Python scapy.all.Ether() Examples
The following are 30
code examples of scapy.all.Ether().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
scapy.all
, or try the search function
.
Example #1
Source File: network_scanner.py From Wifi_BruteForce with GNU General Public License v2.0 | 12 votes |
def scan_ips(interface='wlan0', ips='192.168.1.0/24'): """a simple ARP scan with Scapy""" try: print('[*] Start to scan') conf.verb = 0 # hide all verbose of scapy ether = Ether(dst="ff:ff:ff:ff:ff:ff") arp = ARP(pdst = ips) answer, unanswered = srp(ether/arp, timeout = 2, iface = interface, inter = 0.1) for sent, received in answer: print(received.summary()) except KeyboardInterrupt: print('[*] User requested Shutdown') print('[*] Quitting...') sys.exit(1)
Example #2
Source File: test_pcap.py From beagle with MIT License | 8 votes |
def test_multiple_packets(): packets = [ # HTTP Packet Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) / HTTP() / HTTPRequest(Method="GET", Path="/foo", Host="https://google.com"), # DNS Packet Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / UDP(sport=80, dport=53) / DNS(rd=1, qd=DNSQR(qtype="A", qname="google.com"), an=DNSRR(rdata="123.0.0.1")), # TCP Packet Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=80, dport=5355), ] events = list(packets_to_datasource_events(packets).events()) assert len(events) == 3 assert [e["event_type"] for e in events] == ["HTTPRequest", "DNS", "TCP"]
Example #3
Source File: test_pcap.py From beagle with MIT License | 8 votes |
def test_single_dns_resp_packet(): packets = [ Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / UDP(sport=80, dport=53) / DNS(rd=1, qd=DNSQR(qtype="A", qname="google.com"), an=DNSRR(rdata="123.0.0.1")) ] events = list(packets_to_datasource_events(packets).events()) assert len(events) == 1 assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab" assert events[0]["dst_mac"] == "12:12:12:12:12:12" assert events[0]["src_ip"] == "127.0.0.1" assert events[0]["dst_ip"] == "192.168.1.1" assert events[0]["sport"] == 80 assert events[0]["dport"] == 53 assert events[0]["qname"] == "google.com." assert events[0]["qanswer"] == "123.0.0.1" assert events[0]["qtype"] == "A" assert events[0]["event_type"] == "DNS"
Example #4
Source File: test_pcap.py From beagle with MIT License | 7 votes |
def test_single_http_packet(): packets = [ Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=12345, dport=80) / HTTP() / HTTPRequest(Method="GET", Path="/foo", Host="https://google.com") ] events = list(packets_to_datasource_events(packets).events()) assert len(events) == 1 assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab" assert events[0]["dst_mac"] == "12:12:12:12:12:12" assert events[0]["src_ip"] == "127.0.0.1" assert events[0]["dst_ip"] == "192.168.1.1" assert events[0]["sport"] == 12345 assert events[0]["dport"] == 80 assert events[0]["http_method"] == "GET" assert events[0]["uri"] == "/foo" assert events[0]["http_dest"] == "https://google.com" assert events[0]["event_type"] == "HTTPRequest"
Example #5
Source File: test_pcap.py From beagle with MIT License | 7 votes |
def test_single_tcp_packet(): packets = [ Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / TCP(sport=80, dport=5355) ] events = list(packets_to_datasource_events(packets).events()) assert len(events) == 1 assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab" assert events[0]["dst_mac"] == "12:12:12:12:12:12" assert events[0]["src_ip"] == "127.0.0.1" assert events[0]["dst_ip"] == "192.168.1.1" assert events[0]["sport"] == 80 assert events[0]["dport"] == 5355 assert events[0]["event_type"] == "TCP"
Example #6
Source File: tcpkiller.py From pina-colada with MIT License | 6 votes |
