AntiNetCut v2
At last, I’m very happy to announce the release of the long-waited Anti NetCut version2.
Main Features:
- Works on Ubuntu/Fedora/RHEL..
- Written in Python so it’s easy to maintain and update.
- Automatic detection of almost everything (you might need to supply the interface name as illustrated below)
- Works perfectly with NetCut 2.8…
The usage instructions are too easy, just download and edit the antinetcut.py file (change “device=eth0″) to your interface name and run the script…
Notes
- You must leave the script running in the background, stopping the script means that you might get attacked again.
- After starting the script, it might take a few seconds before you get your connection back, so please be patient.
Anyone wants to join development, please see the official page http://code.google.com/p/antinetcut/
Download from here: Download Here
BooDy said,
August 13, 2008 @ 2:46 am
thanQ very much eng/ahmed
i don’t really use anti-netcut … but i know this would be useful for me someday
even this will encourage me studying Python
M.M.F said,
August 13, 2008 @ 3:32 am
Thanks a lot eng / Ahmed
i will download it now and try
MeDo said,
August 13, 2008 @ 4:44 am
yeah ana kont me7tagoo geddan
thnx alot
bu3ny said,
August 13, 2008 @ 6:49 am
hi eng ahmed
thanx very much for this .i’ve waited long for it since netcut is very bad on my network
again thanx very much
Ahmed Madkour said,
August 13, 2008 @ 10:11 am
I am reading the code now it seems interesting
Mutati0N said,
August 14, 2008 @ 4:47 am
thnx alot Ahmed , and i hope it will be effective ISA
m1hmoud said,
August 15, 2008 @ 2:23 pm
شكراً أخ أحمد
أخيراً على أوبونتو
m1hmoud said,
August 15, 2008 @ 2:29 pm
نسيت أسأل هل تجدى نفعاً مع arp spoofing
أم هى للـ نت كت فقط
ahmed ali said,
August 15, 2008 @ 3:13 pm
السلام عليكم
بسم الله الرحمن الرحيم
أنا مش عارف أشكرك ازاى بجد أنا فعلا كنت محتاجه على أبونتو
جزاك الله خيرا وجعلك زخرا لللإسلام والمسلمين
Ahmed S. Farghal said,
August 15, 2008 @ 3:14 pm
It should work with all types of arp poisoning, so please try and tell me…
Abdelrahman Hamed el Gamal said,
August 15, 2008 @ 8:50 pm
Jazakom ALLAH 5yran ya bashmohandes A7med Soliman , Franchment vous êtes super dynamique, Je vous souhait une bonne continuation pour les prochains Versions d’ AntiNetCut
S.A
elahlawy said,
August 15, 2008 @ 11:29 pm
مجهووود جااامد جداااا يا باشمهندس احمد
ربنا يكرمك ويجازيك خير دايما
ربنا يوفقك
روابط 3 « Technology is life style said,
August 16, 2008 @ 3:23 am
[...] AntiNetCut v2 « Topdown problem solving [...]
Eslam Mahmoud said,
August 16, 2008 @ 3:58 am
first of all i wanna say thanx very very much for this
but when i try it and i set the “gw” to my getway ip in line 8 ,i had an error in line 28 say “name ‘gwIP’ is not defined” i edit line 21 from “myIP=gw” to “gwIP=gw” and it work well now .
but if “gw”=”" it work well .
i don`t know it may be only me but that what happened
;
again thanx ;
m1hmoud said,
August 17, 2008 @ 8:49 pm
جربتها كما قلت ونفعت إذا كان ملك الراوتر لم يتغير ولكن النت يبطأ مش مشكلة المهم انه اشتغل وخلاص
أما إذا تغير الماك فالإتصال لا يعود
Ahmed S. Farghal said,
August 17, 2008 @ 10:29 pm
ya3ni eeh et3′ayar el mac?
m1hmoud said,
August 17, 2008 @ 10:45 pm
يعنى عندما أقوم بتنفيذ الأمر (arp -a)
يخبرنى ناتج الأمر بآي بى الراوتر والماك بتاعه +آى بى الآ بيعمل arp spoofing والماك بتاعه
لو الماك بتاع الراوتر متغير عن الماك الأصلى لا يعود النت
ولكن أظن أنى وجدت الحل لهذه المشكلة مع firestarter
قلت “أظن” لست متأكد من هذا الأمر بعد
links for 2008-08-19 « Free Open Source Directory said,
August 20, 2008 @ 5:32 am
[...] AntiNetCut v2 | AhmedSoliman.com At last, I’m very happy to announce the release of the long-waited Anti NetCut version2. Main Features: 1. Works on Ubuntu/Fedora/RHEL.. 2. Written in Python so it’s easy to maintain and update. 3. Automatic detection of almost everything (you might need to supply the interface name as illustrated below) 4. Works perfectly with NetCut 2.8… (tags: AntiNetCut v2) [...]
