Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ddddddo/packemon
Packet monster (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) TUI tool for sending packets of arbitrary input and monitoring packets on any network interfaces (default: eth0).
https://github.com/ddddddo/packemon
cli ebpf linux network networking packet packet-analyzer packet-generator packet-monitoring penetration-testing pentest-tool protocol tui
Last synced: 24 days ago
JSON representation
Packet monster (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) TUI tool for sending packets of arbitrary input and monitoring packets on any network interfaces (default: eth0).
- Host: GitHub
- URL: https://github.com/ddddddo/packemon
- Owner: ddddddO
- License: bsd-2-clause
- Created: 2024-04-26T12:35:59.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2024-10-06T10:10:36.000Z (about 1 month ago)
- Last Synced: 2024-10-12T19:20:10.981Z (24 days ago)
- Topics: cli, ebpf, linux, network, networking, packet, packet-analyzer, packet-generator, packet-monitoring, penetration-testing, pentest-tool, protocol, tui
- Language: Go
- Homepage:
- Size: 11.5 MB
- Stars: 81
- Watchers: 1
- Forks: 0
- Open Issues: 35
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Packémon
Packet monster, or `Packémon` for short! (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ)
https://github.com/user-attachments/assets/69b317b8-7235-40c8-8586-2aff7d34cc0d
TUI tool for generating packets of arbitrary input and monitoring packets on any network interfaces (default: `eth0`). **This tool is not available for Windows and macOS. I have confirmed that it works on Debian on WSL2.**
I intend to develop it patiently🌴
> [!WARNING]
> There may be many bugs. If you find a bug, I would be glad if you raise an issue or give me a pull request!
## Feature
This TUI tool has two major functions: packet generation and packet monitoring.
This image shows packemon running in Generator / Monitor mode.
DNS query packet generated by Generator on the left is shown in third line of the Monitor. DNS query response packet is shown as 4nd line, and a more detailed view of it is shown in the image below.
Packemon's Monitor allows user to select each packet by pressing `Enter` key. Then, select any line and press `Enter` key to see the details of the desired packet. Pressing `Esc` key in the packet detail screen will return you to the original packet list screen.
### Packet Generator
>[!WARNING]
> While using Generator mode, TCP RST packets automatically sent out by the kernel are dropped. When this mode is stopped, the original state is restored. Probably😅.
> Incidentally, dropping RST packets is done by running [the eBPF program](./egress_control/).
> The background note incorporating the eBPF is the POST of X around [here](https://x.com/ddddddOpppppp/status/1798715056513056881).
- [x] Send generated packets to any network interfaces.
- You can specify network interface with `--interface` flag. Default is `eth0`.
- The following types of packets are covered.
- [x] Ethernet
- [x] ARP (WIP)
- [x] IPv4 (WIP)
- [x] ICMP (WIP)
- [x] TCP (WIP)
- [x] UDP (WIP)
- [ ] TLSv1.2 (WIP)
- [Currently there is only debug mode](./cmd/debugging/tls-server/README.md)
- TCP 3way handshake ~ TLS handshake ~ TLS Application data
- [x] DNS (WIP)
- [x] HTTP (WIP)
- [ ] HTTP**S** (WIP)
- [Currently there is only debug mode](./cmd/debugging/https-server/README.md)
- TCP 3way handshake ~ TLS handshake ~ TLS Application data (HTTP GET request / response)
- [ ] xxxxx....
### Packet Monitor
- [x] Monitor any network interfaces.
- You can specify network interface with `--interface` flag. Default is `eth0`.
- The following types of packets are covered.
- [x] Ethernet
- [x] ARP
- [x] IPv4 (WIP)
- [x] ICMP (WIP)
- [x] TCP (WIP)
- [x] UDP
- [ ] DNS (WIP)
- [x] DNS query
- [x] DNS query response
- [ ] xxxxx....
- [ ] HTTP (WIP)
- [x] HTTP GET request
- [x] HTTP GET response
- [ ] xxxxx....
- [ ] xxxxx....
## Installation
Go
$ go install github.com/ddddddO/packemon/cmd/packemon@latest
deb
$ export PACKEMON_VERSION=X.X.X
$ curl -o packemon.deb -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.deb
$ dpkg -i packemon.deb
rpm
$ export PACKEMON_VERSION=X.X.X
$ yum install https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.rpm
apk
$ export PACKEMON_VERSION=X.X.X
$ curl -o packemon.apk -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.apk
$ apk add --allow-untrusted packemon.apk
## Usage
- Packet Generator
```console
sudo packemon --send
```
- Packet Monitor
```console
sudo packemon
```
## Another feature
The local node's browser can monitor packets from remote nodes or send arbitrary packets from remote nodes.
