package modules import ( "time" "github.com/evilsocket/bettercap-ng/log" "github.com/evilsocket/bettercap-ng/net" "github.com/evilsocket/bettercap-ng/session" ) type Discovery struct { session.SessionModule refresh int before net.ArpTable current net.ArpTable quit chan bool } func NewDiscovery(s *session.Session) *Discovery { d := &Discovery{ SessionModule: session.NewSessionModule("net.recon", s), refresh: 1, before: nil, current: nil, quit: make(chan bool), } d.AddHandler(session.NewModuleHandler("net.recon on", "", "Start network hosts discovery.", func(args []string) error { return d.Start() })) d.AddHandler(session.NewModuleHandler("net.recon off", "", "Stop network hosts discovery.", func(args []string) error { return d.Stop() })) d.AddHandler(session.NewModuleHandler("net.show", "", "Show current hosts list (default sorting by ip).", func(args []string) error { return d.Show("address") })) d.AddHandler(session.NewModuleHandler("net.show by seen", "", "Show current hosts list (sort by last seen).", func(args []string) error { return d.Show("seen") })) d.AddHandler(session.NewModuleHandler("net.show by sent", "", "Show current hosts list (sort by sent packets).", func(args []string) error { return d.Show("sent") })) d.AddHandler(session.NewModuleHandler("net.show by rcvd", "", "Show current hosts list (sort by received packets).", func(args []string) error { return d.Show("rcvd") })) return d } func (d Discovery) Name() string { return "net.recon" } func (d Discovery) Description() string { return "Read periodically the ARP cache in order to monitor for new hosts on the network." } func (d Discovery) Author() string { return "Simone Margaritelli " } func (d *Discovery) checkShared(new net.ArpTable) { n_gw_shared := 0 for ip, mac := range new { if ip != d.Session.Gateway.IpAddress && mac == d.Session.Gateway.HwAddress { n_gw_shared++ } } if n_gw_shared > 0 { a := "" b := "" if n_gw_shared == 1 { a = "" b = "s" } else { a = "s" b = "" } log.Warning("Found %d endpoint%s which share%s the same MAC of the gateway (%s), there're might be some IP isolation going on, skipping.", n_gw_shared, a, b, d.Session.Gateway.HwAddress) } } func (d *Discovery) runDiff() { // check for endpoints who disappeared var rem net.ArpTable = make(net.ArpTable) for mac, t := range d.Session.Targets.Targets { if _, found := d.current[mac]; found == false { rem[mac] = t.IpAddress } } for mac, ip := range rem { d.Session.Targets.Remove(ip, mac) } // now check for new friends ^_^ for ip, mac := range d.current { d.Session.Targets.AddIfNew(ip, mac) } } func (d *Discovery) Configure() error { return nil } func (d *Discovery) Start() error { if d.Running() == true { return session.ErrAlreadyStarted } else if err := d.Configure(); err != nil { return err } d.SetRunning(true) go func() { for { select { case <-time.After(time.Duration(d.refresh) * time.Second): var err error if d.current, err = net.ArpUpdate(d.Session.Interface.Name()); err != nil { log.Error("%s", err) continue } d.runDiff() d.before = d.current case <-d.quit: return } } }() return nil } func (d *Discovery) Stop() error { if d.Running() == false { return session.ErrAlreadyStopped } d.quit <- true d.SetRunning(false) return nil }