A collection of lightweight, custom Python scripts designed for network enumeration, packet sniffing, hardware address manipulation, and MITM auditing. This suite is engineered to modularly automate core networking and cybersecurity assessment concepts using Python 3 and the Scapy library.
⚠️ Disclaimer: This project is created strictly for educational purposes, academic review, and authorized penetration testing environments. The author assumes no liability for misuse, unauthorized network disruption, or legal consequences resulting from actions taken with these tools.
To interface with raw network sockets and modify link-layer configurations, the underlying execution environment requires:
- Python 3.x
- Scapy Library (For packet crafting, dissection, and decoding)
- Elevated Privileges:
- Linux: Native
sudoaccess. - Windows: PowerShell or CMD instance executed as
Administrator.
- Linux: Native
Clone the repository and install the required dependencies:
git clone [https://github.com/MR-Xo/PyNet-Shield](https://github.com/MR-Xo/PyNet-Shield)
cd PyNet-Shield
pip install scapy1.ARP Spoofing Auditor (arp_spoofer.py) Executes a bidirectional Address Resolution Protocol (ARP) cache poisoning attack to establish a Man-in-the-Middle (MITM) topology between a target machine and the local gateway. Platform Compatibility: Linux Pre-requisite: Linux kernel IP forwarding must be explicitly enabled to prevent packet dropping and total internet connection disruption on the target host:
sudo sysctl -w net.ipv4.ip_forward=1Execution Syntax:
sudo python3 arp_spoofer.py -t <TARGET_IP> -g <GATEWAY_IP>Example:
Bash sudo python3 arp_spoofer.py -t 192.168.1.10 -g 192.168.1.1 Core Engine Mechanics: Continually injects spoofed ARP replies into the local broadcast domain. Intercepts a KeyboardInterrupt (CTRL+C) to gracefully trigger a cleanup sequence, executing restore() routines to overwrite the poisoned ARP cache tables back to their authentic state.
2.Linux MAC Address Changer (mac_changer_linux.py) Automates the transient modification of the Media Access Control (MAC) address on a designated Linux network interface card (NIC).
Platform Compatibility: Linux
Execution Syntax:
sudo python3 mac_changer_linux.py -i <INTERFACE> -m <NEW_MAC>Example:
sudo python3 mac_changer_linux.py -i eth0 -m 00:11:22:33:44:55Core Engine Mechanics: Safely tears down the network interface, overwrites the hardware address structure via ifconfig, brings the interface back up, and queries the subsystem via Regex to mathematically verify that the post-execution MAC address strictly matches the user's intent.
3.Windows MAC Address Changer (mac_changer_windows.py) Modifies the link-layer hardware address on a specified Windows adapter by programmatically targeting the Windows Registry and calling the advanced configuration subsystem.
Platform Compatibility: Windows (Run as Administrator)
Execution Syntax:
python mac_changer_windows.py -i <INTERFACE_NAME> -m <NEW_MAC>Example:
python mac_changer_windows.py -i "Ethernet0" -m 0A1122334455Core Engine Mechanics: Temporarily disables the physical adapter, injects the verified string hex into the NetworkAddress registry keyword entry under the specific adapter key guid, re-enables the adapter, and prints a verified configuration table.
4.Local Network Scanner (network_scanner.py) An implementation of an internal discovery tool mapping active IP addresses to their corresponding hardware addresses within a local subnet.
Platform Compatibility: Cross-Platform (Linux/Windows)
Execution Syntax:
sudo python3 network_scanner.py -r <IP_RANGE/CIDR>Example:
sudo python3 network_scanner.py -r 192.168.1.0/24Core Engine Mechanics: Broadcasts customized ARP request packets encapsulated inside Ethernet frames across the local broadcast domain, listens for unicast responses, parses the extracted bytes, and dynamically outputs a clean, legible network mapping matrix.
5.Raw Packet Sniffer (packet_sniffer.py) A low-overhead, passive network surveillance script targeting non-encrypted HTTP application layers to isolate domains visited and raw credential sets.
Platform Compatibility: Cross-Platform (Linux/Windows)
Execution Syntax:
sudo python3 packet_sniffer.pyInteractive Input: Upon invocation, the script prompts for the explicit adapter name:
Plaintext [?] Enter the interface to sniff on (Default: eth0): Core Engine Mechanics: Utilizes a native socket BPF (Berkeley Packet Filter) (tcp port 80) to strictly intercept HTTP layer transactions. Decodes byte strings with specialized error handlers to mitigate structural crashes, filters raw data arrays against localized credential keywords, and outputs targets and unencrypted payloads in real-time.
📈 Contributing & Scalability This repository serves as an open-ended framework for modular security scripts.