Share
## https://sploitus.com/exploit?id=F85DF6D6-7FA7-562F-8374-0F95AD25FA2F
# Lanflux

**On-LAN recon and exploitation after wireless foothold** β€” sibling to [Wiflux](https://github.com/Leadrogue/Wiflux).

```
β–ˆβ–ˆβ•—      β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ•—   β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•—     β–ˆβ–ˆβ•—   β–ˆβ–ˆβ•—β–ˆβ–ˆβ•—  β–ˆβ–ˆβ•—
β–ˆβ–ˆβ•‘     β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ•—  β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β•β•β•β–ˆβ–ˆβ•‘     β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•
β–ˆβ–ˆβ•‘     β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—  β–ˆβ–ˆβ•‘     β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘ β•šβ–ˆβ–ˆβ–ˆβ•”β•
β–ˆβ–ˆβ•‘     β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β•  β–ˆβ–ˆβ•‘     β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•”β–ˆβ–ˆβ•—
β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘ β•šβ–ˆβ–ˆβ–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘     β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•”β• β–ˆβ–ˆβ•—
β•šβ•β•β•β•β•β•β•β•šβ•β•  β•šβ•β•β•šβ•β•  β•šβ•β•β•β•β•šβ•β•     β•šβ•β•β•β•β•β•β• β•šβ•β•β•β•β•β• β•šβ•β•  β•šβ•β•
```

> **For authorized security testing only.** Only use Lanflux on networks you own or have explicit permission to audit.

[![Python 3.10+](https://img.shields.io/badge/python-3.10%2B-blue.svg)](https://www.python.org/downloads/)
[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
[![Release](https://img.shields.io/github/v/release/Leadrogue/Lanflux?label=release)](https://github.com/Leadrogue/Lanflux/releases/latest)
[![Platform](https://img.shields.io/badge/platform-Linux-lightgrey.svg)](#requirements)

| Tool | Phase |
|------|--------|
| **[Wiflux](https://github.com/Leadrogue/Wiflux)** | Wireless access β€” scan, capture, crack |
| **Lanflux** | Post-assoc β€” discover, recon, engage, MITM on the LAN |

*From the air to the LAN.* Β· **v1.0.0**

---

## Features

### Guided workflow

- **Map β†’ Recon β†’ Attacks / MITM** β€” main menu steers you in a safe order (recon before noisy work)
- **Live Rich UI** β€” discover table, ETA bars, activity feed, identity cards
- **Keyboard control** β€” **Enter** finishes discover/profile early β†’ menu; **Space** pauses (copy) or skips a module
- **Engagement profiles** β€” `home` | `office` | `lab` set timeouts, smart-engage, MITM default, spray (CLI flags override only when set)
- **Session resume** β€” `--resume` reloads hosts from SQLite; identity + traffic hints persist

### Discovery & identity

- **ARP + neighbor + optional ping sweep** β€” fast LAN map with honest ETAs
- **Progressive port/OS profile** β€” light nmap while mapping; wrap-up can be skipped with Enter
- **Who is this?** β€” identity fusion (OUI vendor + hostname + mDNS + ports β†’ e.g. β€œTommy’s iPhone (likely)”)
- **Traffic hints** β€” pre-scan `ip neigh` states for MITM client ranking (`live` / `recent` / `quiet`)
- **Host scoring & roles** β€” gateway, DC, fileserver, IoT, workstation, …

### Soft recon & smart engage

- **Soft recon chain** β€” `dns-enum β†’ port-scan β†’ smb-enum β†’ http-enum`
- **Smart engage** β€” after soft recon, deep tools planned from *real* open ports (whatweb, http-paths, http-defaults, smb-deep, ssh-check, snmp-check, iot-pack, ad-enum, pivot-map, gain-access, …)
- **Auto mode** β€” `--auto` maps + soft+deep engage non-interactively; lab/spray also runs starred attack tools
- **Host-aware toolkit** β€” recommendations ranked by role/ports/risk; missing binaries show install hints

