精华内容
参与话题
问答
  • Scapy

    2019-01-23 11:44:00
    1、UDP scanning with Scapy Scapy is a tool that can be used to craft and inject custom packets into a network ,in this specific recipe, Scapy will be used to scan for active UDP services ,Th...

    1、UDP scanning with Scapy

            Scapy is a tool that can be used  to craft and inject custom packets into  a network ,in this specific recipe, Scapy will be used to scan for active UDP services ,This can be done by sending empty UDP packet to destionation ports and then identifying the ports that  do not respond  with an ICMP port-unreachable response .whether  a service is running on a give UDP port ,the technique that we will use with Scapy is to identify closed UDP port with ICMP port-unreachable replies ,to send a UDP request to any given port ,so we need to build layer of taht the request , the first layer that we will need to construct is the IP layer

        step one :  we used the command  Scapy to invoking the tool   .you don't sent the ip.src ,because the source the ip will automatically  updates associated with the default interface  .   after each setup , you need to check and   confirm it by youself .  we can you  the command  (.display)  .we should do in lab envrionment , I use the metasploitable2 and , the metasploitable2 system can used as remote service over UDP . so let's see the following option :

       step two :  view the metasploitable2 ip address  . so the ip.dst=192.168.142.170

    step three  :start-up the Scapy  and construct the ip layer  ,and set the dst ip is 192.168.142.170  .   .but hte DNS is a comman service that can often be discovered on network systems , so we can modified by setting the attribute equal to the new port destination value  set  the dport =123

     

    setp four: we have created both the IP layers ,so  here we need to construct the request by the stacking these layers by request=(i/u)

    and  then send the request to the remote service

    finally  we can look the response.display ()

    >>> response.display()
    ###[ IP ]###
      version= 4
      ihl= 5
      tos= 0xc0
      len= 56
      id= 64015
      flags=
      frag= 0
      ttl= 64
      proto= icmp
      chksum= 0xe144
      src= 192.168.142.170
      dst= 192.168.142.181
      \options\
    ###[ ICMP ]###
         type= dest-unreach
         code= port-unreachable
         chksum= 0x9bc7
         reserved= 0
         length= 0
         nexthopmtu= 0
    ###[ IP in ICMP ]###
            version= 4
            ihl= 5
            tos= 0x0
            len= 28
            id= 1
            flags=
            frag= 0
            ttl= 64
            proto= udp
            chksum= 0xdc1f
            src= 192.168.142.181
            dst= 192.168.142.170
            \options\
    ###[ UDP in ICMP ]###
               sport= domain
               dport= ntp
               len= 8
               chksum= 0x607d

    in  fact the request can be performed without independently building and stacking each layer ,we can use a  single one-line command by calling the function directly and passing them the approprite argument as following . of couse wen scan set the timeout and the verbose .

    note  that the response  for these requests  includes an ICMP packet that  type indicating that the host is unreachable and code indicating that the port is unreachable this response is commonly if the UDP oprt is closed ,so we should attempt to modify the request so that it is sent to the destination port  that correspond to an actual service on teh remote system , let's change the destination port back to port 53 and then send the request again .as follows:

    when the same request is sent to an actual aervice ,no replay is received , this is beacuse the DNS service running on the system's UDP port 53, will only respond to service-specific request ,this discrepancy can be used to scan for ICMP host-unreachable replies .

    so we can identify potential service by flagging the noresponsive ports.  edit a script to scan the port.

     

     

     

     

     

     

     

     

     

     

            

     

       

     

    转载于:https://www.cnblogs.com/xinxianquan/p/10308035.html

    展开全文
  • scapy

    2017-05-16 16:48:16
    scapy:  用于抓包,修改包 可单独使用,可作为python的库 依赖:python_gnuplot 使用例子: >>> arp = ARP() #调用ARP()函数,创建一个ARP类得实例 >>> arp.display() #调用arp实例得一个方法,display,查看...

    scapy:

     用于抓包,修改包

    可单独使用,可作为python的库

    依赖:python_gnuplot


    使用例子:

    >>> arp = ARP()    #调用ARP()函数,创建一个ARP类得实例
    >>> arp.display()    #调用arp实例得一个方法,display,查看arp的参数
    ###[ ARP ]###
      hwtype= 0x1
      ptype= 0x800
      hwlen= 6
      plen= 4
      op= who-has
      hwsrc= 00:0c:29:26:5d:39
      psrc= 192.168.152.129
      hwdst= 00:00:00:00:00:00
      pdst= 0.0.0.0
    >>> arp.pdst='10.1.1.1'    #通过赋值修改参数
    >>> arp.display()    #验证修改结果
    ###[ ARP ]###
      hwtype= 0x1
      ptype= 0x800
      hwlen= 6
      plen= 4
      op= who-has
      hwsrc= 00:0c:29:26:5d:39
      psrc= 192.168.152.129
      hwdst= 00:00:00:00:00:00
      pdst= 10.1.1.1
    >>> answer = sr1(arp)    #sr1 是一个发包的函数。还有一个和他很相似的叫sr() . s是send, r是recieve。sr1和sr的区别是发了包之后,sr1只接受第一个回答。如果没有timeout,scapy会一直发包,直到有应答

                              #sr(x, filter=None, iface=None, nofilter=0, *args, **kargs)


    sr(x, filter=None, iface=None, nofilter=0, *args, **kargs)
        Send and receive packets at layer 3
        nofilter: put 1 to avoid use of bpf filters
        retry:    if positive, how many times to resend unanswered packets
                  if negative, how many times to retry when no more packets are answered
        timeout:  how much time to wait after the last packet has been sent
        verbose:  set verbosity level
        multi:    whether to accept multiple answers for the same stimulus
        filter:   provide a BPF filter
        iface:    listen answers only on the given interface

    #!usr/bin/python3

    import logging

    import subprocess

    logging.getlogger('scapy.runtime').setLevel(logging.ERROR)

    import scapy


    if len(sys.argv) !=2

        print('help')

        sys.exit()


    interface = str(sys.argv[1])

    ip = subprocess.getoutput('ifconfig '+interface+" |grep 'inet ' | cut -d ' ‘ -f 10",shell=True).strip()

    prefix = ip.split('.')[0]+'.'+ip.split('.')[1]+'.'+ip.split('.')[2]+'.'


    for addr in range(0.254):

        answer = sr1(ARP(pdst = prefix+str(addr)),timeout=0.1,verbose=0)

        if not answer:

            print(prefix+str(addr))







    SCAPY(1)                                                                  General Commands Manual                                                                 SCAPY(1)


    NAME
           scapy - Interactive packet manipulation tool

    SYNOPSIS
           scapy [options]

    DESCRIPTION
           This manual page documents briefly the scapy tool.

           scapy  is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery, packet sniffer, etc. It can for the moment replace
           hping, parts of nmap, arpspoof, arp-sk, arping, tcpdump, tshark, p0f, ...

           scapy uses the python interpreter as a command board. That means that you can use directly python language (assign variables, use loops, define functions, etc.) If
           you  give a file as parameter when you run scapy, your session (variables, functions, intances, ...) will be saved when you leave the interpretor, and restored the
           next time you launch scapy.

           The idea is simple. Those kind of tools do two things : sending packets and receiving answers. That's what scapy does : you define a set of packets, it sends them,
           receives  answers, matches requests with answers and returns a list of packet couples (request, answer) and a list of unmatched packets. This has the big advantage
           over tools like nmap or hping that an answer is not reduced to (open/closed/filtered), but is the whole packet.

           On top of this can be build more high level functions, for example one that does traceroutes and give as a result only the start TTL of the request and the  source
           IP of the answer. One that pings a whole network and gives the list of machines answering. One that does a portscan and returns a LaTeX report.

    OPTIONS
           Options for scapy are:

           -h     display usage

           -d     increase log verbosity. Can be used many times.

           -s FILE
                  use FILE to save/load session values (variables, functions, intances, ...)

           -p PRESTART_FILE
                  use PRESTART_FILE instead of $HOME/.scapy_prestart.py as pre-startup file

           -P     do not run prestart file

           -c STARTUP_FILE
                  use STARTUP_FILE instead of $HOME/.scapy_startup.py as startup file

           -C     do not run startup file

    COMMANDS
           Only the vital commands to begin are listed here for the moment.

           ls()   lists supported protocol layers. If a protocol layer is given as parameter, lists its fields and types of fields.

           lsc()  lists some user commands. If a command is given as parameter, its documentation is displayed.

           conf   this object contains the configuration.

