OvertCoffee · February 21, 2020 20:07
diff --git a/arp-monitor.sh b/arp-monitor.sh
 #!/bin/bash
 #
 #   arp-monitor, an ARP tables monitor
 #   inspired by https://gist.github.com/maugern/30ace2764aafc683a802de2ed82f91af
 #   
 #   This script is intended to start on launch and run on an always connected device on a network (eg: server).
 #   It scans the network with 'arp -a' and sends a notification webhook whenever recognizes a new mac address on the network.
 #
 #   For auto-run on login you can rename the script to a .command and add it to your Login items on Mac OS or
 #   modify the script to remove the loop and take a look at crontab
 #
 #   Note: Ensure you change the discord curl below to your own webhook
 # 

 #save
 ARP_MAC_SAVE="ARP_MAC.txt"
 #temp files
 ARP_TABLE="ARP_temp.txt"
 ARP_MACS="ARP_MAC_temp.txt"
 ARP_MAC_COMBO="ARP_MAC_combo.txt"
 ARP_MAC_DIFF="ARP_MAC_diff.txt"
 ARP_MAC_NEW="ARP_MAC_new.txt"

 while true
 do
    # Fetch a new arp output
    arp -a > $ARP_TABLE
    # Filter only mac addreses
    cat $ARP_TABLE | awk '{print $4}' | sort > $ARP_MACS

    # Check if history does not already exist
    if [ ! -f $ARP_MAC_SAVE ]; then
        echo "No file $ARP_MAC_SAVE found. Copying actual ARP table."
        cp -f $ARP_MACS $ARP_MAC_SAVE
    fi

    # Add save to new fetch and removing dupes
    cat $ARP_MAC_SAVE $ARP_MACS | sort | uniq > $ARP_MAC_COMBO

    # Diff the current arp with saved history
    diff $ARP_MAC_COMBO $ARP_MAC_SAVE --ignore-all-space | grep "<" | awk '{print $2}' > $ARP_MAC_DIFF

    # Act on any diff
    if [ -s $ARP_MAC_DIFF ]; then
        # ensure 'new' file is deleted since we concat below 
        rm -f $ARP_MAC_NEW
        # loop through new mac addresses and pull full data from ARP table
        while read -r i; do
            cat $ARP_TABLE | grep "$i" >> $ARP_MAC_NEW
        done < $ARP_MAC_DIFF

        # if we have any data to send
        if [ -s $ARP_MAC_NEW ]; then
            while read -r j; do
                echo "Found a new client mac address: $j"
                curl -H "Content-Type: application/json" -X POST -d '{"content": "**New client on network**: '"$j"' "}' https://discordapp.com/api/webhooks/***
                sleep 1
            done < $ARP_MAC_NEW
        fi

        # Update old arp save
        cp -f $ARP_MAC_COMBO $ARP_MAC_SAVE
    fi

    # Remove all temp files
    rm -f $ARP_TABLE $ARP_MACS $ARP_MAC_COMBO $ARP_MAC_DIFF $ARP_MAC_NEW

    # Delay before next run
    sleep 1
 done
	#!/bin/bash
	#
	# arp-monitor, an ARP tables monitor
	# inspired by https://gist.github.com/maugern/30ace2764aafc683a802de2ed82f91af
	#
	# This script is intended to start on launch and run on an always connected device on a network (eg: server).
	# It scans the network with 'arp -a' and sends a notification webhook whenever recognizes a new mac address on the network.
	#
	# For auto-run on login you can rename the script to a .command and add it to your Login items on Mac OS or
	# modify the script to remove the loop and take a look at crontab
	#
	# Note: Ensure you change the discord curl below to your own webhook
	#

	#save
	ARP_MAC_SAVE="ARP_MAC.txt"
	#temp files
	ARP_TABLE="ARP_temp.txt"
	ARP_MACS="ARP_MAC_temp.txt"
	ARP_MAC_COMBO="ARP_MAC_combo.txt"
	ARP_MAC_DIFF="ARP_MAC_diff.txt"
	ARP_MAC_NEW="ARP_MAC_new.txt"

	while true
	do
	# Fetch a new arp output
	arp -a > $ARP_TABLE
	# Filter only mac addreses
	cat $ARP_TABLE \| awk '{print $4}' \| sort > $ARP_MACS

	# Check if history does not already exist
	if [ ! -f $ARP_MAC_SAVE ]; then
	echo "No file $ARP_MAC_SAVE found. Copying actual ARP table."
	cp -f $ARP_MACS $ARP_MAC_SAVE
	fi

	# Add save to new fetch and removing dupes
	cat $ARP_MAC_SAVE $ARP_MACS \| sort \| uniq > $ARP_MAC_COMBO

	# Diff the current arp with saved history
	diff $ARP_MAC_COMBO $ARP_MAC_SAVE --ignore-all-space \| grep "<" \| awk '{print $2}' > $ARP_MAC_DIFF

	# Act on any diff
	if [ -s $ARP_MAC_DIFF ]; then
	# ensure 'new' file is deleted since we concat below
	rm -f $ARP_MAC_NEW
	# loop through new mac addresses and pull full data from ARP table
	while read -r i; do
	cat $ARP_TABLE \| grep "$i" >> $ARP_MAC_NEW
	done < $ARP_MAC_DIFF

	# if we have any data to send
	if [ -s $ARP_MAC_NEW ]; then
	while read -r j; do
	echo "Found a new client mac address: $j"
	curl -H "Content-Type: application/json" -X POST -d '{"content": "New client on network: '"$j"' "}' https://discordapp.com/api/webhooks/***
	sleep 1
	done < $ARP_MAC_NEW
	fi

	# Update old arp save
	cp -f $ARP_MAC_COMBO $ARP_MAC_SAVE
	fi

	# Remove all temp files
	rm -f $ARP_TABLE $ARP_MACS $ARP_MAC_COMBO $ARP_MAC_DIFF $ARP_MAC_NEW

	# Delay before next run
	sleep 1
	done