At last, I’m very happy to announce the release of the long-waited Anti NetCut version2.
Main Features:
- Works on Ubuntu/Fedora/RHEL..
- Written in Python so it’s easy to maintain and update.
- Automatic detection of almost everything (you might need to supply the interface name as illustrated below)
- Works perfectly with NetCut 2.8…
The usage instructions are too easy, just download and edit the antinetcut.py file (change “device=eth0″) to your interface name and run the script…
Notes
- You must leave the script running in the background, stopping the script means that you might get attacked again.
- After starting the script, it might take a few seconds before you get your connection back, so please be patient.
Anyone wants to join development, please see the official page http://code.google.com/p/antinetcut/
Download from here: Download Here
Ahmed Soliman Farghal is a professional "Software/Systems" engineer with exceptional computer science background and spectacular record of projects and achievements.
thanQ very much eng/ahmed
i don’t really use anti-netcut … but i know this would be useful for me someday
even this will encourage me studying Python
Thanks a lot eng / Ahmed
i will download it now and try
yeah ana kont me7tagoo geddan
thnx alot
hi eng ahmed
thanx very much for this .i’ve waited long for it since netcut is very bad on my network
again thanx very much
I am reading the code now it seems interesting
thnx alot Ahmed , and i hope it will be effective ISA
شكراً أخ أحمد
أخيراً على أوبونتو
نسيت أسأل هل تجدى نفعاً مع arp spoofing
أم هى للـ نت كت فقط
السلام عليكم
بسم الله الرحمن الرحيم
أنا مش عارف أشكرك ازاى بجد أنا فعلا كنت محتاجه على أبونتو
جزاك الله خيرا وجعلك زخرا لللإسلام والمسلمين
It should work with all types of arp poisoning, so please try and tell me…
Jazakom ALLAH 5yran ya bashmohandes A7med Soliman , Franchment vous êtes super dynamique, Je vous souhait une bonne continuation pour les prochains Versions d’ AntiNetCut
S.A
مجهووود جااامد جداااا يا باشمهندس احمد
ربنا يكرمك ويجازيك خير دايما
ربنا يوفقك
first of all i wanna say thanx very very much for this
but when i try it and i set the “gw” to my getway ip in line 8 ,i had an error in line 28 say “name ‘gwIP’ is not defined” i edit line 21 from “myIP=gw” to “gwIP=gw” and it work well now .
but if “gw”=”" it work well .
i don`t know it may be only me but that what happened
;
again thanx ;
جربتها كما قلت ونفعت إذا كان ملك الراوتر لم يتغير ولكن النت يبطأ مش مشكلة المهم انه اشتغل وخلاص
أما إذا تغير الماك فالإتصال لا يعود
ya3ni eeh et3′ayar el mac?
يعنى عندما أقوم بتنفيذ الأمر (arp -a)
يخبرنى ناتج الأمر بآي بى الراوتر والماك بتاعه +آى بى الآ بيعمل arp spoofing والماك بتاعه
لو الماك بتاع الراوتر متغير عن الماك الأصلى لا يعود النت
ولكن أظن أنى وجدت الحل لهذه المشكلة مع firestarter
قلت “أظن” لست متأكد من هذا الأمر بعد
bgad thanQ ya Ahmed basha 3ala el ANTINETCUT el faaazeee3 da , ana kont mat7ooon bgad fe el LAN beta3ty w kont bakteb (commands) manual kol marra ad5ol online w a5od ip el router w 7agat zay keda keteeer :$
bs el 7amdu le ALLAH now I’ll NOT do this ANYMORE
RABENA ye5alek lena ya gameeel
ma3lesh ya gama3a , ana 3amalt download lel anti netcut , bas ana mesh 3aref asta7′demo khales , plz some one tell me how to use it plz , as iam writing this im afraid i will be disconnected any minute , plz help plzz
Extract the tar ball
change directory to the extraction folder:
cd /path/to/antinetcutIn case you extracted it to desktop so it’ll be ..
cd /home/yourusername/Desktop/antinetcutnow execute it …
ubuntu
$sudo ./antinetcut.pyelse
./antinetcut.pyyou may need to :
chmod a+x antinetcut.pyGAMED wlahe ya ahmed , really nice work ya man and so helpful also , and i hope that u will not stop this releases of this nice script
thnx alot ya man
yaah ya 3am ayman, enta lessa faker
isA I’ll continue maintaining this script and I hope to get more developers working on it…
انا منزل اعجوبه ودا اللي جالي!!!
