+		os.Exit(0)
+		return nil
+	})
+	if err := flags.Parse(args); err != nil {
+		return err
+	}
+	if *gw != "" {
+		ip, err := netip.ParseAddr(*gw)
+		if err != nil {
+			return err
+		}
+		conf.Gateway = &ip
+	}
+	output := zerolog.ConsoleWriter{Out: os.Stdout, NoColor: false}
+	output.FormatTimestamp = func(i any) string {
+		ts, _ := time.Parse(time.RFC3339, i.(string))
+		return colors.Gray(colors.WrapBrackets(ts.Format(time.TimeOnly))).String()
+	}
+	output.FormatMessage = func(i any) string {
+		if i == nil || i == "" {
+			return ""
+		}
+		s := i.(string)
+		result := ipPortPattern.ReplaceAllStringFunc(s, func(match string) string {
+			return colors.Gray(match).String()
+		})
+		return result
+	}
+	logger := zerolog.New(output).With().Timestamp().Logger()
+	conf.Logger = &logger
+	arpspoofer, err := arpspoof.NewARPSpoofer(conf)
+	if err != nil {
+		return err
+	}
+	go arpspoofer.Start()
+	quit := make(chan os.Signal, 1)
+	signal.Notify(quit, os.Interrupt)
+	<-quit
+	return arpspoofer.Stop()
+}
+
+func main() {
+	if err := root(os.Args[1:]); err != nil {
+		fmt.Fprintf(os.Stderr, "%s: %v\n", app, err)
+		os.Exit(2)
+	}
+}

cmd/marpspoof/main.go

@@ -3,17 +3,16 @@ package main
 import (
 	"flag"
 	"fmt"
-	"net"
 	"os"
 	"path/filepath"
 	"slices"
 	"strings"
-	"text/tabwriter"
 	"time"
 
 	ms "github.com/shadowy-pycoder/mshark"
 	"github.com/shadowy-pycoder/mshark/mpcap"
 	"github.com/shadowy-pycoder/mshark/mpcapng"
+	"github.com/shadowy-pycoder/mshark/network"
 )
 
 const app string = "mshark"
@@ -62,21 +61,6 @@ func (f *ExtFlag) UnmarshalText(b []byte) error {
 	return nil
 }
 
-func displayInterfaces() error {
-	w := new(tabwriter.Writer)
-	w.Init(os.Stdout, 0, 0, 2, ' ', tabwriter.TabIndent)
-	ifaces, err := net.Interfaces()
-	if err != nil {
-		return fmt.Errorf("failed to get network interfaces: %v", err)
-	}
-	fmt.Fprintln(w, "Index\tName\tFlags")
-	fmt.Fprintln(w, "0\tany\tUP")
-	for _, iface := range ifaces {
-		fmt.Fprintf(w, "%d\t%s\t%s\n", iface.Index, iface.Name, strings.ToUpper(iface.Flags.String()))
-	}
-	return w.Flush()
-}
-
 func createFile(app, ext string) (*os.File, error) {
 	path := fmt.Sprintf("./%s_%s.%s", app, time.Now().UTC().Format("20060102_150405"), ext)
 	f, err := os.OpenFile(filepath.FromSlash(path), os.O_CREATE|os.O_WRONLY, 0o644)
@@ -105,7 +89,7 @@ func root(args []string) error {
 	packetBuffer := flags.Int("b", 8192, "The maximum size of packet queue.")
 	flags.StringVar(&conf.Expr, "e", "", `BPF filter expression. Example: "ip proto tcp".`)
 	flags.BoolFunc("D", "Display list of interfaces and exit.", func(flagValue string) error {
-		if err := displayInterfaces(); err != nil {
+		if err := network.DisplayInterfaces(); err != nil {
 			fmt.Fprintf(os.Stderr, "%s: %v\n", app, err)
 			os.Exit(2)
 		}
@@ -130,7 +114,7 @@ func root(args []string) error {
 	}
 
