scapy | based interactive packet manipulation program & library | Learning library

by secdev Python Version: 2.5.0rc3 License: GPL-2.0

kandi X-RAY | scapy Summary

scapy is a Python library typically used in Tutorial, Learning applications. scapy has no bugs, it has no vulnerabilities, it has build file available, it has a Strong Copyleft License and it has high support. You can install using 'pip install scapy' or download it from GitHub, PyPI.

Scapy is a powerful Python-based interactive packet manipulation program and library. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow fast packet prototyping by using default values that work. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, wireshark, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VoIP decoding on WEP protected channel, ...), etc. Scapy supports Python 2.7 and Python 3 (3.4 to 3.9). It's intended to be cross platform, and runs on many different platforms (Linux, OSX, *BSD, and Windows).

Support

Quality

Security

License

Reuse

kandi-support Support

scapy has a highly active ecosystem.
It has 8354 star(s) with 1785 fork(s). There are 219 watchers for this library.
There were 4 major release(s) in the last 6 months.
There are 44 open issues and 1355 have been closed. On average issues are closed in 86 days. There are 52 open pull requests and 0 closed requests.
It has a negative sentiment in the developer community.
The latest version of scapy is 2.5.0rc3

scapy Support

Best in #Learning

Average in #Learning

scapy Support

Best in #Learning

Average in #Learning

quality kandi Quality

scapy has 0 bugs and 0 code smells.

scapy Quality

Best in #Learning

Average in #Learning

scapy Quality

Best in #Learning

Average in #Learning

security Security

scapy has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
scapy code analysis shows 0 unresolved vulnerabilities.
There are 0 security hotspots that need review.

scapy Security

Best in #Learning

Average in #Learning

scapy Security

Best in #Learning

Average in #Learning

license License

scapy is licensed under the GPL-2.0 License. This license is Strong Copyleft.
Strong Copyleft licenses enforce sharing, and you can use them when creating open source projects.

scapy License

Best in #Learning

Average in #Learning

scapy License

Best in #Learning

Average in #Learning

build Reuse

scapy releases are available to install and integrate.
Deployable package is available in PyPI.
Build file is available. You can build the component from source.
Installation instructions, examples and code snippets are available.
scapy saves you 95646 person hours of effort in developing the same functionality from scratch.
It has 109491 lines of code, 5372 functions and 304 files.
It has low code complexity. Code complexity directly impacts maintainability of the code.

scapy Reuse

Best in #Learning

Average in #Learning

scapy Reuse

Best in #Learning

Average in #Learning

Top functions reviewed by kandi - BETA

kandi has reviewed scapy and discovered the below as its top functions. This is intended to give you an instant insight into scapy implemented functionality, and help decide if they suit your requirements.

Run tcpdump .

Interactively interactively .

Start the background thread .

Impersonate a packet .

Explorer a given layer .

Return a list of unit_and scaling fields .

Generate a tracebook notebook

This function is used to attack an attack .

Deal with a negotiation response .

Compute the difference between two strings .

Get all kandi verified functions for this library.

scapy Key Features

Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.

scapy Examples and Code Snippets

Community Discussions

Trending Discussions on scapy

Renault Zoe doesn't send SDP Request After SLAC Matching Process
How to use threading in python to make multiple fake access points with Scapy?
Getting all IP addresses connected to WiFi using python and scapy
Scapy module not working on RPI with error: "No such file or directory: b'liblibc.a'"
"OSError: [WinError 10022] An invalid argument was supplied" when trying to send TCP SYN packet (python)
Python Scapy TCP SYN and TCP Port
Can't import Scapy arping() method
Reading Raw Bytes using Scapy?
Circular import error only when importing specific function
Python Scapy - create a new protocol definition within UDP Data

Trending Discussions on scapy

QUESTION

Renault Zoe doesn't send SDP Request After SLAC Matching Process

Asked 2022-Feb-25 at 12:01

We are trying to communicate with Renault Zoe according to DIN SPEC 70121.