def callback(self, packet): flags = packet.sprintf("%TCP.flags%") proto = IP if IPv6 in packet: proto = IPv6 if flags == "A" and not self.ignore_packet(packet, proto): src_mac = packet[Ether].src dst_mac = packet[Ether].dst src_ip = packet[proto].src dst_ip = packet[proto].dst src_port = packet[TCP].sport dst_port = packet[TCP].dport seq = packet[TCP].seq ack = packet[TCP].ack if self.verbose: print("RST from %s:%s (%s) --> %s:%s (%s) w/ %s" % (src_ip, src_port, src_mac, dst_ip, dst_port, dst_mac, ack)) if self.noisy: self.send(self.build_packet(src_mac, dst_mac, src_ip, dst_ip, src_port, dst_port, seq, proto)) self.send(self.build_packet(dst_mac, src_mac, dst_ip, src_ip, dst_port, src_port, ack, proto))
Example #7
Source File: network_scanner.py From hacking_tools with MIT License | 6 votes |
def scan(ip): arp_request = scapy.ARP(pdst=ip) broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff") arp_request_broadcast = broadcast/arp_request answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0] clients_list = [] for element in answered_list: client_dict = {"ip": element[1].psrc, "mac": element[1].hwsrc} clients_list.append(client_dict) return clients_list
Example #8
Source File: packet_processor.py From iot-inspector-client with MIT License | 6 votes |
def _process_syn_scan(self, pkt): """ Receives SYN scan response from devices. """ src_mac = pkt[sc.Ether].src device_id = utils.get_device_id(src_mac, self._host_state) device_port = pkt[sc.TCP].sport with self._host_state.lock: port_list = self._host_state.pending_syn_scan_dict.setdefault(device_id, []) if device_port not in port_list: port_list.append(device_port) utils.log('[SYN Scan Debug] Device {} ({}): Port {}'.format( pkt[sc.IP].src, device_id, device_port ))
Example #9
Source File: misc_thread.py From upribox with GNU General Public License v3.0 | 6 votes |
def run(self): """Sends IGMP general query packets using the multicast address 224.0.0.1. Received replies are processed by a SniffThread. """ # create IGMP general query packet ether_part = Ether(src=self.mac) ip_part = IP(ttl=self._TTL, src=self.ip, dst=self._IGMP_MULTICAST) igmp_part = IGMP(type=self._IGMP_GENERAL_QUERY) # Called to explicitely fixup associated IP and Ethernet headers igmp_part.igmpize(ether=ether_part, ip=ip_part) while True: sendp(ether_part / ip_part / igmp_part) time.sleep(self._SLEEP)
Example #10
Source File: daemon_app.py From upribox with GNU General Public License v3.0 | 6 votes |
def run(self): """Starts the thread, which is sniffing incoming ARP packets and sends out packets to spoof all clients on the network and the gateway. This packets are sent every __SLEEP seconds. Note: First, a ARP request packet is generated for every possible client of the network. This packets are directed at the gateway and update existing entries of the gateway's ARP table. So the gateway is not flooded with entries for non-existing clients. Second, a GARP broadcast request packet is generated to spoof every client on the network. """ # start sniffing thread self.sniffthread.start() # generates a packet for each possible client of the network # these packets update existing entries in the arp table of the gateway # packets = [Ether(dst=self.gate_mac) / ARP(op=1, psrc=str(x), pdst=str(x)) for x in self.ip_range] # gratuitous arp to clients # updates the gateway entry of the clients arp table packets = [Ether(dst=ETHER_BROADCAST) / ARP(op=1, psrc=self.ipv4.gateway, pdst=self.ipv4.gateway, hwdst=ETHER_BROADCAST)] while True: sendp(packets) time.sleep(self.__SLEEP)
Example #11
Source File: mitm6.py From mitm6 with GNU General Public License v2.0 | 6 votes |
def send_dhcp_advertise(p, basep, target): global ipv6noaddrc resp = Ether(dst=basep.src)/IPv6(src=config.selfaddr, dst=basep[IPv6].src)/UDP(sport=547, dport=546) #base packet resp /= DHCP6_Advertise(trid=p.trid) #resp /= DHCP6OptPref(prefval = 255) resp /= DHCP6OptClientId(duid=p[DHCP6OptClientId].duid) resp /= DHCP6OptServerId(duid=config.selfduid) resp /= DHCP6OptDNSServers(dnsservers=[config.selfaddr]) if config.localdomain: resp /= DHCP6OptDNSDomains(dnsdomains=[config.localdomain]) if target.ipv4 != '': addr = config.ipv6prefix + target.ipv4.replace('.', ':') else: addr = config.ipv6prefix + '%d:%d' % (config.ipv6noaddr, config.ipv6noaddrc) config.ipv6noaddrc += 1 opt = DHCP6OptIAAddress(preflft=300, validlft=300, addr=addr) resp /= DHCP6OptIA_NA(ianaopts=[opt], T1=200, T2=250, iaid=p[DHCP6OptIA_NA].iaid) sendp(resp, iface=config.default_if, verbose=False)
