• Search by Module
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• habu-master
  • .github
    • ISSUE_TEMPLATE
      • feature_request.md
      • bug_report.md
  • todo.rst
  • readme_generate
  • .setup.cfg_aversiseusa
  • img
    • social.xcf
  • README_header.rst
  • .travis
    • run.sh
  • LICENSE
  • dev-requirements.txt
  • CONTRIBUTING.md
  • README.rst
  • setup.py
  • pip-upgrade.sh
  • habu
    • config.py
    • cli
      • cmd_arp_poison.py
      • cmd_config_set.py
      • cmd_web_report.py
      • cmd_http_tech.py
      • cmd_jshell.py
      • cmd_dns_lookup_forward.py
      • cmd_crypto_hasher.py
      • cmd_dhcp_starvation.py
      • cmd_cert_clone.py
      • cmd_server_ftp.py
      • cmd_arp_ping.py
      • cmd_protoscan.py
      • cmd_crypto_fernet_genkey.py
      • cmd_b64.py
      • cmd_tcp_flags.py
      • cmd_shodan.py
      • cmd_crack_snmp.py
      • cmd_ip_public.py
      • cmd_data_extract_email.py
      • cmd_tcp_isn.py
      • cmd_shodan_query.py
      • cmd_ip_internal.py
      • cmd_cert_names.py
      • cmd_net_contest.py
      • cmd_dhcp_discover.py
      • cmd_data_enrich.py
      • cmd_icmp_ping.py
      • cmd_nc.py
      • cmd_cert_crtsh.py
      • cmd_data_extract_fqdn.py
      • cmd_land.py
      • cmd_host.py
      • cmd_data_select.py
      • cmd_http_options.py
      • cmd_virustotal.py
      • cmd_config_del.py
      • cmd_nmap_open.py
      • cmd_forkbomb.py
      • cmd_karma_bulk.py
      • cmd_crack_luhn.py
      • cmd_data_extract_domain.py
      • cmd_vhosts.py
      • cmd_crypto_xor.py
      • cmd_usercheck.py
      • cmd_nmap_excluded.py
      • cmd_version.py
      • cmd_ip_asn.py
      • cmd_data_filter.py
      • cmd_web_screenshot.py
      • __init__.py
      • cmd_eicar.py
      • cmd_ip_geolocation.py
      • cmd_http_headers.py
      • cmd_traceroute.py
      • cmd_nmap_ports.py
      • cmd_config_show.py
      • cmd_fqdn_finder.py
      • cmd_tcp_synflood.py
      • cmd_dns_lookup_reverse.py
      • cmd_arp_sniff.py
      • cmd_asydns.py
      • cmd_whois_domain.py
      • cmd_tcp_scan.py
      • cmd_crypto_gppref.py
      • cmd_data_extract_ipv4.py
      • cmd_crypto_fernet.py
      • cmd_karma.py
      • cmd_net_interfaces.py
      • cmd_whois_ip.py
      • cmd_gateway_find.py
    • lib
      • extract.py
      • delegator.py
      • eicar.py
      • http_tech-old.py
      • reqalyze.py
      • iface.py
      • http.py
      • dns.py
      • loadcfg.py
      • enrich_not_work.py
      • tomorrow3.py
      • completeme
        • javascript.py
        • __init__.py
      • web_screenshot.py
      • certclone2.py
      • portscan.py
      • tomorrow3
        • tomorrow3.py
        • __init__.py
      • fqdn_finder.py
      • pwdpolicy.py
      • arpoison.py
      • xor.py
      • shodan.py
      • host.py
      • hasher.py
      • http_tech.py
      • forkbomb.py
      • firewall_iptables.py
      • ip2asn.py
      • firewall.py
      • pwdlyze.py
      • threaded.py
      • ip.py
      • pscan.py
      • certclone.py
      • __init__.py
      • ip_reputation.py
      • contest.py
      • web_links.py
      • auth.py
      • identify.py
      • auth
        • ftp.py
        • ftps.py
        • __init__.py
        • base.py
      • enrich.py
      • htc.py
      • vhosts.py
      • libdns.py
    • util
      • generate-apps-habu-json.py
    • data
      • forkbomb
        • haskell.txt
        • python.txt
        • bash.txt
        • batch.txt
        • php.txt
        • perl.txt
        • c.txt
        • ruby.txt
      • services-udp
      • subdomains.txt
      • jshell-commands
        • docloc.js
        • info.js
        • mitb.js
        • keylogger.js
      • apps-custom.json
      • dict_snmp.txt
      • 10_million_password_list_top_1000.txt
      • services-tcp
    • __init__.py
  • check_help.sh
  • .travis.yml
  • tests
    • test_xor.py
  • pytest.ini
  • pull_request_template.md.
  • tested_on_windows.rst
  • .gitlab-ci.yml
  • .gitignore
  • MANIFEST.in
  • logo.jpeg
  • upload

#!/usr/bin/env python3

import logging

import click

logging.getLogger("scapy.runtime").setLevel(logging.ERROR)

from habu.lib.iface import search_iface
from scapy.all import IP, TCP, conf, sr1


@click.command()
@click.argument('ip')
@click.option('-p', 'port', default=80, help='Port to use (default: 80)')
@click.option('-i', 'iface', default=None, help='Interface to use')
def cmd_traceroute(ip, port, iface):
    """TCP traceroute.

    Identify the path to a destination getting the ttl-zero-during-transit messages.

    Note: On the internet, you can have various valid paths to a device.

    Example:

    \b
    # habu.traceroute 45.77.113.133
    IP / ICMP 192.168.0.1 > 192.168.0.5 time-exceeded ttl-zero-during-transit / IPerror / TCPerror
    IP / ICMP 10.242.4.197 > 192.168.0.5 time-exceeded ttl-zero-during-transit / IPerror / TCPerror / Padding
    IP / ICMP 200.32.127.98 > 192.168.0.5 time-exceeded ttl-zero-during-transit / IPerror / TCPerror / Padding
    .
    IP / ICMP 4.16.180.190 > 192.168.0.5 time-exceeded ttl-zero-during-transit / IPerror / TCPerror
    .
    IP / TCP 45.77.113.133:http > 192.168.0.5:ftp_data SA / Padding

    Note: It's better if you use a port that is open on the remote system.
    """

    conf.verb = False

    if iface:
        iface = search_iface(iface)
        if iface:
            conf.iface = iface['name']
        else:
            logging.error('Interface {} not found. Use habu.interfaces to show valid network interfaces'.format(iface))
            return False

    pkts = IP(dst=ip, ttl=(1, 16)) / TCP(dport=port)

    for pkt in pkts:

        ans = sr1(pkt, timeout=1, iface=conf.iface)

        if not ans:
            print('.')
            continue

        print(ans.summary())

        if TCP in ans and ans[TCP].flags == 18:
            break

    return True


if __name__ == '__main__':
    cmd_traceroute()