Phantom is an ARP Scanner mostly designed to detect directly connected IoT devices. The tool provides details like IP addresses, MAC addresses, hostnames, and the manufacturers of the devices based on their MAC addresses. The tool features a graphical user interface (GUI) built with PySide6 (Qt framework) and utilizes scapy for ARP scanning.
- Network Scanning: Identifies devices on the network via ARP requests.
- Device Details: Displays IP address, MAC address, hostname, and vendor information.
- Real-time Sniffing: Captures and lists ARP packets in real-time.
- Graphical User Interface: Easy-to-use UI to display the scanned devices and packet information.
- Multithreading: Ensures non-blocking scans using Python's
QThread
.
Ensure the following dependencies are installed:
- Python 3.8 or higher
- scapy: Used for ARP scanning.
- PySide6 or PyQt6: For building the GUI.
- netifaces: To retrieve network interface details.
- Python 3.8+
- pipenv: For managing the virtual environment and dependencies.
- scapy: For ARP scanning and packet manipulation.
- PySide6: For building the graphical user interface.
- netifaces: To retrieve network interface details.
-
Clone the repository:
Clone the repository to your local machine:
git clone https://github.com/CyberRoute/phantom.git cd phantom
-
Install the dependencies with Pipenv:
Install
pipenv
if it's not already installed:sudo pip install pipenv
Then, use
pipenv
to create the virtual environment and install the required dependencies:sudo pipenv install
To activate the virtual environment:
sudo pipenv shell
-
Run the application:
Run the ARP Scanner using the following command. You need to provide the network interface (like
eth0
,wlan0
, orwlp0s20f3
) for your system:sudo pipenv run python3 main.py --interface <interface>
Example:
sudo pipenv run python3 main.py --interface wlp0s20f3
-
Start the Application:
After running the application with the correct interface, the GUI will launch.
-
Scanning the Network:
- Click on the "Scan" button in the UI to initiate a network scan.
- The tool will display a list of all detected devices in the network, including their IP addresses, MAC addresses, hostnames, and vendors.
-
Viewing Packets:
- The tool also captures ARP packets in real-time. You can view these packets in a separate tab within the GUI.
-
Device Details:
- Click on any device in the list to open a detailed window that shows more information about that particular device.
-
Stopping the Scan:
- Press the "Quit" button to stop the ARP scan and close the application.
Fork the repo and send PRs if you like :)