Scapy¶
Basics¶
Get all protocols
ls()
Get all options of a protocol
ls(TCP)
Get all commands
lsc()
Show description of function
help(sniff)
=== Sending packets ===
Just a simple Ping
send(IP(dst="192.168.1.1")/ICMP())
send() send on layer 3 (IP)
sendp() send on layer2 (Ethernet)
Send a packet on layer 3 and wait for response
(resp, unans) = sr(IP(dst="192.168.1.1")/ICMP(), timeout=3)
print destination packet
print resp[0][1].show()
sr1 for sending on layer2
Sniffing¶
def handle_packet(packet):
ip = packet.getlayer(scapy.IP)
tcp = packet.getlayer(scapy.TCP)
print "%s:%d -> %s:%d" % (ip.src, tcp.sport
ip.dst, tcp.dport)
scapy.sniff(iface=dev, filter="tcp and port 80", prn=handle_packet)
other way to decode the packet
print packet[IP].src
Useful utils¶
Generate random mac / ip
RandMAC("*:*:*:*:*:*")
RandIP("*.*.*.*")
Get your own mac / ip
get_if_hwaddr("eth0")
get_if_addr("eth0")
Awesome oneliners¶
Find sniffers on your network
promiscping("192.168.1.0/24")
SYN portscan
ans, unans = sr(IP(dst="www.chaostal.de")/TCP(dport=range(1,1024), flags="S"), timeout=1)
TCP fuzzer
send(IP(dst="192.168.1.1") / fuzz(TCP()), loop=1)
mac flooder
sendp(Ether(src=RandMAC("*:*:*:*:*:*"), dst=RandMAC("*:*:*:*:*:*")) / IP(src=RandIP("*.*.*.*"), dst=RandIP("*.*.*.*")) / ICMP(), loop=1)