We are successfully communciating with the Hyundai Kona and BMW i3 but fail to receive the SPD Request with Renault Zoe. We are passing the SLAC process with Renault Zoe but we don't recieve any UDP messages afterwards. We are sending the CM_SLAC_MATCH_CNF message as an ethernet unicast message according to DIN SPEC 70121:2014-12, 8.3.3.3.2, Table 2 (noted in Design Guide Combined Charging System V5 - Failures during SLAC - Interruption at SLAC match sequence).

Why can it be that we receive the SDP Request with Kona and i3 but fail to do so with Zoe? Has anyone experienced this behaviour before?

Sniffed SLAC messages with scapy:

(= '' means the field is filled with zeroes)

Received from Zoe:

###[ CM_SLAC_MATCH_REQ ]###
  ApplicationType= 0
  SecurityType= 0
  MatchVariableFieldLen= 15872
  \VariableField\
   |###[ SLAC_varfield ]###
   |  EVID      = ''
   |  EVMAC     = 7c:bc:84:41:03:3b
   |  EVSEID    = ''
   |  EVSEMAC   = 3e:7e:f1:10:ab:3e
   |  RunID     = '\xd3\xac;\x0f\x17-\xb7+'
   |  RSVD      = ''

Send to Zoe:

###[ CM_SLAC_MATCH_CNF ]###
  ApplicationType= 0
  SecurityType= 0
  MatchVariableFieldLen= 86
  \VariableField\
   |###[ SLAC_varfield ]###
   |  EVID      = ''
   |  EVMAC     = 7c:bc:84:41:03:3b
   |  EVSEID    = ''
   |  EVSEMAC   = 3e:7e:f1:10:ab:3e
   |  RunID     = '\xd3\xac;\x0f\x17-\xb7+'
   |  RSVD      = ''
   |  NetworkID = '$\x94\xc1\x0c\xbcO\xb5'
   |  Reserved  = 0
   |  NMK       = ''

ANSWER

Answered 2022-Feb-25 at 12:01

The solution was to send the 2 byte field MatchVariableFieldLen in the CM_SLAC_MATCH_CNF message in little-endian byte order.

From the message that was send by the Renault Zoe, we can see that Zoe sends the CM_SLAC_MATCH_REQ with the MatchVariableFieldLen as 0x3e 0x00 (15872 == 0x3e00). Since this field should be 0x3e according to DIN SPEC 2014-12, we can see the byte order of this field is little-endian. So a reasonable guess was that it expects this field in little-endian in the response message.

Result: We received the SDP request and the messages after that.

The HomePlug GP Specification does not specify the endianness of this field in clause 11.5.58. But looking at the example in Table 11-316, one would say its big-endian.

It's clear that Zoe interpret this field as little-endian and doesn't accept 0x00 0x56 but accepts 0x56 0x00.

Kona and i3 either don't complain about this field and accept the message or Zoe's intepreting is false. Either way the cause of the problem has been identified.

Source https://stackoverflow.com/questions/71237398

QUESTION

How to use threading in python to make multiple fake access points with Scapy?

Asked 2022-Jan-07 at 17:04

So I've made a python program that creates a fake access point by sending lots of beacon frames using Scapy. The program works fine, but i wanted to expand it. I want the program to be able to make multiple fake access points. I tried simple threading but that didn't work out. I tried running the program on 3 different terminals and give each terminal another SSID. That worked fine, but i want my code to do that.

Here's my code:

from scapy.all import Dot11, Dot11Beacon, Dot11Elt, RadioTap, sendp, hexdump
import random, time, sys


class CreateBeacon:

  def __init__(self, ssid, number, addr):

    #info for frame
    self.ssid = ssid
    self.number = number
    self.addr = addr
    self.iface = 'wlan0mon'

    #attribute test
    #print('ssid: '+self.ssid+"\nnumber given: "+str(self.number)+"\naddress given: "+ self.addr)
    
    #Dot11 layer
    self.dot11 = Dot11(type=0, subtype=8, 
    addr1='ff:ff:ff:ff:ff:ff', 
    addr2 = addr,
    addr3 = addr)

    #Beacon layer
    self.beacon = Dot11Beacon(cap='ESS+privacy')