Example #12
Source File: test_pcap.py From beagle with MIT License | 6 votes |
def test_single_udp_packet(): packets = [ Ether(src="ab:ab:ab:ab:ab:ab", dst="12:12:12:12:12:12") / IP(src="127.0.0.1", dst="192.168.1.1") / UDP(sport=80, dport=5355) ] events = list(packets_to_datasource_events(packets).events()) assert len(events) == 1 assert events[0]["src_mac"] == "ab:ab:ab:ab:ab:ab" assert events[0]["dst_mac"] == "12:12:12:12:12:12" assert events[0]["src_ip"] == "127.0.0.1" assert events[0]["dst_ip"] == "192.168.1.1" assert events[0]["sport"] == 80 assert events[0]["dport"] == 5355 assert events[0]["event_type"] == "UDP"
Example #13
Source File: mitm6.py From mitm6 with GNU General Public License v2.0 | 6 votes |
def send_dhcp_reply(p, basep): resp = Ether(dst=basep.src)/IPv6(src=config.selfaddr, dst=basep[IPv6].src)/UDP(sport=547, dport=546) #base packet resp /= DHCP6_Reply(trid=p.trid) #resp /= DHCP6OptPref(prefval = 255) resp /= DHCP6OptClientId(duid=p[DHCP6OptClientId].duid) resp /= DHCP6OptServerId(duid=config.selfduid) resp /= DHCP6OptDNSServers(dnsservers=[config.selfaddr]) if config.localdomain: resp /= DHCP6OptDNSDomains(dnsdomains=[config.localdomain]) try: opt = p[DHCP6OptIAAddress] resp /= DHCP6OptIA_NA(ianaopts=[opt], T1=200, T2=250, iaid=p[DHCP6OptIA_NA].iaid) sendp(resp, iface=config.default_if, verbose=False) except IndexError: # Some hosts don't send back this layer for some reason, ignore those if config.debug or config.verbose: print('Ignoring DHCPv6 packet from %s: Missing DHCP6OptIAAddress layer' % basep.src)
Example #14
Source File: dnsmasploit.py From raw-packet with MIT License | 6 votes |
def dhcpv6_callback(pkt): global dhcpv6_server_mac global dhcpv6_server_ipv6_link global dhcpv6_server_duid if pkt.haslayer(DHCP6_Advertise) or pkt.haslayer(DHCP6_Reply): if pkt[DHCP6OptServerId].duid is None: return False else: dhcpv6_server_mac = pkt[Ether].src dhcpv6_server_ipv6_link = pkt[IPv6].src dhcpv6_server_duid = pkt[DHCP6OptServerId].duid return True else: return False
Example #15
Source File: cmd_arp_ping.py From habu with BSD 3-Clause "New" or "Revised" License | 5 votes |
def cmd_arp_ping(ip, iface, verbose): """ Send ARP packets to check if a host it's alive in the local network. Example: \b # habu.arp.ping 192.168.0.1 Ether / ARP is at a4:08:f5:19:17:a4 says 192.168.0.1 / Padding """ if verbose: logging.basicConfig(level=logging.INFO, format='%(message)s') conf.verb = False if iface: iface = search_iface(iface) if iface: conf.iface = iface['name'] else: logging.error('Interface {} not found. Use habu.interfaces to show valid network interfaces'.format(iface)) return False res, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip), timeout=2) for _, pkt in res: if verbose: print(pkt.show()) else: print(pkt.summary())
Example #16
Source File: mitm6.py From mitm6 with GNU General Public License v2.0 | 5 votes |
def send_ra(): # Send a Router Advertisement with the "managed" and "other" flag set, which should cause clients to use DHCPv6 and ask us for addresses p = Ether(dst='33:33:00:00:00:01')/IPv6(dst='ff02::1')/ICMPv6ND_RA(M=1, O=1) sendp(p, iface=config.default_if, verbose=False) # Whether packet capturing should stop
Example #17
Source File: scraps.py From Naumachia with MIT License | 5 votes |
def process(self, pkt): if all(layer in pkt for layer in (scapy.Ether, scapy.ARP)): if pkt[scapy.Ether].src != str(net.ifhwaddr(self.iface)) and pkt[scapy.ARP].op == 1: # who-has resp = scapy.Ether()/scapy.ARP(hwsrc=str(net.ifhwaddr('tap0')), hwdst=pkt.hwsrc, psrc=pkt.pdst, pdst=pkt.psrc, op="is-at") scapy.sendp(resp, iface='tap0') if pkt.pdst not in self.ips: self.ips.add(pkt.pdst) cidr = '{!s}/{:d}'.format(pkt.pdst, 28) logger.info("Attaching new IP address {:s} to {:s}".format(cidr, self.iface)) subprocess.run(['ip', 'addr', 'add', cidr, 'dev', self.iface])
Example #18