### Modules (highlights)

| Category | Examples |
|----------|----------|
| Recon | dns-enum, port-scan, smb-enum/deep, http-enum/paths, whatweb, tls-inspect, nikto, nuclei, ffuf-short, mdns-upnp, udp-probe, ad-enum |
| Attack | http-defaults, ssh-check, snmp-check, gain-access, cred-spray, iot-pack, responder |
| MITM | arp / sniff / forms / keylog / dns (toolkit time-boxed or live mission sessions) |

### MITM (honest capabilities)

| Mode | Bandwidth | What you get |
|------|-----------|--------------|
| **Sites** | Best | DNS/SNI hostnames; half-duplex ARP |
| **Forms** | Good | Cleartext HTTP login POSTs |
| **Keylog** | Heavier | JS inject on HTTP + KEY lines + forms |
| **DNS** | Varies | Name poison path (noisy) |

- **HTTPS app passwords are not readable** without SSL-bump (not implemented β€” by design)
- **Half-duplex Wi‑Fi friendly** tuning (forward path, rp_filter, restore on exit)
- **Lifecycle cleanup** β€” orphan process kill, atexit / Ctrl+C emergency stop
- **Attention stream** β€” live sites/forms story at end of session

### Results, vault & reporting

- **SQLite store** β€” hosts, findings (deduped), credentials under `~/lanflux-data` (mode `0700` / files `0600`)
- **Credential vault** β€” `--vault` browser; optional at-rest encryption via `LANFLUX_VAULT_PASSWORD`
- **Exports** β€” JSON/CSV; secrets redacted unless `--include-secrets`
- **PDF reports** β€” honest severity (no false β€œdefault login” claims)
- **Run compare** β€” `--snapshot` / `--compare` for host/port diffs
- **Webhooks** β€” `--webhook URL` for critical findings (Discord/Slack-friendly)
- **Scope lock** β€” `scope.lock.json` gates noisy MITM ops
- **Wiflux handoff** β€” `--from-wiflux` shows cracked PSKs / SSID match

---

## Quick start

### Install from source (recommended)

```bash
git clone https://github.com/Leadrogue/Lanflux.git
cd Lanflux
pip install -e . --break-system-packages

# Core system tools
sudo apt update
sudo apt install -y arp-scan nmap smbclient curl iproute2 iputils-ping

# Optional packs (or use the built-in installer)
sudo apt install -y bettercap dsniff tcpdump tshark   # MITM
# or:
sudo lanflux --install-deps mitm,web,smb --install-deps-run
```

Full walkthrough: **[INSTALL.md](INSTALL.md)** Β· Step-by-step ops: **[docs/TUTORIAL.md](docs/TUTORIAL.md)**

### Run

On Kali/Debian, `sudo` may omit `/usr/local/bin` from `PATH`:

```bash
sudo env PATH="/usr/local/bin:$PATH" lanflux --no-splash

# Auto map + engage (lab profile: smart deep + spray-oriented)
sudo env PATH="/usr/local/bin:$PATH" lanflux --profile lab --auto -p 20 --no-splash

# Resume previous hosts
sudo env PATH="/usr/local/bin:$PATH" lanflux --resume --no-splash
```

### Typical interactive path

1. **Map the LAN** (menu β˜… 1) β€” Enter finishes early β†’ menu  
2. **Deep recon** (client or subnet) β€” soft recon then tool menu  
3. **Attacks** β€” defaults, gain-access, spray (after recon)  
4. **MITM** if needed β€” pick client / mode; Enter or Space stops live session  
5. **Report & vault** β€” PDF, export, compare  

---

## Documentation

| Document | Description |
|----------|-------------|
| **[INSTALL.md](INSTALL.md)** | Requirements, install methods, dependency packs, troubleshooting |
| **[docs/TUTORIAL.md](docs/TUTORIAL.md)** | End-to-end authorized engagement walkthrough |
| **[docs/ARCHITECTURE.md](docs/ARCHITECTURE.md)** | Package layout and engagement flow |
| **[docs/MITM.md](docs/MITM.md)** | Capture modes, teardown, scope lock |
| **[docs/LEGAL.md](docs/LEGAL.md)** | Authorization and responsibility |
| **[CHANGELOG.md](CHANGELOG.md)** | Version history |