    #Information Element
    self.essid = Dot11Elt(ID='SSID', info=self.ssid, len=len(self.ssid))
    self.rsn = Dot11Elt(ID='RSNinfo', info=(
    '\x01\x00'
    '\x00\x0f\xac\x02'
    '\x02\x00'
    '\x00\x0f\xac\x04'
    '\x00\x0f\xac\x02'
    '\x01\x00'
    '\x00\x0f\xac\x02'
    '\x00\x00'))

    #all layers stacked
    self.frame = RadioTap()/self.dot11/self.beacon/self.essid/self.rsn

  def sendBeacon(self):
    self.frame.show()
    time.sleep(.2)
    print("\nHexDump of frame: ")
    time.sleep(.2)
    hexdump(self.frame)
    enterStart = input("\nPress enter to start\n")
    sendp(self.frame, inter=0.050, iface=self.iface, loop=1)


class Number:

  def __init__(self, number):
    self.number1 = number
    try:
      int(self.number1)
      if type(self.number1) == int:
        if self.number1 == 0:
          print('well goodbye then....')
          time.sleep(.2)
          sys.exit()
    except ValueError:
      self.number1 = int(1)

class SSID:

  def __init__(self, ssid):
    self.ssid = ssid
    if len(self.ssid) > 30:
      self.ssid = self.ssid[:30]

class Randmac:
  def __init__(self, number):
    self.number = number
  
  def generateMac(self):
    for i in range(self.number):
      random_mac = "%02x:%02x:%02x:%02x:%02x:%02x" % (random.randint(0, 255), random.randint(0, 255), random.randint(0, 255), random.randint(0, 255), random.randint(0, 255), random.randint(0, 255))
      return random_mac


#User Input
name_input = str(input('Enter the name of the fake AP(max 30 charachters): '))
num_input = int(input('Enter the how many fake APs u want: '))
num = Number(number=1)
name = SSID(ssid=name_input)
random_mac = Randmac(num.number1)

make_packet = CreateBeacon(name.ssid, num.number1, random_mac.generateMac())

send_packet = make_packet.sendBeacon()

Any help would be appreciated!

ANSWER

Answered 2022-Jan-07 at 17:02

So since nobody wanted to help me with my problem, i figured it out myself with simple multiprocessing. Here's my new code

from scapy.all import Dot11, Dot11Beacon, Dot11Elt, RadioTap, sendp, 
hexdump, RandMAC

import time, sys, multiprocessing

class CreateBeacon:

  def __init__(self, ssid, number):

    #info for frame
    self.ssid = ssid
    self.number = number
    self.addr = RandMAC()
    self.iface = 'wlan0mon'

    self.dot11 = Dot11(type=0, subtype=8, 
    addr1='ff:ff:ff:ff:ff:ff', 
    addr2 = self.addr,
    addr3 = self.addr)

    #Beacon layer
    self.beacon = Dot11Beacon(cap='ESS+privacy')

    #Information Element
    self.essid = Dot11Elt(ID='SSID', info=self.ssid, len=len(self.ssid))
    self.rsn = Dot11Elt(ID='RSNinfo', info=(
    '\x01\x00'
    '\x00\x0f\xac\x02'
    '\x02\x00'
    '\x00\x0f\xac\x04'
    '\x00\x0f\xac\x02'
    '\x01\x00'
    '\x00\x0f\xac\x02'
    '\x00\x00'))

    #all layers stacked
    self.frame = RadioTap()/self.dot11/self.beacon/self.essid/self.rsn
  def Send(self):
    sendp(self.frame, inter=0.050, iface=self.iface, loop=1)



# class SendBeacon:
#   def __init__(self, frame):
#     self.frame = frame
  
#   def Send(self):

#     sendp(self.frame, inter=0.050, iface=self.iface, loop=1)



class MultiProcessBeacon:
  def __init__(self, ssid, number):
    self.ssid = ssid
    self.number = number

  def MultiProcessSend(self):
    for i in range(self.number):
      Beacon = CreateBeacon(ssid=self.ssid[i], number=self.number)
      i += 1
      str(i)
      # i = multiprocessing.Process(target=SendBeacon.Send, 
      args=Beacon.frame)
      for _ in range(3):    #sending out the same beacon 3 times because 
      for some reason sending only 1 beacon does not always work
        try:
          i = multiprocessing.Process(target=Beacon.Send)
          i.start()
        except KeyboardInterrupt:
          print('processes stopped')
          time.sleep(1)