Source File: communicator.py From PyExfil with MIT License | 5 votes |
def testCallBack(originalFrame, decryptedMsg): print("\n[%s] '%s'.\n" % (originalFrame[Ether].src.lower(), decryptedMsg))
Example #19
Source File: daemon_process.py From upribox with GNU General Public License v3.0 | 5 votes |
def run(self): """Starts multiple threads sends out packets to spoof all existing clients on the network and the gateway. This packets are sent every __SLEEP seconds. The existing clients (device entries) are read from the redis database. Threads: A SniffThread, which sniffs for incoming ARP packets and adds new devices to the redis db. Several HostDiscoveryThread, which are searching for existing devices on the network. A PubSubThread, which is listening for redis expiry messages. Note: First, ARP replies to spoof the gateway entry of existing clients arp cache are generated. ARP relpies to spoof the entries of the gateway are generated next. Unlike the holistic mode only packets for existing clients are generated. """ try: for worker in self.threads: self.threads[worker].start() # lamda expression to generate arp replies to spoof the clients exp1 = lambda dev: Ether(dst=dev[1]) / ARP(op=2, psrc=self.ipv4.gateway, pdst=dev[0], hwdst=dev[1]) while not self.exit.is_set(): # generates packets for existing clients sendp([p(dev) for dev in self.ipv4.redis.get_devices_values(filter_values=True) for p in (exp1,)]) try: with self.sleeper: self.sleeper.wait(timeout=self.__SLEEP) except RuntimeError as e: # this error is thrown by the with-statement when the thread is stopped if len(e.args) > 0 and e.args[0] == "cannot release un-acquired lock": return else: raise e self._return_to_normal() except Exception as e: self.logger.error("Process IPv4") self.logger.exception(e)
Example #20
Source File: communicator.py From PyExfil with MIT License | 5 votes |
def parse_message(self, pkt): """ Start the brokering server listener. :param ip: Client IP addr [str] :return: None """ # Here is where you want to hook up to automate communication # with the clients. if pkt[ARP].op is not 1: # Not 'who has?' return if pkt[Ether].dst.lower() != "ff:ff:ff:ff:ff:ff": # Not broadcast return try: # pkt[ARP][Padding].show() payload = pkt[ARP][Padding].load except: pass decPayload = AESDecryptOFB(key=self.key, text=payload) if self.retFunc is not None: self.retFunc(pkt ,decPayload)
Example #21
Source File: utils.py From creak with GNU General Public License v3.0 | 5 votes |
def get_mac_by_ip_s(ip_address, delay): """try to retrieve MAC address associated with ip using Scapy library """ responses, _ = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=ip_address), timeout=delay, retry=10) # return the MAC address from a response for _, response in responses: return response[Ether].src return None
Example #22
Source File: dns.py From kube-hunter with Apache License 2.0 | 5 votes |
def get_cbr0_ip_mac(self): config = get_config() res = srp1(Ether() / IP(dst="1.1.1.1", ttl=1) / ICMP(), verbose=0, timeout=config.network_timeout) return res[IP].src, res.src
Example #23
Source File: tcpkiller.py From pina-colada with MIT License | 5 votes |
def build_packet(self, src_mac, dst_mac, src_ip, dst_ip, src_port, dst_port, seq, proto): eth = Ether(src=src_mac, dst=dst_mac, type=0x800) if proto == IP: ip = IP(src=src_ip, dst=dst_ip) elif proto == IPv6: ip = IPv6(src=src_ip, dst=dst_ip) else: return str(eth) #if unknown L2 protocol, send back dud ether packet tcp = TCP(sport=src_port, dport=dst_port, seq=seq, flags="R") return str(eth/ip/tcp)
Example #24
Source File: cmd_dhcp_discover.py From habu with BSD 3-Clause "New" or "Revised" License | 5 votes |
