DHCPig
DHCPig is a DHCP exhaustion script that consumes all available IP addresses on a LAN, preventing new users from obtaining IPs. It also releases IPs in use, sends gratuitous ARP, and knocks Windows hosts offline.
Description
DHCPig initiates an advanced DHCP exhaustion attack using the scapy network library. It exhausts all DHCP addresses on the network, stops new users from getting IPs, releases existing leases, and disrupts the network further with gratuitous ARP to knock Windows hosts offline. The tool requires admin privileges and has been tested on multiple Linux distributions and DHCP servers like ISC and Windows 2k3/2k8.
Use cases include network penetration testing to demonstrate DHCP vulnerabilities, simulating denial-of-service attacks on DHCP services, and educational purposes to understand DHCP protocol weaknesses. It is particularly useful in red team exercises targeting LAN environments where DHCP is the primary IP assignment method.
The script is invoked via pig.py and provides various options for customization, such as verbosity levels, IPv6 support, and detection of ARP/ICMP traffic.
How It Works
DHCPig uses the scapy library to send DHCPDISCOVER packets on the specified interface, flooding the DHCP server to exhaust the IP address pool. It detects responses from DHCP servers, releases any leases it obtains, and optionally sends gratuitous ARP packets to poison ARP caches and disrupt connected hosts, especially Windows machines. Additional features include monitoring ARP, ICMP, and DHCP replies, with support for DHCPv6 and multi-threading for amplified attacks.
Installation
sudo apt install dhcpigFlags
Examples
pig.py eth0dhcpig -hpig.py -v 10 eth0pig.py -6 eth0pig.py -t 5 eth0pig.py -g eth0pig.py -a -i eth0