MaRaGhEnOoO said,
August 20, 2008 @ 3:58 pm
bgad thanQ ya Ahmed basha 3ala el ANTINETCUT el faaazeee3 da , ana kont mat7ooon bgad fe el LAN beta3ty w kont bakteb (commands) manual kol marra ad5ol online w a5od ip el router w 7agat zay keda keteeer :$
bs el 7amdu le ALLAH now I’ll NOT do this ANYMORE
RABENA ye5alek lena ya gameeel
amr said,
August 23, 2008 @ 2:09 am
ma3lesh ya gama3a , ana 3amalt download lel anti netcut , bas ana mesh 3aref asta7′demo khales , plz some one tell me how to use it plz , as iam writing this im afraid i will be disconnected any minute , plz help plzz
Gamal said,
August 24, 2008 @ 9:29 pm
Extract the tar ball
change directory to the extraction folder:
cd /path/to/antinetcutIn case you extracted it to desktop so it’ll be ..
cd /home/yourusername/Desktop/antinetcutnow execute it …
ubuntu
$sudo ./antinetcut.pyelse
./antinetcut.pyyou may need to :
chmod a+x antinetcut.pyayman said,
August 24, 2008 @ 9:36 pm
GAMED wlahe ya ahmed , really nice work ya man and so helpful also , and i hope that u will not stop this releases of this nice script
thnx alot ya man
Ahmed S. Farghal said,
August 24, 2008 @ 11:33 pm
yaah ya 3am ayman, enta lessa faker
isA I’ll continue maintaining this script and I hope to get more developers working on it…
hassan said,
August 25, 2008 @ 3:16 pm
انا منزل اعجوبه ودا اللي جالي!!!
[ 1 ]
sh: arp: command not found
[ 2 ]
sh: arp: command not found
[ 3 ]
sh: arp: command not found
مش عارف اعمل ايه
Ahmed S. Farghal said,
August 25, 2008 @ 8:07 pm
can you please tell me which distro are you using?
eldhrawy said,
August 26, 2008 @ 10:37 am
i’m using ojuba built on FEDORA 9
this is what i get
[root@localhost hassan]# ‘/home/hassan/antinetcut.py’
WARNING: Failed to execute tcpdump. Check it is installed and in the PATH
Welcome To AntiNetCut Version 2
Development done by AhmedSoliman.com
Released August 2008
which: no ip in (/usr/kerberos/sbin:/usr/lib/qt-3.3/bin:/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/home/hassan/bin)
Traceback (most recent call last):
File “/home/hassan/antinetcut.py”, line 28, in
mac=getmacbyip(gwIP)
File “/media/HARD DISK/antinetcut/scapy/layers/l2.py”, line 44, in getmacbyip
tmp = map(ord, inet_aton(ip))
socket.error: illegal IP address string passed to inet_aton
where is the prob??
Ahmed S. Farghal said,
August 26, 2008 @ 10:48 am
It’s the first time I hear about Ojouba! but anyway the problem seems that you miss all the packages that are related to networking
Like you need the packages:
iproute
tcpdump
net-tools
Please make sure that you have those packages already installed.. (using rpm -q )
eldhrawy said,
August 26, 2008 @ 4:14 pm
i typed in terminal
install iproute tcpdump net-tools
this is what i got
Setting up Install Process
Parsing package install arguments
Package iproute-2.6.25-1.fc9.i386 already installed and latest version
Package 14:tcpdump-3.9.8-4.fc9.i386 already installed and latest version
Package net-tools-1.60-87.fc9.i386 already installed and latest version
Nothing to do
this is OJUBA
http://www.ojuba.org/wiki/doku.php
Ahmed S. Farghal said,
August 26, 2008 @ 5:00 pm
ok, write
which arpwhich ip
and please make sure that you execute this script as super-user (root)
eldhrawy said,
August 26, 2008 @ 7:43 pm
[root@localhost hassan]# which arp
/usr/bin/which: no arp in (/usr/kerberos/sbin:/usr/lib/qt-3.3/bin:/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/home/hassan/bin)
[root@localhost hassan]# which ip
/usr/bin/which: no ip in (/usr/kerberos/sbin:/usr/lib/qt-3.3/bin:/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/home/hassan/bin)
what is this????
