From b1bb7116eda4a7c217117e260629cc896084d3c6 Mon Sep 17 00:00:00 2001
From: amaloteaux <>
Date: Thu, 2 Jun 2011 21:31:36 +0000
Subject: [PATCH] arp_sweep : automatically detect SHOST and SMAC and do not
 request localhost

git-svn-id: file:///home/svn/framework3/trunk@12823 4d416f70-5f16-0410-b530-b9f4589650da
---
 .../auxiliary/scanner/discovery/arp_sweep.rb  | 31 +++++++++++++------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/modules/auxiliary/scanner/discovery/arp_sweep.rb b/modules/auxiliary/scanner/discovery/arp_sweep.rb
index 6493053328..e79346443e 100644
--- a/modules/auxiliary/scanner/discovery/arp_sweep.rb
+++ b/modules/auxiliary/scanner/discovery/arp_sweep.rb
@@ -30,13 +30,13 @@ class Metasploit3 < Msf::Auxiliary
 		)
 
 		register_options([
-			OptString.new('SHOST', [true, "Source IP Address"]),
-			OptString.new('SMAC', [true, "Source MAC Address"]),
+			OptString.new('SHOST', [false, "Source IP Address"]),
+			OptString.new('SMAC', [false, "Source MAC Address"]),
 			# one re-register TIMEOUT here with a lower value, cause 5 seconds will be enough in most of the case
 			OptInt.new('TIMEOUT', [true, 'The number of seconds to wait for new data', 5]),
 		], self.class)
 
-		deregister_options('SNAPLEN', 'FILTER')
+		deregister_options('SNAPLEN', 'FILTER', 'PCAPFILE', 'UDP_SECRET', 'GATEWAY', 'NETMASK')
 	end
 
 	def run_batch_size
@@ -45,22 +45,35 @@ class Metasploit3 < Msf::Auxiliary
 
 	def run_batch(hosts)
 
+		@netifaces = true
+		if not netifaces_implemented? 
+			print_error("WARNING : Pcaprub is not uptodate, some functionality will not be available")
+			@netifaces = false
+		end
+
 		shost = datastore['SHOST']
+		shost ||= get_ipv4_addr(datastore['INTERFACE']) if @netifaces
+		raise RuntimeError ,'SHOST should be defined' unless shost
+		
 		smac  = datastore['SMAC']
+		smac ||= get_mac(datastore['INTERFACE']) if @netifaces
+		raise RuntimeError ,'SMAC should be defined' unless smac
 
 		open_pcap({'SNAPLEN' => 68, 'FILTER' => "arp[6:2] == 0x0002"})
 
 		begin
 
 		hosts.each do |dhost|
-			probe = buildprobe(datastore['SHOST'], datastore['SMAC'], dhost)
-			capture.inject(probe)
+			if dhost != shost
+				probe = buildprobe(shost, smac, dhost)
+				capture.inject(probe)
 
-			while(reply = getreply())
-				next if not reply[:arp]
-				print_status("#{reply[:arp].spa} appears to be up.")
+				while(reply = getreply())
+					next if not reply[:arp]
+					print_status("#{reply[:arp].spa} appears to be up.")
 
-				report_host(:host => reply[:arp].spa, :mac=>reply[:arp].sha)
+					report_host(:host => reply[:arp].spa, :mac=>reply[:arp].sha)
+				end
 			end
 		end