---

## Usage examples

```bash
lanflux --help

# Interactive guided menu
sudo lanflux --no-splash

# Bound to a subnet + office profile (quieter defaults)
sudo lanflux --profile office --scope 192.168.1.0/24 --auto --no-splash

# Soft recon only (no deep chain)
sudo lanflux --no-smart-engage --recon-only --auto --no-splash

# After Wiflux association
sudo lanflux --from-wiflux --no-splash

# Scope lock before noisy MITM
lanflux --scope-init 192.168.8.0/24 --scope-note "authorized pentest"

# Vault / export / compare (no root required)
lanflux --vault
lanflux --export-creds ~/lanflux-data/creds.json --include-secrets
lanflux --findings
lanflux --hosts
lanflux --compare

# Optional vault encryption for newly saved secrets
export LANFLUX_VAULT_PASSWORD='choose-a-strong-passphrase'
sudo lanflux --vault-password "$LANFLUX_VAULT_PASSWORD" --no-splash
```

### Keyboard

| Key | Discover / profile | MITM / toolkit module |
|-----|--------------------|------------------------|
| **Enter** | Finish early β†’ menu | Stop live MITM / long tool |
| **Space** | Pause table (copy) / resume | Skip module |
| **Ctrl+C** | Emergency MITM stop + clean exit | Same |
| **q** (discover) | Same as Enter (fallback) | β€” |

---

## Engagement profiles

| Profile | Discover | Ports | Smart deep | Spray | MITM default | Module timeout |
|---------|----------|-------|------------|-------|--------------|----------------|
| **home** | 25s | quick | yes | no | forms | 45s |
| **office** | 40s | top100 | yes | no | sites | 60s |
| **lab** | 30s | quick | yes | yes | keylog | 90s |

Pass `-p`, `--ports`, or `--module-timeout` only when you want to override the profile.

---

## Layout

```
lanflux/
  cli.py              entry + flags + utility commands
  session.py          guided / auto session loop
  discover.py         live host discovery
  profiler.py         mass port/OS profile
  orchestrator.py     soft recon + smart deep engage
  registry.py         module registry
  recommend.py        host-aware toolkit menu
  toolkit.py          interactive + starred batch runner
  mission.py          live MITM sessions
  mitm_engine.py      shared MITM surface
  mitm_lifecycle.py   process cleanup / emergency stop
  report.py           PDF reports
  results.py          SQLite (WAL)
  vault.py            credential vault
  crypto_vault.py     optional secret encryption
  scope.py            scope lock
  modules/            engagement modules
  tools/              network + nmap helpers
```

Data defaults to **`~/lanflux-data/`** (not inside the package tree).

---

## Requirements

- **Linux** (Kali / Debian / Ubuntu recommended)
- **Python 3.10+**
- **Root** for full discover / MITM (`sudo`)
- Core tools: `arp-scan`, `nmap`, `ip`, `ping` (see [INSTALL.md](INSTALL.md))

---

## Development

```bash
git clone https://github.com/Leadrogue/Lanflux.git
cd Lanflux
pip install -e ".[dev]" --break-system-packages
pytest -q
```

---

## Legal

This tool is for educational and **authorized** penetration testing only. Unauthorized access to computer networks is illegal. The authors are not responsible for misuse. See [docs/LEGAL.md](docs/LEGAL.md).

---

## Related

- **[Wiflux](https://github.com/Leadrogue/Wiflux)** β€” wireless access, capture, and crack  
- Issues & releases: [github.com/Leadrogue/Lanflux](https://github.com/Leadrogue/Lanflux)

## License

[MIT](LICENSE) Β· Β© Leadrogue