Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/saidsef/scapy-containerised

Container terminal application for intercepting packets within pod/namespace using Scapy and ttyd terminal
https://github.com/saidsef/scapy-containerised

docker hacktoberfest kubernetes-terminal kubernetes-tty netfilter network network-analysis network-security network-virtualization packet-capture packet-geoip packet-sniffer pcap scapy security-audit security-tools tcpdump

Last synced: about 4 hours ago
JSON representation

Container terminal application for intercepting packets within pod/namespace using Scapy and ttyd terminal

Awesome Lists containing this project

README 

        
# Scapy Containerised



This gives you a shell inside container/namespace via TTYD, and you can use Scapy to analyse network traffic. 



Scapy is a powerful Python-based interactive packet manipulation program and library.



Scapy enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.



Scapy is usable either as a shell or as a library. For further details, please head over to [Getting started with Scapy](https://scapy.readthedocs.io/en/latest/introduction.html), which is part of the documentation.



## Prerequisite



- Container runtime (needs to run privileged mode)

- Some Python Knowledge

- Have read [Scapy docs](https://scapy.readthedocs.io/en/latest/introduction.html)



## Installation



Follow these steps to build:



```shell

git clone https://github.com/saidsef/scapy-containerised

```



```shell

docker build -t saidsef/scapy-containerised:latest .

```



```shell

docker run -d --net=host --privileged -v /path/to/geoip2:/data saidsef/scapy-containerised:latest

```



> GeoIP data sets can be download from [P3TERX](https://github.com/P3TERX/GeoLite.mmdb) 



Than visit:



```shell

http://localhost:8080

```



In the browser termonal type:



```shell

python -m scapy.__init__

```



To start Scapy in interactive mode.



## Deployment



> To expose host interface to container enable `hostNetwork: true` in `deployment.yml` file.  [Consider security implications](https://kubernetes.io/docs/concepts/configuration/overview/)



> Make sure the `PORT` isn't already bound to another service - if you choose to run the service on a different PORT make sure you update the relevant fields.



### HELM



```shell

helm repo add scapy https://saidsef.github.io/scapy-containerised/

helm repo update

helm upgrade --install scapy scapy/scapy --namespace scapy --create-namespace

```



### Kubectl



```shell

kubectl apply -k ./deployment

```



To view, bind Kubernetes service port loaclly:



```shell

kubectl port-forward --namespace scapy svc/scapy 8080:8080

```



Than visit:



```shell

http://localhost:8080

```



## Sniff Packets



To list available layers:



```python

help(scapy.layers)

```



```shell

# load_layer("http")

# get_if_list()

# sniff(iface="eth0", prn=lambda x: x.show(), lfilter=lambda x: HTTP in x, count=100)

```

> https://scapy.readthedocs.io/en/latest/api/scapy.layers.html

> To load layers `tls` you might need to downgrade `cryptography` <= v38



The routes are stores in `conf.route`. You can use it to display the routes, or get specific routing:



```shell

conf.route

```



## Source



Our latest and greatest source of scapy-containerised can be found on [GitHub](#deployment). Fork us!



## Contributing



We would :heart: you to contribute by making a [pull request](https://github.com/saidsef/scapy-containerised/pulls).



Please read the official [Contribution Guide](./CONTRIBUTING.md) for more information on how you can contribute.