[ 1 ]
sh: arp: command not found
[ 2 ]
sh: arp: command not found
[ 3 ]
sh: arp: command not found
مش عارف اعمل ايه
can you please tell me which distro are you using?
i’m using ojuba built on FEDORA 9
this is what i get
[root@localhost hassan]# ‘/home/hassan/antinetcut.py’
WARNING: Failed to execute tcpdump. Check it is installed and in the PATH
Welcome To AntiNetCut Version 2
Development done by AhmedSoliman.com
Released August 2008
which: no ip in (/usr/kerberos/sbin:/usr/lib/qt-3.3/bin:/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/home/hassan/bin)
Traceback (most recent call last):
File “/home/hassan/antinetcut.py”, line 28, in
mac=getmacbyip(gwIP)
File “/media/HARD DISK/antinetcut/scapy/layers/l2.py”, line 44, in getmacbyip
tmp = map(ord, inet_aton(ip))
socket.error: illegal IP address string passed to inet_aton
where is the prob??
It’s the first time I hear about Ojouba! but anyway the problem seems that you miss all the packages that are related to networking
Like you need the packages:
iproute
tcpdump
net-tools
Please make sure that you have those packages already installed.. (using rpm -q )
i typed in terminal
install iproute tcpdump net-tools
this is what i got
Setting up Install Process
Parsing package install arguments
Package iproute-2.6.25-1.fc9.i386 already installed and latest version
Package 14:tcpdump-3.9.8-4.fc9.i386 already installed and latest version
Package net-tools-1.60-87.fc9.i386 already installed and latest version
Nothing to do
this is OJUBA
http://www.ojuba.org/wiki/doku.php
ok, write
which arpwhich ip
and please make sure that you execute this script as super-user (root)
[root@localhost hassan]# which arp
/usr/bin/which: no arp in (/usr/kerberos/sbin:/usr/lib/qt-3.3/bin:/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/home/hassan/bin)
[root@localhost hassan]# which ip
/usr/bin/which: no ip in (/usr/kerberos/sbin:/usr/lib/qt-3.3/bin:/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/home/hassan/bin)
what is this????
it seems that this distro has modified the default fedora packages (RPMs) contents, so I can’t help now
you must contact the distro. packagers for those commands RPMS
this is the conversation between me & the distro.packager plz read
http://www.linuxac.org/forum/showthread.php?t=14624
Ok, I read the whole topic and now I get the problem correctly…
there are two problems now:
1- when you run the script using its full path…
2- the script cannot detect your IP address, can you please provide the output of
ip addr show[hassan@localhost ~]$ su -
Password:
[root@localhost ~]# ip addr show
1: lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:e0:20:15:07:f6 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.43/24 brd 192.168.1.255 scope global eth1
inet6 fe80::2e0:20ff:fe15:7f6/64 scope link
valid_lft forever preferred_lft forever
3: eth0: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:17:31:27:8f:d7 brd ff:ff:ff:ff:ff:ff
4: pan0: mtu 1500 qdisc noop state DOWN
link/ether 2a:4c:ca:32:cd:ce brd ff:ff:ff:ff:ff:ff
[root@localhost ~]#
“i’ve 2 lan cards the one eth0 is onboard & not working so i use eth1″
“thank you v.much mr.ahmed soliman for your interest
this is what i done
[hassan@localhost ~]$ su -
Password:
[root@localhost ~]# ls
anaconda-ks.cfg
[root@localhost ~]# cd /home/hassan
[root@localhost hassan]# ls
antinetcut Documents Music Public Videos
Desktop Download Pictures Templates
[root@localhost hassan]# cd antinetcut
[root@localhost antinetcut]# ./antinetcut.py
Welcome To AntiNetCut Version 2
Development done by AhmedSoliman.com
Released August 2008
MAC Address Detected for the gateway 192.168.1.1 00:17:31:c7:bc:8a
Deleting Current gateway mac address from the arp table
Adding static entry…
Cannot Detect my IP address
[root@localhost antinetcut]# ip addr show
1: lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:e0:20:15:07:f6 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.43/24 brd 192.168.1.255 scope global eth1
inet6 fe80::2e0:20ff:fe15:7f6/64 scope link
valid_lft forever preferred_lft forever
3: eth0: mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:17:31:27:8f:d7 brd ff:ff:ff:ff:ff:ff
4: pan0: mtu 1500 qdisc noop state DOWN
link/ether 36:bd:d4:2c:f7:a7 brd ff:ff:ff:ff:ff:ff
[root@localhost antinetcut]#
!!!
wats z prob. here?!
as you have eth1 instead of eth0, you’ll have to edit the script…
open the script using any text editor (gedit antinetcut.py) for example and edit the variable at line 8
device="eth0"to
device="eth1"and try again…
[hassan@localhost antinetcut]$ su -
Password:
ls[root@localhost ~]# ls
anaconda-ks.cfg
[root@localhost ~]# cd /home/hassan/antinetcut
[root@localhost antinetcut]# gedit antinetcut.py
[root@localhost antinetcut]# ./antinetcut.py
Welcome To AntiNetCut Version 2
Development done by AhmedSoliman.com
Released August 2008
MAC Address Detected for the gateway 192.168.1.1 00:17:31:c7:bc:8a
Deleting Current gateway mac address from the arp table
Adding static entry…
Our IP Address is 192.168.1.43
Out MAC Address is 00:e0:20:15:07:f6
Running Protection Thread
is it working now???????
yes, leave it running….
thank you mr.ahmed i really cant find words to thank you
well ! thanx alot for this version …
but is the hole idea is to clear the arp cache and checks for users spoofing the G.W mac address ?
