Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/vmapps/scapyfic

Various tools based on Scapy
https://github.com/vmapps/scapyfic

python scapy

Last synced: 10 months ago
JSON representation

Various tools based on Scapy

Awesome Lists containing this project

README 

          
# scapyfic



Various tips and tricks on Scapy



- [Scapy Awesome](#scapy-awesome)

- [Scapy DNS2IP](#scapy-dns2ip)

- [Scapy IP2DNS](#scapy-ip2dns)

- [Scapy Scan ARP](#scapy-scan-arp)

- [Scapy Scan ICMP](#scapy-scan-icmp)

- [Scapy Scan TCP SYN](#scapy-scan-tcp-syn)

- [Scapy Traceroute](#scapy-traceroute)



## Scapy Awesome



Some helpful scapy commands.



```

import scapy.all as scapy



# Scapy documentation

print( scapy.sniff.__doc__ )



# Sniff traffic

packets = scapy.sniff(

    count=0,

    iface='en0',

    prn=lambda p:p.summary()

    )



# Sniff traffic filtering on IP layer

packets = scapy.sniff(

    count=0,

    iface='en0',

    prn=lambda p:p.summary(),

    lfilter=lambda p:p.haslayer(scapy.IP)

    )



# Sniff traffic filtering on UDP layer

packets = scapy.sniff(

    count=0,

    iface='en0',

    prn=lambda p:p.summary(),

    lfilter=lambda p:p.haslayer(scapy.UDP)

    )



# Sniff traffic filtering on DNS layer

packets = scapy.sniff(

    count=0,

    iface='en0',

    prn=lambda p:p.summary(),

    lfilter=lambda p:p.haslayer(scapy.DNS)

    )



# Sniff traffic filtering on DNS Queries

packets = scapy.sniff(

    count=0,

    iface='en0',

    prn=lambda p:p.summary(),

    lfilter=lambda p:p.haslayer(scapy.DNS) and p.getlayer(scapy.DNS).qr==0

    )



packets = scapy.sniff(

    count=0,

    iface='en0',

    prn=lambda p:p[scapy.DNS].qd.qname.decode('utf-8'),

    lfilter=lambda p:p.haslayer(scapy.DNS) and p.getlayer(scapy.DNS).qr==0

    )

```



## Scapy DNS2IP



Sample script to resolve DNS name into IP addresses.



```

$ python3 scapy-dns2ip.py

Usage: scapy-dns2ip.py 



$ python3 scapy-dns2ip.py www.fmac.com

www.fmac.com address is ['3.33.251.168', '15.197.225.128']

```



What is script doing :



- get `target` from command line with `sys.argv`

- create layer from `scapy.IP()` and set resolver address using `dst`

- create layer from `scapy.UDP()` and set destination port using `dport`

- create layer from `scapy.DNS()` and `scapy.DNQR()` to set query using `qname` and `qtype`

- forge packet from layers previously created with `scapy.sr1()`

- return `an.rdata` array of results from `scapy.DNS()` entries



## Scapy IP2DNS



Sample script to resolve IP address into DNS name.



```

$ python3 scapy-ip2dns.py

Usage: scapy-ip2dns.py 



$ python3 scapy-ip2dns.py 2.20.10.35

2.20.10.35 name is a2-20-10-35.deploy.static.akamaitechnologies.com

```



What is script doing :



- get `target` from command line with `sys.argv`

- convert IP address to `in-addr.arpa` format

- create layer from `scapy.IP()` and set resolver address using `dst`

- create layer from `scapy.UDP()` and set destination port using `dport`

- create layer from `scapy.DNS()` and `scapy.DNQR()` to set query using `qname` and `qtype`

- forge packet from layers previously created with `scapy.sr1()`

- return `an.rdata` result from `scapy.DNS()` entry



## Scapy Scan ARP



Sample script to scan IP target (or range) with ARP.



```

$ python3 scapy-scan-arp.py

Usage: scapy-scan-arp.py 



$ python3 scapy-scan-arp.py 192.168.0.119

scan 192.168.0.119 with ARP

ARP reply from 192.168.0.119 (80:16:12:c5:b2:2c)

```



What is script doing :



- get `target` from command line with `sys.argv`

- create packet with layer `scapy.Ether()` under `scapy.ARP()`

- set `dst` for `scapy.Ether()` to use broadcast address

- set `pdst` for `scapy.ARP()`

- send one `Ether()/ARP()` packet with `scapy.srp()`

- display packets `src` and `hwsrc` from answers received



## Scapy Scan ICMP



Sample script to scan IP target (or range) with ICMP.



```

$ python3 scapy-scan-icmp.py

Usage: scapy-scan-icmp.py 



$ python3 scapy-scan-icmp.py 192.168.1.0/24

scan 192.168.1.0/24 with ICMP

ICMP echo-reply from 192.168.1.1

ICMP echo-reply from 192.168.1.51

ICMP echo-reply from 192.168.1.52

```



What is script doing :



- get `target` from command line with `sys.argv`

- create packet with layer `scapy.ICMP()` under `scapy.IP()`

- set `dst` for `scapy.IP()`

- send one `IP()/ICMP()` packet with `scapy.sr()`

- display packets being type of `echo-reply` from answers received



## Scapy Scan TCP SYN



Sample script to scan IP target (or range) with TCP SYN flag.



```

$ python3 scapy-scan-tcpsyn.py

Usage: scapy-scan-tcpsyn.py 



$ python3 scapy-scan-tcpsyn.py 192.168.0.0/24

scan 192.168.0.0/24 with TCP SYN

TCP SYN reply from 192.168.0.1

TCP SYN reply from 192.168.0.92

TCP SYN reply from 192.168.0.118

TCP SYN reply from 192.168.0.161

TCP SYN reply from 192.168.0.203

```



What is script doing :



- get `target` from command line with `sys.argv`

- create packet with layer `scapy.ICMP()` under `scapy.TCP()`

- set `dst` for `scapy.IP()`

- set `dport` and `flags` for `scapy.TCP()`

- send one `IP()/TCP()` packet with `scapy.sr()`

- display packets having proto set to `tcp` from answers received



## Scapy Traceroute



Sample script to trace IP route to a target.



```

$ python3 scapy-traceroute.py

Usage: scapy-traceroute.py 



$ python3 scapy-traceroute.py www.cisco.com

traceroute to 2.20.10.35 (www.cisco.com)

[ttl=1 ] reply type 11 from 192.168.0.1 (192.168.0.1)

[ttl=2 ] reply type 11 from 192.168.1.1 (192.168.1.1)

[ttl=3 ] timed out

[ttl=4 ] timed out

[ttl=5 ] timed out

[ttl=6 ] timed out

[ttl=7 ] reply type 11 from 193.251.131.8 (193.251.131.8)

[ttl=8 ] reply type 11 from 81.52.187.80 (81.52.187.80)

[ttl=9 ] reply type 0 from 2.20.10.35 (a2-20-10-35.deploy.static.akamaitechnologies.com)

```



What is script doing :



- get `target` from command line with `sys.argv`

- resolve name to IP address with `socket.gethostbyname()`

- enter loop to send packets with `ttl=1`until `target` reached or `ttl=maxttl`

  - create packet with layer `scapy.ICMP()` under `scapy.IP()`

  - set `dst`and `ttl`values for `scapy.IP()`

  - set `type` value for `scapy.ICMP()`

  - send one `IP()/ICMP()` packet with `scapy.sr1()`

  - if no packet returned, display timeout message

  - else print source of `ICMP`packet received

  - if packet received from `target`, then break the loop