dhcpwn

Flood the network with IP requests

$ dhcpwn [[-i|--interface]] [network_interface] flood [[-c|--count]] [number_of_requests]

$ dhcpwn [[-i|--interface]] [network_interface] sniff

dhcpwn -i interface [-s|-r|-k] [options]

-i interface
    Specifies the network interface to use for sending and receiving DHCP packets (e.g., eth0, wlan0).

-s
    Executes a DHCP starvation attack, attempting to exhaust the server's IP address pool.

-r
    Launches a rogue DHCP server attack, offering malicious network configurations to clients.

-k
    Attempts to perform a DHCP server kill/Denial-of-Service attack by sending crafted packets.

-t target_ip
    Sets the IP address of the target DHCP server (useful for targeted attacks).

-h MAC_address
    Specifies a particular MAC address to use for spoofing during attacks. If omitted, a random MAC will be generated.

-d delay
    Introduces a delay (in seconds) between sending DHCP requests during starvation attacks.

--no-release
    Prevents the tool from releasing acquired DHCP leases during starvation attacks, ensuring the IPs remain consumed.

-N number
    Defines the number of DHCP requests to send before stopping (primarily for starvation attacks).

-v
    Enables verbose output, showing more details about the attack progress and packet exchanges.

-x
    Exits immediately upon encountering the first error.

dhcpwn is a powerful Python-based utility designed for conducting various DHCP (Dynamic Host Configuration Protocol) attacks. Its primary functionalities include DHCP starvation and rogue DHCP server attacks.

In a DHCP starvation attack, dhcpwn floods the network with DHCP DISCOVER requests, using a multitude of spoofed MAC addresses, aiming to exhaust the DHCP server's available IP address pool. This can lead to a denial-of-service (DoS) for legitimate clients attempting to obtain an IP address. When used as a rogue DHCP server, dhcpwn can respond to DHCP DISCOVER requests with malicious network configurations, such as pointing clients to a malicious DNS server or gateway, thereby facilitating man-in-the-middle (MiTM) attacks.

This tool is commonly employed by penetration testers and security professionals to assess the resilience of network infrastructure against DHCP-based threats and to identify vulnerabilities in DHCP server configurations. It requires raw socket access, meaning it typically needs root privileges to operate effectively.

Using dhcpwn can disrupt network services and should only be performed on networks where you have explicit permission. It requires root privileges to operate due to its need for raw socket access. Its effectiveness can vary depending on the target DHCP server's security configurations, such as DHCP snooping, port security, or MAC address filtering. Always use responsibly and ethically.

dhcpwn is a crucial tool in the arsenal of ethical hackers and penetration testers. It allows security professionals to simulate common DHCP-related attacks in a controlled environment to identify and mitigate potential security loopholes before malicious actors can exploit them.

As a Python-based utility, dhcpwn relies on specific Python libraries for packet manipulation, most notably Scapy. These dependencies are typically satisfied when the tool is installed through a package manager on penetration testing distributions.

dhcpwn emerged as a specialized tool within the cybersecurity community, primarily designed for penetration testing and vulnerability assessment of network infrastructures. It's often bundled with popular penetration testing distributions like Kali Linux and Parrot OS, reflecting its role as a dedicated utility for exploiting DHCP-related weaknesses. Its development focuses on providing a straightforward interface for common DHCP attack vectors, making it accessible to security professionals for simulating real-world threats and understanding network vulnerabilities.

dhclient(8), dhcpd(8), nmap(1), ettercap(8)