creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 05:34:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-arp-spoofing-attack-simulation/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

61 lines
2.5 KiB
Markdown
Raw Blame History

# API Reference: Performing ARP Spoofing Attack Simulation
## Scapy Library (Core)
| Function/Class | Description |
|----------------|-------------|
| `ARP(op="is-at", psrc=ip, hwsrc=mac)` | Construct ARP reply (poison) packet |
| `Ether(dst=mac)` | Construct Ethernet frame with target MAC |
| `srp(packet, timeout, iface)` | Send and receive layer 2 packets (ARP resolution) |
| `sendp(packet, iface)` | Send packet at layer 2 without waiting for reply |
| `get_if_hwaddr(iface)` | Get MAC address of local interface |
| `get_if_list()` | List available network interfaces |
| `conf.iface` | Get/set default network interface |
## ARP Packet Fields
| Field | Description |
|-------|-------------|
| `op` | Operation: `"who-has"` (request) or `"is-at"` (reply) |
| `psrc` | Source protocol (IP) address |
| `pdst` | Destination protocol (IP) address |
| `hwsrc` | Source hardware (MAC) address |
| `hwdst` | Destination hardware (MAC) address |
## Detection Verification Commands
| Command | Platform | Description |
|---------|----------|-------------|
| `show ip arp inspection statistics` | Cisco IOS | DAI statistics and violations |
| `show ip arp inspection log` | Cisco IOS | DAI violation log entries |
| `arpwatch -i eth0` | Linux | Monitor ARP table changes |
| `ip neigh show` | Linux | Display current ARP cache |
## Key Libraries
- **scapy** (`pip install scapy`): Packet crafting and network interaction
- **netifaces**: Cross-platform network interface information
- **nmap** (python-nmap): Network host discovery as alternative to ARP scan
## Configuration
| Variable | Description |
|----------|-------------|
| Interface | Network interface on same VLAN as target (e.g., `eth0`) |
| Root/Admin | Scapy requires root/administrator privileges for raw sockets |
## Safety Controls
| Control | Purpose |
|---------|---------|
| Written authorization | Legal requirement before any ARP spoofing |
| `restore_arp()` | Always restore legitimate ARP entries after simulation |
| Packet count limit | Limit spoofing rounds to minimum needed for detection test |
| Isolated VLAN | Run simulation on isolated test network segment |
## References
- [Scapy Documentation](https://scapy.readthedocs.io/)
- [Dynamic ARP Inspection (Cisco)](https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-12/configuration_guide/sec/b_1612_sec_9300_cg/dynamic_arp_inspection.html)
- [OWASP Testing Guide - Network](https://owasp.org/www-project-web-security-testing-guide/)
Reference in New Issue View Git Blame Copy Permalink