Ahmed S. Farghal said,
August 26, 2008 @ 11:13 pm
it seems that this distro has modified the default fedora packages (RPMs) contents, so I can’t help now
you must contact the distro. packagers for those commands RPMS
eldhrawy said,
August 27, 2008 @ 9:58 pm
this is the conversation between me & the distro.packager plz read
http://www.linuxac.org/forum/showthread.php?t=14624
Ahmed S. Farghal said,
August 28, 2008 @ 12:17 am
Ok, I read the whole topic and now I get the problem correctly…
there are two problems now:
1- when you run the script using its full path…
2- the script cannot detect your IP address, can you please provide the output of
ip addr showeldhrawy said,
August 28, 2008 @ 2:46 am
[hassan@localhost ~]$ su -
Password:
[root@localhost ~]# ip addr show
1: lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:e0:20:15:07:f6 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.43/24 brd 192.168.1.255 scope global eth1
inet6 fe80::2e0:20ff:fe15:7f6/64 scope link
valid_lft forever preferred_lft forever
3: eth0: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:17:31:27:8f:d7 brd ff:ff:ff:ff:ff:ff
4: pan0: mtu 1500 qdisc noop state DOWN
link/ether 2a:4c:ca:32:cd:ce brd ff:ff:ff:ff:ff:ff
[root@localhost ~]#
“i’ve 2 lan cards the one eth0 is onboard & not working so i use eth1″
“thank you v.much mr.ahmed soliman for your interest
eldhrawy said,
August 28, 2008 @ 2:56 am
this is what i done
[hassan@localhost ~]$ su -
Password:
[root@localhost ~]# ls
anaconda-ks.cfg
[root@localhost ~]# cd /home/hassan
[root@localhost hassan]# ls
antinetcut Documents Music Public Videos
Desktop Download Pictures Templates
[root@localhost hassan]# cd antinetcut
[root@localhost antinetcut]# ./antinetcut.py
Welcome To AntiNetCut Version 2
Development done by AhmedSoliman.com
Released August 2008
MAC Address Detected for the gateway 192.168.1.1 00:17:31:c7:bc:8a
Deleting Current gateway mac address from the arp table
Adding static entry…
Cannot Detect my IP address
[root@localhost antinetcut]# ip addr show
1: lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:e0:20:15:07:f6 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.43/24 brd 192.168.1.255 scope global eth1
inet6 fe80::2e0:20ff:fe15:7f6/64 scope link
valid_lft forever preferred_lft forever
3: eth0: mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:17:31:27:8f:d7 brd ff:ff:ff:ff:ff:ff
4: pan0: mtu 1500 qdisc noop state DOWN
link/ether 36:bd:d4:2c:f7:a7 brd ff:ff:ff:ff:ff:ff
[root@localhost antinetcut]#
!!!
eldhrawy said,
August 28, 2008 @ 10:17 pm
wats z prob. here?!
Ahmed S. Farghal said,
August 29, 2008 @ 11:54 am
as you have eth1 instead of eth0, you’ll have to edit the script…
open the script using any text editor (gedit antinetcut.py) for example and edit the variable at line 8
device="eth0"to
device="eth1"and try again…
eldhrawy said,
August 29, 2008 @ 3:54 pm
[hassan@localhost antinetcut]$ su -
Password:
ls[root@localhost ~]# ls
anaconda-ks.cfg
[root@localhost ~]# cd /home/hassan/antinetcut
[root@localhost antinetcut]# gedit antinetcut.py
[root@localhost antinetcut]# ./antinetcut.py
Welcome To AntiNetCut Version 2
Development done by AhmedSoliman.com
Released August 2008
MAC Address Detected for the gateway 192.168.1.1 00:17:31:c7:bc:8a
Deleting Current gateway mac address from the arp table
Adding static entry…
Our IP Address is 192.168.1.43
Out MAC Address is 00:e0:20:15:07:f6
Running Protection Thread
is it working now???????
Ahmed S. Farghal said,
August 29, 2008 @ 9:12 pm
yes, leave it running….
eldhrawy said,
August 29, 2008 @ 10:32 pm
thank you mr.ahmed i really cant find words to thank you
hackobacko said,
August 30, 2008 @ 6:43 am
well ! thanx alot for this version …
but is the hole idea is to clear the arp cache and checks for users spoofing the G.W mac address ?