def cmd_dhcp_discover(iface, timeout, verbose): """Send a DHCP request and show what devices has replied. Note: Using '-v' you can see all the options (like DNS servers) included on the responses. \b # habu.dhcp_discover Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.5:bootpc / BOOTP / DHCP """ conf.verb = False if iface: iface = search_iface(iface) if iface: conf.iface = iface['name'] else: logging.error('Interface {} not found. Use habu.interfaces to show valid network interfaces'.format(iface)) return False conf.checkIPaddr = False hw = get_if_raw_hwaddr(conf.iface) ether = Ether(dst="ff:ff:ff:ff:ff:ff") ip = IP(src="0.0.0.0",dst="255.255.255.255") udp = UDP(sport=68,dport=67) bootp = BOOTP(chaddr=hw) dhcp = DHCP(options=[("message-type","discover"),"end"]) dhcp_discover = ether / ip / udp / bootp / dhcp ans, unans = srp(dhcp_discover, multi=True, timeout=5) # Press CTRL-C after several seconds for _, pkt in ans: if verbose: print(pkt.show()) else: print(pkt.summary())
Example #25
Source File: arpspoof.py From HomeAssistant-CustomComponents with Apache License 2.0 | 5 votes |
def update_cache(self): try: ans, unans = arping(self._router_ip + "/24", iface=self._interface, verbose=False) self._arp_cache = [] if ans: for s, r in ans: self._arp_cache.append([r[ARP].psrc, r[Ether].src.lower()]) _LOGGER.debug("ARP cache: %s", self._arp_cache) except Exception as e: _LOGGER.error("Error when trying update ARP cache: %s", str(e))
Example #26
Source File: misc_thread.py From upribox with GNU General Public License v3.0 | 5 votes |
def run(self): """Sends broadcast ARP requests for every possible client of the network. Received ARP replies are processed by a SniffThread. """ sendp(Ether(dst=ETHER_BROADCAST) / ARP(op=1, psrc=self.gateway, pdst=self.network))
Example #27
Source File: daemon_app.py From upribox with GNU General Public License v3.0 | 5 votes |
def _return_to_normal(self): """This method is called when the daemon is stopping. First, sends a GARP broadcast request to all clients to tell them the real gateway. Then an ARP request is sent to every client, so that they answer the real gateway and update its ARP cache. """ # clients gratutious arp sendp( Ether(dst=ETHER_BROADCAST) / ARP(op=1, psrc=self.ipv4.gateway, pdst=self.ipv4.gateway, hwdst=ETHER_BROADCAST, hwsrc=self.ipv4.gate_mac)) # to clients so that they send and arp reply to the gateway # sendp(Ether(dst=ETHER_BROADCAST) / ARP(op=1, psrc=self.gateway, pdst=str(self.network), hwsrc=self.gate_mac))
Example #28
Source File: daemon_process.py From upribox with GNU General Public License v3.0 | 5 votes |
def _return_to_normal(self): """This method is called when the daemon is stopping. Apate tells the clients the real gateway via neighbor advertisements. """ # spoof clients with nd advertisements with self.sleeper: # check if the impersonation of the DNS server is necessary tgt = (self.ipv6.gateway, self.ipv6.dns_servers[0]) if util.is_spoof_dns(self.ipv6) else (self.ipv6.gateway,) for source in tgt: sendp(Ether(dst=ETHER_BROADCAST) / IPv6(src=source, dst=MulticastPingDiscoveryThread._MULTICAST_DEST) / ICMPv6ND_NA(tgt=source, R=1, S=0, O=1) / ICMPv6NDOptDstLLAddr(lladdr=self.ipv6.gate_mac))
Example #29
Source File: daemon_process.py From upribox with GNU General Public License v3.0 | 5 votes |
def spoof_devices(ip, devs, logger): for entry in devs: dev_hw = util.get_device_mac(entry) dev_ip = devs[entry] if not ip.redis.check_device_disabled(util.get_device_mac(entry)): sendp(Ether(dst=dev_hw) / ARP(op=2, psrc=ip.gateway, pdst=dev_ip, hwdst=dev_hw)) else: sendp(Ether(dst=dev_hw) / ARP(op=2, psrc=ip.gateway, pdst=dev_ip, hwdst=dev_hw, hwsrc=ip.gate_mac))
Example #30
Source File: dns.py From kube-hunter with Apache License 2.0 | 5 votes |
def get_kube_dns_ip_mac(self): config = get_config() kubedns_svc_ip = self.extract_nameserver_ip() # getting actual pod ip of kube-dns service, by comparing the src mac of a dns response and arp scanning. dns_info_res = srp1( Ether() / IP(dst=kubedns_svc_ip) / UDP(dport=53) / DNS(rd=1, qd=DNSQR()), verbose=0, timeout=config.network_timeout, ) kubedns_pod_mac = dns_info_res.src self_ip = dns_info_res[IP].dst arp_responses, _ = srp( Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(op=1, pdst=f"{self_ip}/24"), timeout=config.network_timeout, verbose=0, ) for _, response in arp_responses: if response[Ether].src == kubedns_pod_mac: return response[ARP].psrc, response.src