{"id":20359401,"url":"https://github.com/saidsef/scapy-containerised","last_synced_at":"2025-04-12T03:32:31.451Z","repository":{"id":39563984,"uuid":"233676344","full_name":"saidsef/scapy-containerised","owner":"saidsef","description":"Container terminal application for intercepting packets within pod/namespace using Scapy and ttyd terminal","archived":false,"fork":false,"pushed_at":"2024-12-05T19:34:47.000Z","size":1435,"stargazers_count":5,"open_issues_count":1,"forks_count":2,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-12-06T21:54:12.970Z","etag":null,"topics":["docker","hacktoberfest","kubernetes-terminal","kubernetes-tty","netfilter","network","network-analysis","network-security","network-virtualization","packet-capture","packet-geoip","packet-sniffer","pcap","scapy","security-audit","security-tools","tcpdump"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/saidsef.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"custom":["https://revolut.me/saidsef"]}},"created_at":"2020-01-13T19:30:46.000Z","updated_at":"2024-12-05T19:34:50.000Z","dependencies_parsed_at":"2023-10-13T07:41:53.664Z","dependency_job_id":"dd0d9592-ecc6-4943-9991-5e9e46d272f6","html_url":"https://github.com/saidsef/scapy-containerised","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saidsef%2Fscapy-containerised","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saidsef%2Fscapy-containerised/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saidsef%2Fscapy-containerised/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/saidsef%2Fscapy-containerised/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/saidsef","download_url":"https://codeload.github.com/saidsef/scapy-containerised/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248512627,"owners_count":21116646,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","hacktoberfest","kubernetes-terminal","kubernetes-tty","netfilter","network","network-analysis","network-security","network-virtualization","packet-capture","packet-geoip","packet-sniffer","pcap","scapy","security-audit","security-tools","tcpdump"],"created_at":"2024-11-14T23:33:45.742Z","updated_at":"2025-04-12T03:32:31.446Z","avatar_url":"https://github.com/saidsef.png","language":"Dockerfile","readme":"# Scapy Containerised\n\nThis gives you a shell inside container/namespace via TTYD, and you can use Scapy to analyse network traffic. \n\nScapy is a powerful Python-based interactive packet manipulation program and library.\n\nScapy enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.\n\nScapy is usable either as a shell or as a library. For further details, please head over to [Getting started with Scapy](https://scapy.readthedocs.io/en/latest/introduction.html), which is part of the documentation.\n\n## Prerequisite\n\n- Container runtime (needs to run privileged mode)\n- Some Python Knowledge\n- Have read [Scapy docs](https://scapy.readthedocs.io/en/latest/introduction.html)\n\n## Installation\n\nFollow these steps to build:\n\n```shell\ngit clone https://github.com/saidsef/scapy-containerised\n```\n\n```shell\ndocker build -t saidsef/scapy-containerised:latest .\n```\n\n```shell\ndocker run -d --net=host --privileged -v /path/to/geoip2:/data docker.io/saidsef/scapy-containerised:latest\n```\n\n\u003e GeoIP data sets can be download from [P3TERX](https://github.com/P3TERX/GeoLite.mmdb) \n\n```python\nconf.geoip_city = \"/data/GeoLite.mmdb\"\nconf.temp_files = \"/tmp\"\n\ntrace = traceroute_map([\"saidsef.co.uk\"], verbose=0)\ntrace.world_trace()\n```\n\nThan visit:\n\n```shell\nhttp://localhost:8080\n```\n\nIn the browser termonal type:\n\n```shell\npython -m scapy.__init__\n```\n\nTo start Scapy in interactive mode.\n\n## Deployment\n\n\u003e To expose host interface to container enable `hostNetwork: true` in `deployment.yml` file.  [Consider security implications](https://kubernetes.io/docs/concepts/configuration/overview/)\n\n\u003e Make certain the `PORT` isn't already bound to another service - if you choose to run the service on a different PORT make sure you update the relevant fields.\n\n### HELM\n\n```shell\nhelm repo add scapy https://saidsef.github.io/scapy-containerised/\nhelm repo update\nhelm upgrade --install scapy scapy/scapy --namespace scapy --create-namespace\n```\n\n### Kubectl\n\n```shell\nkubectl apply -k ./deployment\n```\n\nTo view, bind Kubernetes service port loaclly:\n\n```shell\nkubectl port-forward --namespace scapy svc/scapy 8080:8080\n```\n\nThan visit:\n\n```shell\nhttp://localhost:8080\n```\n\n## Sniff Packets\n\nTo list available layers:\n\n```python\nhelp(scapy.layers)\n```\nSniff function specification documentation\n\n```python\nprint sniff.__doc__\n```\n\n```python\nload_layer(\"http\")\nget_if_list()\nsniff(iface=\"eth0\", prn=lambda x: x.show(), lfilter=lambda x: HTTP in x, count=100)\n```\n\u003e https://scapy.readthedocs.io/en/latest/api/scapy.layers.html\n\u003e To load layers `tls` you might need to downgrade `cryptography` \u003c= v38\n\nThe routes are stores in `conf.route`. You can use it to display the routes, or get specific routing:\n\n```shell\nconf.route\n```\n\n## Plot unsing Matplotlib\n\nFor some special features, Scapy will need some dependencies to be installed.\n\n```python\np=sniff(iface=\"any\", count=50)\np.plot(lambda x:len(x))\n```\n\u003e \u003chttps://scapy.readthedocs.io/en/latest/installation.html#optional-dependencies\u003e\n\n## PDF Dump using `pxy`\n\n```python\np=IP()/ICMP()\np.pdfdump(\"test.pdf\", target=\"\u003e /tmp\")\n```\n\n## Source\n\nOur latest and greatest source of scapy-containerised can be found on [GitHub](#deployment). Fork us!\n\n## Contributing\n\nWe would :heart: you to contribute by making a [pull request](https://github.com/saidsef/scapy-containerised/pulls).\n\nPlease read the official [Contribution Guide](./CONTRIBUTING.md) for more information on how you can contribute.\n","funding_links":["https://revolut.me/saidsef"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaidsef%2Fscapy-containerised","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsaidsef%2Fscapy-containerised","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsaidsef%2Fscapy-containerised/lists"}