I read actually alot about this topic “Arp poisoning” and I had little experience facing it … but actually I did faced a problem before when I couldn’t get the connection back even when trying to clear the arp cache , and I knew that there’s many attack types concerning this topic
for example :- a program like win arp attacker “can be found in security focus”
can do many attacks
so I figured out that I do need a firewall that preventing my pc from ever receiving arp requests at all and I got one but I really lost it (for windows )
then I found the program antiarp that really makes good job and hides your pc totally from network and it’s effective really
so I want to ask 2 questions :-
1) is your program designed to face many types of attacks ? since really the problem is not in netcut alone …. there’s many applications as I told you before since I faced some of those applications but I don’t know its name
2) from my little experience and plz correct me if i’m wrong I figured out that the application I told you about was actually messing with router it self
may be send packets to it to spoof my mac address to another fake one and send those packets rapidly and continuously so it doesn’t mess with me .. so any arp cache clearing will be useless
so I also figured out that i’m in need to an application that can send packets to router to tell it about me and this must be with a rate faster than the enemy application and I guess this option in winarpattacker In windows but I didn’t try it
(composing packets and sending it with specific rates [ arp- request, or replay] )
so the whole idea i’m talking about is that the application has to prevent all arp packets comming and sent from you so as to hide you … and you may spoof your mac after hiding to get the connection back
so am I right ? :- ) sorry for the long post and I like to see your reply
Ahmed S. Farghal said,
August 30, 2008 @ 2:05 pm
@hackobacko:
The first version of my antinetcut was clearing the arp cache and setting the arp entry of the gateway static o it cannot be forged later..and that was passive protection…
but after releasing netcut 2.8, which poisons the gateway the same way you mentioned, I analyzed the attack pattern and I generated arp requests/replies the same way you mentioned but in a specific way that overcome the netcut attack.
that response I generate should eliminate most of the arp poisoning programs available, I need people to test and report to me so we can enhance…
eldhrawy said,
August 31, 2008 @ 6:17 am
its all OK here, everything is going right…thanks again
hackobacko said,
September 1, 2008 @ 12:29 am
well .. I don’t have a network right now so I really can’t test it
but you may add some functionalities to log people making arp attacks
or using any suspecious software like that
may be for a network owner to disconnect them …. and that will be useful , in keeping networks clean .
I didn’t use python b4 but I know it’s interpreted language, so why not adding windows to the list of supported O.S , this will be handful for windows users who wanna get rid off such attacks , and suffering from other malicious applications other than netcut
A question :
when analyzing the attack pattern , you just used traffic analyzers , or there’s other ways ?
thanx
Ahmed S. Farghal said,
September 2, 2008 @ 1:34 pm
I didn’t use any analyzers, just sniffers…
tuxawy said,
October 10, 2008 @ 9:35 am
first :
thanks a lot for Ur effort in this program its really rocks
second :
please I need to know :
1. Import sys
where is this class ?
2. from scapy.all import *
I realized that scapy is a directory full of othe scripts and classes,
I wanted to ask : when i wrote scapy.all does that mean the script (all.py or all.pyc ) and what is all.pyc ? I opened it and saw unicode like when I open a binary file in vim…
3.os.functions
where is this class ? I can’t fined where scapy wrote it
but i found in arch.py that they imported the os class as u imported sys class in ur program
dose that mean that sys and os is parts of the system’s libraries or not ?
and if it was system libraries Y didn’t u import os like sys ?
4.getmacbyip
where is that function ??????
i can’t finde it in scapy files,
and why didn’t u get the locale machine mac with that function too ?
5.scapy directory
i don’t know what is scapy, and if sys and os are system’s libraries Y did u import the scapy project… is it for getmacbyip function only ? and u have to know that i didn’t find that function in scapy files too
tuxawy said,
October 10, 2008 @ 9:46 am
now I realized Y did U use scapy….. Is it for line 62 to the end of Ur program ?
but I need to know Y dose those lines do ?
I think they r doing the protection thread
but I am talking about the mechanism of its job
what is it ???
sorry for too many questions
Ahmed S. Farghal said,
October 13, 2008 @ 1:39 pm
Hi,
All those questions means that you actually didn’t read about python, so I suggest that you start reading about python first then we can discuss how things work here…