```
+-------------------------------------+
+----------------------+ | REMOTE NODE |
| LOCAL NODE (Browser) | | $ sudo packemon-api --interface xxx |
| Monitor <---------|-- WebSocket --|--> HTTP GET /ws <-----+ |
| Generator ---------|-- POST packet --|--> HTTP POST /packet | |
+----------------------+ | -> parse packet | | +---------------+
| -> Network Interface -----|-- Send packet -->| TARGET NODE x |
+-------------------------------------+ | |
+---------------+
```
- Remote node
- Local node
>[!WARNING]
> Please note that the following is dangerous.
The following procedure is an example of how you can expose packemon-api to the outside world and monitor and send remote node packets on your browser.
1. (REMOTE) Please install `packemon-api` and run.
```console
$ go install github.com/ddddddO/packemon/cmd/packemon-api@latest
$ sudo packemon-api --interface wlan0
```
1. (REMOTE) Run [`ngrok`](https://ngrok.com/) and note the URL to be paid out.
```console
$ ngrok http 8082
```
1. (LOCAL) Enter the dispensed URL into your browser and you will be able to monitor and send packets to remote node.
## Related tools
- netcat
- [Nmap](https://nmap.org/)
- [Scapy](https://github.com/secdev/scapy)
- [google/gopacket](https://github.com/google/gopacket)
## Acknowledgment
- [rivo/tview](https://github.com/rivo/tview)
- Packemon is using this TUI library.
- [Golangで作るソフトウェアルータ](https://booth.pm/ja/items/5290391)
- The way Go handles syscalls, packet checksum logic, etc. was helpful. This is a book in Japanese.
## Stargazers over time
[](https://starchart.cc/ddddddO/packemon)
## Log (japanese)
xxx
## Links
- 「Golangで作るソフトウェアルータ」
- その実装コード: https://github.com/sat0ken/go-curo
- https://terassyi.net/posts/2020/03/29/ethernet.html
- 動作確認用コマンドの参考
- https://zenn.dev/takai404/articles/76d47e944d8e18
- [Scrapboxメモ書き](https://scrapbox.io/ddddddo/%E3%83%8D%E3%83%83%E3%83%88%E3%83%AF%E3%83%BC%E3%82%AF%E7%B3%BB%E8%AA%AD%E3%81%BF%E7%89%A9)
- WSL2のDebianで動作した。
- 任意の Ethernet ヘッダ / IPv4 ヘッダ / ARP / ICMP を楽に作れてフレームを送信できる
- 以下はtmuxで3分割した画面に各種ヘッダのフォーム画面を表示している。そして ICMP echo request を送信し、 echo reply が返ってきていることを Wireshark で確認した様子
- フレームを受信して詳細表示(ARPとIPv4)
少し前のUI(`5062561` のコミット)
- TUIライブラリとして https://github.com/rivo/tview を使わせてもらってる🙇
### 動作確認
#### Raspberry Piで簡易http server
```console
pi@raspberrypi:~ $ sudo go run main.go
```
#### パケットキャプチャ
```console
$ sudo tcpdump -U -i eth0 -w - | /mnt/c/Program\ Files/Wireshark/Wireshark.exe -k -i -
```
- 受信画面
```console
$ sudo go run cmd/packemon/main.go
```
- 送信画面
```console
$ sudo go run cmd/packemon/main.go --send
```
- 単発フレーム送信コマンド(e.g. ARP request)
```console
$ sudo go run cmd/packemon/main.go --debug --send --proto arp
```
#### 手軽にブロードキャスト
```console
$ arping -c 1 1.2.3.4
ARPING 1.2.3.4 from 172.23.242.78 eth0
Sent 1 probes (1 broadcast(s))
Received 0 response(s)
```
#### tcpでdns
```console
$ nslookup -vc github.com
```
#### ipv6でping
どうするか
```console
$ ip -6 route
$ ping -c 1 fe80::1
```
#### 自前実装の tcp 3way handshake
```console
$ sudo go run cmd/packemon/main.go --send --debug --proto tcp-3way-http
```
### 動作確認の様子
xxx
- Ethernetフレームのみ作って送信(`77c9149` でコミットしたファイルにて)
- ARPリクエストを作って送信(`390f266` でコミットしたファイルにて。中身はめちゃくちゃと思うけど)
- ARPリクエストを受信してパース(`b6a025a` でコミット)