 	// getting network interface from the provided name
-	in, err := ms.InterfaceByName(*iface)
+	in, err := network.InterfaceByName(*iface)
 	if err != nil {
 		return err
 	}

cmd/mshark/cli.go

@@ -4,8 +4,11 @@ go 1.24.1
 
 require (
 	github.com/magefile/mage v1.15.0
+	github.com/malfunkt/iprange v0.9.0
 	github.com/mdlayher/packet v1.1.2
 	github.com/packetcap/go-pcap v0.0.0-20240528124601-8c87ecf5dbc5
+	github.com/rs/zerolog v1.34.0
+	github.com/shadowy-pycoder/colors v0.0.1
 	github.com/stretchr/testify v1.9.0
 	golang.org/x/net v0.28.0
 	golang.org/x/text v0.27.0
@@ -14,7 +17,10 @@ require (
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/josharian/native v1.1.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mdlayher/socket v0.4.1 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	golang.org/x/sync v0.16.0 // indirect
 	golang.org/x/sys v0.24.0 // indirect

go.mod

@@ -1,5 +1,7 @@
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/gopacket/gopacket v1.2.0 h1:eXbzFad7f73P1n2EJHQlsKuvIMJjVXK5tXoSca78I3A=
@@ -8,20 +10,37 @@ github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtL
 github.com/josharian/native v1.1.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
 github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg=
 github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
+github.com/malfunkt/iprange v0.9.0 h1:VCs0PKLUPotNVQTpVNszsut4lP7OCGNBwX+lOYBrnVQ=
+github.com/malfunkt/iprange v0.9.0/go.mod h1:TRGqO/f95gh3LOndUGTL46+W0GXA91WTqyZ0Quwvt4U=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mdlayher/packet v1.1.2 h1:3Up1NG6LZrsgDVn6X4L9Ge/iyRyxFEFD9o6Pr3Q1nQY=
 github.com/mdlayher/packet v1.1.2/go.mod h1:GEu1+n9sG5VtiRE4SydOmX5GTwyyYlteZiFU+x0kew4=
 github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U=
 github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA=
 github.com/packetcap/go-pcap v0.0.0-20240528124601-8c87ecf5dbc5 h1:p4VuaitqUAqSZSomd7Wb4BPV/Jj7Hno2/iqtfX7DZJI=
 github.com/packetcap/go-pcap v0.0.0-20240528124601-8c87ecf5dbc5/go.mod h1:zIAoVKeWP0mz4zXY50UYQt6NLg2uwKRswMDcGEqOms4=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
+github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
+github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
+github.com/shadowy-pycoder/colors v0.0.1 h1:weCj/YIOupqy4BSP8KuVzr20fC+cuAv/tArz7bhhkP4=
+github.com/shadowy-pycoder/colors v0.0.1/go.mod h1:lkrJS1PY2oVigNLTT6pkbF7B/v0YcU2LD5PZnss1Q4U=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
 golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
 golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
 golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=

go.sum

@@ -140,31 +140,6 @@ func (mw *Writer) WriteHeader(c *Config) error {
 	return err
 }
 
-// InterfaceByName returns the interface specified by name.
-func InterfaceByName(name string) (*net.Interface, error) {
-	var (
-		in  *net.Interface
-		err error
-	)
-	if name == "any" {
-		in = &net.Interface{Index: 0, Name: "any"}
-	} else {
-		in, err = net.InterfaceByName(name)
-		if err != nil {
-			return nil, fmt.Errorf("unknown interface %s: %v", name, err)
-		}
-		ok := true &&
-			// Look for an Ethernet interface.
-			len(in.HardwareAddr) == 6 &&
-			// Look for up, multicast, broadcast.
-			in.Flags&(net.FlagUp|net.FlagMulticast|net.FlagBroadcast) != 0
-		if !ok {
-			return nil, fmt.Errorf("interface %s is not up", name)
-		}
-	}
-	return in, nil
-}
-
 // OpenLive opens a live capture based on the given configuration and writes
 // all captured packets to the given PacketWriters.
 func OpenLive(conf *Config, pw ...PacketWriter) error {

mshark.go

@@ -3,11 +3,13 @@ package mshark
 import (
 	"io"
 	"testing"
+
+	"github.com/shadowy-pycoder/mshark/network"
 )
 
 func BenchmarkOpenLive(b *testing.B) {
 	b.ResetTimer()
-	in, err := InterfaceByName("any")
+	in, err := network.InterfaceByName("any")
 	if err != nil {
 		b.Fatal(err)
 	}

