{"id":16454994,"url":"https://github.com/lucadibello/weaponizedping","last_synced_at":"2025-10-09T11:32:03.474Z","repository":{"id":111382568,"uuid":"496192852","full_name":"lucadibello/WeaponizedPing","owner":"lucadibello","description":"🔫 A weaponized ping implementation that includes concealed data in the packet payload.","archived":false,"fork":false,"pushed_at":"2022-05-26T07:20:54.000Z","size":24,"stargazers_count":3,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-09T11:32:02.094Z","etag":null,"topics":["exploit","icmp-tunnel","ping","pinger","python3"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lucadibello.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-25T10:59:05.000Z","updated_at":"2024-07-28T15:26:16.000Z","dependencies_parsed_at":"2023-06-29T17:00:32.901Z","dependency_job_id":null,"html_url":"https://github.com/lucadibello/WeaponizedPing","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/lucadibello/WeaponizedPing","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lucadibello%2FWeaponizedPing","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lucadibello%2FWeaponizedPing/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lucadibello%2FWeaponizedPing/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lucadibello%2FWeaponizedPing/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lucadibello","download_url":"https://codeload.github.com/lucadibello/WeaponizedPing/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lucadibello%2FWeaponizedPing/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279001300,"owners_count":26083058,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploit","icmp-tunnel","ping","pinger","python3"],"created_at":"2024-10-11T10:20:42.263Z","updated_at":"2025-10-09T11:32:03.458Z","avatar_url":"https://github.com/lucadibello.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# WeaponizedPing\n\nA weaponized ping implementation that includes concealed data in the packet payload.\n\nhttps://user-images.githubusercontent.com/37295664/170271191-03a97a88-b1df-4bbf-9055-1da621bcaa8d.mp4\n\n## Exploit understanding\n\nThis vulnerability exploits the fact that ICMP Echo Request packets have a significantly greater MTU than is required. \nBecause an ICMP packet has a maximum MTU of 1500 bytes, subtracting the bytes required to send the header leaves 1472 bytes of payload space left to\ncontain any data we wish (it has no format to comply with).\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://user-images.githubusercontent.com/37295664/170272692-4bccfc86-d7ae-4145-ac28-64d0cd654ef4.png\"\u003e\n\u003c/p\u003e\n\nThis is an ICMP Echo Request packet generated by the classic \"ping\" command found in every operating system:\n\n\u003cp align=\"center\"\u003e\n  \u003cimg width=\"600\" alt=\"Ping packet\" src=\"https://user-images.githubusercontent.com/37295664/170274484-f70f944c-eaa5-4700-9929-eaa792b1729c.png\"\u003e\n\u003c/p\u003e\n\nThe payload of this packet is only **48 bytes**.\n\nThis, on the other hand, is a packet generated by weaponized ping:\n\n\u003cp align=\"center\"\u003e\n  \u003cimg width=\"600\" alt=\"Weaponized Ping Packet\" src=\"https://user-images.githubusercontent.com/37295664/170275033-0be6ac68-3607-4cd5-98a3-e8f1cb0f256d.png\"\u003e\n\u003c/p\u003e\n\nInstead, the payload of this packet is **520 bytes**. As mentioned earlier, within the payload of a weaponized ping any information can be included, in this case the following information is sent:\n\n- MAC Address of the main network card\n- Information about all network cards in the system (ip address, subnet mask, broadcast address)\n- Public IP address\n- DNS servers used\n\n## Security\n\nThe data sent within the payload is encrypted using an RSA-4096 public key.\nFor a generation of the key pair needed to send data securely, you can run the `keygen.py` script found in the `utility` folder:\n\n```shell\npython3 utility/keygen.py\n```\n\nThis script will generate the following files within the current working folder:\n\n- `receiver.pem`\n  - Public key\n\n- `private.pem`\n  - Private key\n\n## Decrypt payload\n\nOnce the attacker manages to intercept the packet generated by the weaponized ping, and succeeds in exporting\nthe contents of the payload within a file (see video demonstration for more information), it is possible to perform\ndecrypt the information using the `decrypt-dump.py` scripty found in the `utility` folder, specifying the\nlocation of the dump to be decrypted and the associated private key needed:\n\n```bash\npython3 utility/decrypt-dump.py -k \u003cPRIVATE KEY\u003e -f \u003cDUMP FILE\u003e\n```\n\n## Weaponized payload example\n\nThis is an example of a payload (decrypted) sent to the attacker:\n\n```text\nb\"3E:22:FB:BE:86:0F|en0:[{'addr': '10.21.48.210', 'netmask': '255.255.240.0', 'broadcast': '10.21.63.255'}]|en1:[{'addr': '82:5c:4e:23:14:01'}]|en2:[{'addr': '82:5c:4e:23:14:00'}]|awdl0:[{'addr': 'b2:8e:f0:97:d1:15'}]|llw0:[{'addr': 'b2:8e:f0:97:d1:15'}]|en3:[{'addr': 'ac:de:48:00:11:22'}]|en8:[{'addr': '169.254.81.191', 'netmask': '255.255.0.0'}]|en9:[{'addr': '169.254.189.118', 'netmask': '255.255.0.0'}]||DNS:195.176.49.70,195.176.49.72|PUBLIC:195.176.44.50\"\n```\n\nEach type of information in the payload is separated by a pipe ('|') to facilitate its extraction/reading by the user. This is the order of the information present:\n\n1. Mac Address\n2. Information related to the network interfaces\n3. DNS Servers\n4. Public IP\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flucadibello%2Fweaponizedping","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flucadibello%2Fweaponizedping","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flucadibello%2Fweaponizedping/lists"}