I read actually alot about this topic “Arp poisoning” and I had little experience facing it … but actually I did faced a problem before when I couldn’t get the connection back even when trying to clear the arp cache , and I knew that there’s many attack types concerning this topic
for example :- a program like win arp attacker “can be found in security focus”
can do many attacks
so I figured out that I do need a firewall that preventing my pc from ever receiving arp requests at all and I got one but I really lost it (for windows )
then I found the program antiarp that really makes good job and hides your pc totally from network and it’s effective really
so I want to ask 2 questions :-
1) is your program designed to face many types of attacks ? since really the problem is not in netcut alone …. there’s many applications as I told you before since I faced some of those applications but I don’t know its name
2) from my little experience and plz correct me if i’m wrong I figured out that the application I told you about was actually messing with router it self
may be send packets to it to spoof my mac address to another fake one and send those packets rapidly and continuously so it doesn’t mess with me .. so any arp cache clearing will be useless
so I also figured out that i’m in need to an application that can send packets to router to tell it about me and this must be with a rate faster than the enemy application and I guess this option in winarpattacker In windows but I didn’t try it
(composing packets and sending it with specific rates [ arp- request, or replay] )
so the whole idea i’m talking about is that the application has to prevent all arp packets comming and sent from you so as to hide you … and you may spoof your mac after hiding to get the connection back
so am I right ? :- ) sorry for the long post and I like to see your reply
@hackobacko:
The first version of my antinetcut was clearing the arp cache and setting the arp entry of the gateway static o it cannot be forged later..and that was passive protection…
but after releasing netcut 2.8, which poisons the gateway the same way you mentioned, I analyzed the attack pattern and I generated arp requests/replies the same way you mentioned but in a specific way that overcome the netcut attack.
that response I generate should eliminate most of the arp poisoning programs available, I need people to test and report to me so we can enhance…
its all OK here, everything is going right…thanks again
well .. I don’t have a network right now so I really can’t test it
but you may add some functionalities to log people making arp attacks
or using any suspecious software like that
may be for a network owner to disconnect them …. and that will be useful , in keeping networks clean .
I didn’t use python b4 but I know it’s interpreted language, so why not adding windows to the list of supported O.S , this will be handful for windows users who wanna get rid off such attacks , and suffering from other malicious applications other than netcut
A question :
when analyzing the attack pattern , you just used traffic analyzers , or there’s other ways ?
thanx
I didn’t use any analyzers, just sniffers…
first :
thanks a lot for Ur effort in this program its really rocks
second :
please I need to know :
1. Import sys
where is this class ?
2. from scapy.all import *
I realized that scapy is a directory full of othe scripts and classes,
I wanted to ask : when i wrote scapy.all does that mean the script (all.py or all.pyc ) and what is all.pyc ? I opened it and saw unicode like when I open a binary file in vim…
3.os.functions
where is this class ? I can’t fined where scapy wrote it
but i found in arch.py that they imported the os class as u imported sys class in ur program
dose that mean that sys and os is parts of the system’s libraries or not ?
and if it was system libraries Y didn’t u import os like sys ?
4.getmacbyip
where is that function ??????
i can’t finde it in scapy files,
and why didn’t u get the locale machine mac with that function too ?
5.scapy directory
i don’t know what is scapy, and if sys and os are system’s libraries Y did u import the scapy project… is it for getmacbyip function only ? and u have to know that i didn’t find that function in scapy files too
now I realized Y did U use scapy….. Is it for line 62 to the end of Ur program ?
but I need to know Y dose those lines do ?
I think they r doing the protection thread
but I am talking about the mechanism of its job
what is it ???
sorry for too many questions
Hi,
All those questions means that you actually didn’t read about python, so I suggest that you start reading about python first then we can discuss how things work here…
thanks very nice >> thank u
يا ريت حد من الاخوان يشرح سبب الخطأ لهذا السكربت على توزيعة اعجوبة
Welcome To AntiNetCut Version 2
Development done by AhmedSoliman.com
Released August 2008
Traceback (most recent call last):
File “./antinetcut.py”, line 28, in
mac=getmacbyip(gwIP)
File “/home/yaseen/antinetcut/scapy/layers/l2.py”, line 44, in getmacbyip
socket.error: illegal IP address string passed to inet_aton
[root@ypc yaseen]#
you might need to get the latest version from the google code page
Alslam alikom
hi hello every one
i have tried this scribt in my small lab “two computers ”
but it doesnot work with net cut
the scribt is running but still i couldnot use internet
i know that the script fix my ARPtable ……Right?
the question is does it fix the ARPtable of the router ??????????????????????????
because the Arcai netcut poison both the victim and router ARPtables
thanks for ur effort