class InputMain():
  def __init__(self):

    input_number = input('Enter how many fake AP\'s do you want (In 
    intregers): ')#int(4)
    #intreger input handeling
    try:
      int(input_number)
      if int(input_number) == 0:
        print('well goodbye then....')
        time.sleep(1)
        sys.exit()
    except ValueError:
      print("ValueError detected; number of fake AP(s) = 1")
      time.sleep(1)
      input_number = int(1)
    

    input_ssid = []#('s-one', 's-two', 's-three', 's-fore') #we'll make 
    it first a list so we can append stuff to it
    for n in range(int(input_number)):
      n += 1 #because it starts with 0
      ask_ssid = input('Name SSID for AP number ' + str(n)+': ')

      if len(ask_ssid) > 32:
        print('Maximum length of ssid exceeded.')
        ask_ssid = ask_ssid[32]
      input_ssid.append(ask_ssid)

    tuple(input_ssid)
    
    self.given_number = int(input_number)
    self.given_ssid = input_ssid
    passInfo_toMulti = MultiProcessBeacon(ssid=self.given_ssid, 
    number=self.given_number)
    passInfo_toMulti.MultiProcessSend()

start = InputMain()

Source https://stackoverflow.com/questions/70600994

QUESTION

Getting all IP addresses connected to WiFi using python and scapy

Asked 2022-Jan-05 at 03:18

How would I get the IP addresses of all ips connected to wifi (that I am on). I tried doing it by using sniff() and getting all src IP of those packets using the following lines:

ips = []
    captured = sniff(count=200)
        for i in range(len(captured)):
            try:
               rpp = captured[i].getlayer(IP).src
                if "192." in rpp and rpp != router_ip:
                    ips.append(rpp)
            ips = list(set(ips))

But this rarely gets me all IP's, so how would I pull that off using python and (if needed) scapy?

ANSWER

Answered 2022-Jan-05 at 03:18

Forgive me if I'm misunderstanding your question.. what you're trying to do is map all live hosts on your LAN?

A simpler approach is to use the builtin ipaddress and socket libraries. For each IP in your LAN subnet, try connecting a socket to various ports (TCP/UDP). If a connection is established, a host exists at that IP.

Here's some code I can think of that might solve your problem (I have not tested this myself)

import socket
import ipaddress

live_hosts = []

# google popular tcp/udp ports and add more port numbers to your liking
common_tcp_ports = [23, 80, 443, 445]
common_udp_ports = [67, 68, 69]

def scan_subnet_for_hosts(subn = '192.168.1.0/24'):
    network = ipaddress.IPv4Network(subn)
    for ipaddr in list(network.hosts()):
        for port in common_tcp_ports:
             try:
                 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_TCP)
                 s.connect((str(ipaddr), port))
                 live_hosts.append(ipaddr)
             except socket.error:
                 continue
        for port in common_udp_ports:
             try:
                 s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
                 # UDP is connectionless, so you might have to try using s.send() as well
                 s.connect((str(ipaddr), port))
                 live_hosts.append(ipaddr)
             except socket.error:
                 continue

scan_subnet_for_hosts()
for host in live_hosts:
    print(f"Found live host: {str(host)}")

Source https://stackoverflow.com/questions/70586967

QUESTION

"OSError: [WinError 10022] An invalid argument was supplied" when trying to send TCP SYN packet (python)

Asked 2021-Dec-10 at 16:53

Currently trying to make handshake process on python using raw sockets but for some reason I can't send any packet with TCP protocol receiving OSError: [WinError 10022] An invalid argument was supplied. Here is my code:

s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
s.sendto(packet, ('8.8.8.8', 80))