mshark_test.go

@@ -0,0 +1,128 @@
+// Package network provides utility functions to extract some data about network
+package network
+
+import (
+	"bufio"
+	"fmt"
+	"net"
+	"net/netip"
+	"os"
+	"os/exec"
+	"strings"
+	"text/tabwriter"
+)
+
+// InterfaceByName returns the interface specified by name.
+func InterfaceByName(name string) (*net.Interface, error) {
+	var (
+		in  *net.Interface
+		err error
+	)
+	if name == "any" {
+		in = &net.Interface{Index: 0, Name: "any"}
+	} else {
+		in, err = net.InterfaceByName(name)
+		if err != nil {
+			return nil, fmt.Errorf("unknown interface %s: %v", name, err)
+		}
+		ok := true &&
+			// Look for an Ethernet interface.
+			len(in.HardwareAddr) == 6 &&
+			// Look for up, multicast, broadcast.
+			in.Flags&(net.FlagUp|net.FlagMulticast|net.FlagBroadcast) != 0
+		if !ok {
+			return nil, fmt.Errorf("interface %s is not up", name)
+		}
+	}
+	return in, nil
+}
+
+func DisplayInterfaces() error {
+	w := new(tabwriter.Writer)
+	w.Init(os.Stdout, 0, 0, 2, ' ', tabwriter.TabIndent)
+	ifaces, err := net.Interfaces()
+	if err != nil {
+		return fmt.Errorf("failed to get network interfaces: %v", err)
+	}
+	fmt.Fprintln(w, "Index\tName\tFlags")
+	fmt.Fprintln(w, "0\tany\tUP")
+	for _, iface := range ifaces {
+		fmt.Fprintf(w, "%d\t%s\t%s\n", iface.Index, iface.Name, strings.ToUpper(iface.Flags.String()))
+	}
+	return w.Flush()
+}
+
+func GetDefaultInterface() (*net.Interface, error) {
+	f, err := os.Open("/proc/net/route")
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	defaultInterface := ""
+	scanner := bufio.NewScanner(f)
+	for scanner.Scan() {
+		line := scanner.Text()
+		fields := strings.Fields(line)
+		if len(fields) >= 2 && fields[1] == "00000000" {
+			defaultInterface = fields[0]
+			break
+		}
+	}
+	return net.InterfaceByName(defaultInterface)
+}
+
+func GetDefaultGatewayIPv4() (netip.Addr, error) {
+	cmd := exec.Command("sh", "-c", "ip route show 0.0.0.0/0 | awk '{print $3}'")
+	ipRaw, err := cmd.Output()
+	if err != nil {
+		return netip.Addr{}, err
+	}
+	ip, err := netip.ParseAddr(strings.TrimRight(string(ipRaw), "\n"))
+	if err != nil {
+		return netip.Addr{}, err
+	}
+	if !ip.Is4() {
+		return netip.Addr{}, fmt.Errorf("only IPv4 is supported")
+	}
+	return ip, nil
+}
+
+func GetGatewayIPv4FromInterface(iface string) (netip.Addr, error) {
+	cmd := exec.Command("sh", "-c", fmt.Sprintf("ip route show dev %s", iface))
+	routes, err := cmd.Output()
+	if err != nil {
+		return netip.Addr{}, err
+	}
+	for line := range strings.Lines(string(routes)) {
+		fields := strings.Fields(line)
+		if len(fields) > 2 && fields[1] == "via" {
+			ip, err := netip.ParseAddr(fields[2])
+			if err != nil {
+				continue
+			}
+			if !ip.Is4() {
+				continue
+			}
+			return ip, nil
+		}
+	}
+	return netip.Addr{}, fmt.Errorf("gateway IPv4 not found for %s", iface)
+}
+
+func GetIPv4PrefixFromInterface(iface *net.Interface) (netip.Prefix, error) {
+	addrs, err := iface.Addrs()
+	if err != nil {
+		return netip.Prefix{}, err
+	}
+	for _, a := range addrs {
+		ipPrefix, err := netip.ParsePrefix(a.String())
+		if err != nil {
+			return netip.Prefix{}, err
+		}
+		if ipPrefix.Addr().Is4() {
+			return ipPrefix, nil
+		}
+	}
+	return netip.Prefix{}, fmt.Errorf("no IPv4 prefix found")
+}