    FILES
           $HOME/.scapy_prestart.py  This  file is run before scapy core is loaded. Only the is available. This file can be used to manipulate conf.load_layers list to choose
           which layers will be loaded:

           conf.load_layers.remove("bluetooth")
           conf.load_layers.append("new_layer")

           $HOME/.scapy_startup.py This file is run after scapy is loaded. It can be used to configure some of the scapy behaviors:

           conf.prog.pdfreader="xpdf"
           split_layers(UDP,DNS)

    EXAMPLES
           More verbose examples are available at http://www.secdev.org/projects/scapy/demo.html Just run scapy and try the following commands in the interpreter.

           Test the robustness of a network stack with invalid packets:
           sr(IP(dst="172.16.1.1", ihl=2, options="b$2$", version=3)/ICMP())

           Packet sniffing and dissection (with a bpf filter or thetereal-like output):
           a=sniff(filter="tcp port 110")
           a=sniff(prn = lambda x: x.display)

           Sniffed packet reemission:
           a=sniff(filter="tcp port 110")
           sendp(a)

           Pcap file packet reemission:
           sendp(rdpcap("file.cap"))

           Manual TCP traceroute:
           sr(IP(dst="www.google.com", ttl=(1,30))/TCP(seq=RandInt(), sport=RandShort(), dport=dport)

           Protocol scan:
           sr(IP(dst="172.16.1.28", proto=(1,254)))

           ARP ping:
           srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="172.16.1.1/24"))

           ACK scan:
           sr(IP(dst="172.16.1.28")/TCP(dport=(1,1024), flags="A"))

           Passive OS fingerprinting:
           sniff(prn=prnp0f)

           Active OS fingerprinting:
           nmap_fp("172.16.1.232")

           ARP cache poisonning:
           sendp(Ether(dst=tmac)/ARP(op="who-has", psrc=victim, pdst=target))

           Reporting:
           report_ports("192.168.2.34", (20,30))

    SEE ALSO
           http://www.secdev.org/projects/scapy
           http://trac.secdev.org/scapy

    BUGS
           Does not give the right source IP for routes that use interface aliases.

           May miss packets under heavy load.

           Session saving is limited by Python ability to marshal objects. As a consequence, lambda functions and generators can't be saved, which seriously reduce usefulness
           of this feature.

           BPF filters don't work on Point-to-point interfaces.

    AUTHOR
           Philippe Biondi <phil@secdev.org>

           This manual page was written by Alberto Gonzalez Iniesta <agi@agi.as> and Philippe Biondi.

                                                                                   May 12, 2003                                                                       SCAPY(1)

    展开全文
  • Scapy Error

    2020-11-22 20:40:42
    /usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 326, in __getattr__ return self.payload.__getattr__(attr) File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", ...
  • scapy import error

    2020-11-22 09:20:12
    to install scapy , and it install sucessful (C:\Program Files\IronPython 2.7\Lib\site-packages\scapy). It's failed to import scapy in ironpython , but it's ok in python. <p>import re import ...
  • Error installing scapy

    2020-12-04 21:32:04
    <p>when I run <code>pip install -r requirements.txt</code> the first three install fine, but scapy errors out. I tried installing it manually and it gave the same error: <pre><code> Downloading/...
  • scapy issue

    2020-11-30 03:04:31
    <div><p>I already installed the requirements but there's still a problem: <p>ERROR: Requirements have not been satisfied ...scapy'</p><p>该提问来源于开源项目:k4m4/kickthemout</p></div>
  • Fix scapy server offsets

    2020-12-04 12:16:47
    <div><p>This PR fixes scapy_server(broken in v2.19) and adds extra tests for length/offset calculation. <p>v2.18 is ok v2.19 trex core has a scapy_server regression due to changes in scapy: Packet....
  • Merging scapy3k into scapy

    2020-12-05 00:03:03
    <div><p>It would be nice to have a single scapy package capable of being used on Python 2.7 and Python 3.x. Has there been any discussion to merge this project into the secdev/scapy project?</p><p>该...
  • Error importing: scapy lib

    2020-11-23 00:55:31
    <p>Requirement already satisfied: scapy in /usr/local/lib/python2.7/dist-packages/scapy-2.4.2-py2.7.egg (2.4.2) so what should I do</p><p>该提问来源于开源项目:epsylon/ufonet</p></div>
  • Scapy on Windows 7