As packet I have tried to use scapy's TCP packet, TCP bytes from wireshark after successful sendings with other libraries and also hand-made byte strings:

def chksum(packet: bytes) -> int:
    if len(packet) % 2 != 0:
        packet += b'\0'

    res = sum(array.array("H", packet))
    res = (res >> 16) + (res & 0xffff)
    res += res >> 16

    return (~res) & 0xffff


class TCPPacket:
    def __init__(self,
                 src_host:  str,
                 src_port:  int,
                 dst_host:  str,
                 dst_port:  int,
                 flags:     int = 0):
        self.src_host = src_host
        self.src_port = src_port
        self.dst_host = dst_host
        self.dst_port = dst_port
        self.flags = flags

    def build(self) -> bytes:
        packet = struct.pack(
            '!HHIIBBHHH',
            self.src_port,  # Source Port
            self.dst_port,  # Destination Port
            0,              # Sequence Number
            0,              # Acknoledgement Number
            5 << 4,         # Data Offset
            self.flags,     # Flags
            8192,           # Window
            0,              # Checksum (initial value)
            0               # Urgent pointer
        )

        pseudo_hdr = struct.pack(
            '!4s4sHH',
            socket.inet_aton(self.src_host),    # Source Address
            socket.inet_aton(self.dst_host),    # Destination Address
            socket.IPPROTO_TCP,                 # PTCL
            len(packet)                         # TCP Length
        )

        checksum = chksum(pseudo_hdr + packet)

        packet = packet[:16] + struct.pack('H', checksum) + packet[18:]

        return packet

So literally no idea why my socket doesn't like any packet

ANSWER

Answered 2021-Dec-10 at 16:53

I found out what is wrong. Windows doesn't allow to send TCP packets with raw sockets so this code will never work. Probably it is possible to write the same with scapy or using other libraries but that's not what I need so the only way to make it work is to run on linux. Still not sure if the packet creation is correct but TCP protocol with raw sockets sure works fine on linux.

Source https://stackoverflow.com/questions/70182806

QUESTION

Python Scapy - create a new protocol definition within UDP Data

Asked 2021-Oct-07 at 02:26

Is it possible to use Scapy's PcapReader to analyze UDP packet data with custom fields? For example, within the UDP packet Data (see attached Wireshark capture), there are the following fields of my_proto:

VER - 2 bytes
FLAGS - 2 bytes
TIMESTAMP - 8 bytes
VAL1 - 4 bytes
VAL2 - 4 bytes, etc

I would like to parse these fields, such that for each packet received I can retrieve [my_proto].VER, [my_proto].FLAGS, etc.

I think what I want is similar to the Disney example in the documentation, however, I am unsure of how to bind (not sure if that is the right word) it to the Data portion of UDP. (https://scapy.readthedocs.io/en/latest/build_dissect.html)

enter image description here

ANSWER

Answered 2021-Sep-30 at 16:51

as you said your protocol could like similar to that:

from scapy.all import Packet,LEShortField, LELongField, LEIntField

class GreatProtocol(Packet):
    name = "GreatProtocol "
    fields_desc=[ LEShortField("VER", 0),
                  LEShortField("FLAGS",0),
                  LELongField("TIMESTAMP", 0),
                  LEIntField("VAL1", 0),
                 ]

now, to bind you need to use the function bind. you could use it 3 different ways:

All UDP payload are GreatProtocol (not recomended)
All UDP with dest port = X are GreatProtocol (most logical)
All UDP with src port = X are GreatProtocol

from scapy.all import bind_layers
from scapy.layers.inet import UDP


# All UDP payload are GreatProtocol (not recomended)
bind_layers(UDP, GreatProtocol)

# All UDP with dest port = X are GreatProtocol (most logical)
bind_layers(UDP, GreatProtocol, dport=55)


# All UDP with src port = X are GreatProtocol
bind_layers(UDP, GreatProtocol, sport=99)

note that I show using the src and dst port, but you can use any field of the layer UDP

there is also the option of doing a one off.



my_packet[UDP].decode_payload_as(GreatProtocol)

docs:

creating layer: https://scapy.readthedocs.io/en/latest/build_dissect.html

binding layer: https://scapy.readthedocs.io/en/latest/build_dissect.html#binding-layers

decode_payload_as: https://scapy.readthedocs.io/en/latest/api/scapy.packet.html#scapy.packet.Packet.decode_payload_as

Source https://stackoverflow.com/questions/69370368

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install scapy

Scapy is usable either as a shell or as a library. For further details, please head over to Getting started with Scapy, which is part of the documentation.