shARP - a tool to detect any ARP spoofing/MiTM incident.

shARP – a tool to detect any ARP spoofing/MiTM incident.

shARP is an anti-ARP-spoofing application software and uses active scanning method to detect any ARP-spoofing incidents.

ARP spoofing allows an attacker to intercept data frames on a network, modify the traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such as denial of service, man in the middle, or session hijacking attacks.Our anti- ARP spoofing program, (ShARP) detects the presence of a third party in a private network actively. It has 2 mode: defensive and offensive. Defensive mode protects the end user from the spoofer by dissconnecting the user’s system from the network and alerts the user by an audio message. The offensive mode dissconnects the user’s system from the network and further kicks out the attacker by sending de-authentication packets to his system, unabling him to reconnect to the network until the program is manually reset. The program creates a log file (/usr/shARP/)containing the details of the attack such as, the attackers mac address, mac vendor time and date of the attack. We can identify the NIC of the attackers system with the help of the obtained mac address. If required the attacker can be permanently banned from the netwrk by feeding his mac address to the block list of the router. The whole program is designed specially for linux and is writen in Linux s is hell command (bash command). In the offensive mode the program downloads an open-source application from the internet with the permission of the user namely aircrack-ng (if not present in the user’s system already ). Since it is written in python language, you must have python installed on your system for it to work.

shARP is an anti-ARP-spoofing application software

+ Aircrack-ng
+ All Linux Platform Support

Options Menu:
-d OR –defence = defend your system from arp spoofing or man in the middle attacks
-o OR –offence = remove the arp spoofer from the network :WARNING: network inteface would go down while removing the spoofer from the network. aircrack-ng would get installed in your system if not present beforehand.
An active internet connection would be required for this purpose