    2020-11-22 05:55:24
    t work, as explained in <a href="https://github.com/phaethon/scapy/issues/50#issuecomment-196460828">issue #50 </a></p> <p>Here's sample code: <pre><code> #!/usr/bin/env python3 from scapy.all ...
  • could be verified earlier, inside scapy packet building routine, so Packet Editor also could display these error properly, implemented errors:<ul><li>step >= 0</li><li>limit >= 0</li><li...
  • <div><p>(scapy3k)~ ❯❯❯ scapy <pre><code> pytb INFO: Can't import python gnuplot wrapper . Won't be able to plot. Traceback (most recent call last): File "/Users/tzudot/.virtualenvs/...
  • Can't install scapy on MacOS

    2020-11-30 10:58:52
    <div><p>The MacOS guide states that I need to install scapy using brew but I cant find the package. <p>Error: No available formula with the name "scapy" ==> Searching for similarly...
  • Scapy service gui updates

    2020-12-04 11:43:21
    <div><p>this PR contains hand-crafted protocol definition file - it allows to adjust field names and UI controls on scapy server side without UI code modification - trex-doc is up to date <p>added ...
  • <div><p>PIP package scapy-python3 used to provide scapy3k, which was a fork from scapy implementing python3 compatibility since 2016. This package was included in some of the Linux distros under name ...
  • No module named 'Scapy'

    2020-11-29 13:50:11
    (default, Apr 2 2018, 04:16:25)</li><li><strong>Scapy version</strong>: scapy-python3 (0.23) | scapy (2.4.0)</li><li><strong>Nmap version</strong>: Nmap 7.70</li><li> <p><strong>Link of ...
  • Scapy3 on Windows7

    2020-11-22 05:51:58
    <div><p>I am trying to explore scapy3 on a Windows7 platform and was successful with installing the required packages. I am a beginner in this tool and I am trying a few examples from the ...
  • <h2>Checklist for submitting ... version</strong>: </li><li><strong>Python version</strong>: </li><li><strong>Scapy version</strong>: </li><li><strong>Nmap version</strong>: </li><li><strong>Link of ...
  • and I use this command install scapy: pip install scapy-python3 when I run: from scapy.all import * I get this: Traceback (most recent call last): File "", line 1, in from scapy.all import ...
  • No module named scapy.config

    2020-11-29 13:50:09
    Requirement already satisfied: scapy-python3 in /usr/local/lib/python3.5/dist-packages (from -r requirements.txt (line 1)) (0.24) Requirement already satisfied: python-nmap in /usr/local/lib/python3.5...
  • Error in scapy getlayer call

    2020-11-22 01:05:34
    /usr/lib/python2.7/site-packages/scapy/sendrecv.py", line 620, in sniff r = prn(p) File "/usr/lib/python2.7/boopsuite/modules/sniffer.py", line 348, in sniff_packets self.handler_...
  • No Module Named "Scapy

    2020-11-29 17:08:51
    <h2>Checklist for submitting ... version</strong>: </li><li><strong>Python version</strong>: </li><li><strong>Scapy version</strong>: </li><li><strong>Nmap version</strong>: </li><li><strong>Link of ...
  • Scapy 中文文档

    2018-10-05 08:06:38
    Scapy 中文文档 原文:Welcome to Scapy's documentation! ---------------------------------------------------- 本 PDF 基于开源文档,目录书签齐全。 版权归原作者,翻译版权归译者。 -------------------------...
  • dict(zip(scapy.all.ipv6nh.values(), scapy.all.ipv6nh.keys())) sniff_thread = SniffThread(timeout=1, iface=ITF_DST, lfilter=lambda x: x[scapy.all.IPv6].nh not in (ipv6nh_codes["...
  • Scapy(?) Error on Launch

    2020-12-04 21:32:04
    /usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 620, in sniff r = prn(p) File "/usr/share/modules/sniffer.py", line 349, in sniff_packets self.handler_beacon(packet_object...
  • Scapy3k for Windows7

    2020-11-22 05:55:24
    - Adapted the latest windows/<strong>init</strong>.py from the original scapy project - Fixed a problem causing the MAC Address 00:00:00:00:00:00 to be used in all cases --> Scapy could not perform...
  • No module named 'scapy'

    2020-12-02 05:45:52
    scapy'" and if python kickthemout.py it says : "'errors' is an inavalid keyword argument for this function. What's the problem, can u help me? P.S: for the first time it ...

空空如也

1 2 3 4 5 ... 20
收藏数 2,143
精华内容 857
关键字:

Scapy