Scapy: Difference between revisions

From charlesreid1
Line 39: Line 39:


[[Image:ScapyPrompt.png|500px]]
[[Image:ScapyPrompt.png|500px]]
=Listing Scapy Commands=
Once you get to the Scapy prompt, you can see all the different Scapy functions available to you with the <code>lsc()</code> command:
<pre>
>>> lsc()
arpcachepoison      : Poison target's cache with (your MAC,victim's IP) couple
arping              : Send ARP who-has requests to determine which hosts are up
bind_layers        : Bind 2 layers on some specific fields' values
bridge_and_sniff    : Forward traffic between two interfaces and sniff packets exchanged
corrupt_bits        : Flip a given percentage or number of bits from a string
corrupt_bytes      : Corrupt a given percentage or number of bytes from a string
defrag              : defrag(plist) -> ([not fragmented], [defragmented],
defragment          : defrag(plist) -> plist defragmented as much as possible
dyndns_add          : Send a DNS add message to a nameserver for "name" to have a new "rdata"
dyndns_del          : Send a DNS delete message to a nameserver for "name"
etherleak          : Exploit Etherleak flaw
fragment            : Fragment a big IP datagram
fuzz                : Transform a layer into a fuzzy layer by replacing some default values by random objects
getmacbyip          : Return MAC address corresponding to a given IP address
hexdiff            : Show differences between 2 binary strings
hexdump            : --
hexedit            : --
is_promisc          : Try to guess if target is in Promisc mode. The target is provided by its ip.
linehexdump        : --
ls                  : List  available layers, or infos on a given layer
promiscping        : Send ARP who-has requests to determine which hosts are in promiscuous mode
rdpcap              : Read a pcap file and return a packet list
send                : Send packets at layer 3
sendp              : Send packets at layer 2
sendpfast          : Send packets at layer 2 using tcpreplay for performance
sniff              : Sniff packets
split_layers        : Split 2 layers previously bound
sr                  : Send and receive packets at layer 3
sr1                : Send packets at layer 3 and return only the first answer
srbt                : send and receive using a bluetooth socket
srbt1              : send and receive 1 packet using a bluetooth socket
srflood            : Flood and receive packets at layer 3
srloop              : Send a packet at layer 3 in loop and print the answer each time
srp                : Send and receive packets at layer 2
srp1                : Send and receive packets at layer 2 and return only the first answer
srpflood            : Flood and receive packets at layer 2
srploop            : Send a packet at layer 2 in loop and print the answer each time
traceroute          : Instant TCP traceroute
tshark              : Sniff packets and print them calling pkt.show(), a bit like text wireshark
wireshark          : Run wireshark on a list of packets
wrpcap              : Write a list of packets to a pcap file
</pre>

Revision as of 01:39, 11 January 2016

Scapy

Scapy is a Python library for parsing out wireless information. Imagine an API for your hardware, aircrack, nmap, tcpdump, traceroute, and various other networking utilities, all rolled into one Python library. That's Scapy.

References

Great intro to scapy's many functions: http://www.secdev.org/projects/scapy/demo.html

Great video tutorial: https://www.youtube.com/watch?v=-s4iyNSxs1k

Same setup, with a small battery-powered router: http://minipwner.com/index.php/forum/6-minipnwer-use/1787-my-experience-with-aircrack

Installing Scapy on Mac

NameError: global name dnet is not defined

On starting Scapy, I was seeing an error related to dnet.

Scapy has a number of dependencies on the Mac. One of them is a Python module that wraps a C library called dnet. If you try to install pydnet using pip, you will get errors when you run Scapy. But you can install libdnet from source, then build the Python extension yourself.

Hat tip to this page: http://juhalaaksonen.com/blog/2013/12/11/installing-scapy-for-mac-os-x/ 

#!/bin/sh 

wget http://libdnet.googlecode.com/files/libdnet-1.12.tgz
tar xfz libdnet-1.12.tgz
cd libdnet-1.12
./configure
make
sudo make install
cd python
sudo python setup.py install

Alternatively, you could use Homebrew to install libdnet and then install scapy, but that requires you to use Homebrew's Python - you can't mix, for example, a Python.org python install with a Homebrew install of Scapy.

Once you're done, you should be able to fire up scapy and get a command prompt:

ScapyPrompt.png

Listing Scapy Commands

Once you get to the Scapy prompt, you can see all the different Scapy functions available to you with the lsc() command: 

>>> lsc()
arpcachepoison      : Poison target's cache with (your MAC,victim's IP) couple
arping              : Send ARP who-has requests to determine which hosts are up
bind_layers         : Bind 2 layers on some specific fields' values
bridge_and_sniff    : Forward traffic between two interfaces and sniff packets exchanged
corrupt_bits        : Flip a given percentage or number of bits from a string
corrupt_bytes       : Corrupt a given percentage or number of bytes from a string
defrag              : defrag(plist) -> ([not fragmented], [defragmented],
defragment          : defrag(plist) -> plist defragmented as much as possible
dyndns_add          : Send a DNS add message to a nameserver for "name" to have a new "rdata"
dyndns_del          : Send a DNS delete message to a nameserver for "name"
etherleak           : Exploit Etherleak flaw
fragment            : Fragment a big IP datagram
fuzz                : Transform a layer into a fuzzy layer by replacing some default values by random objects
getmacbyip          : Return MAC address corresponding to a given IP address
hexdiff             : Show differences between 2 binary strings
hexdump             : --
hexedit             : --
is_promisc          : Try to guess if target is in Promisc mode. The target is provided by its ip.
linehexdump         : --
ls                  : List  available layers, or infos on a given layer
promiscping         : Send ARP who-has requests to determine which hosts are in promiscuous mode
rdpcap              : Read a pcap file and return a packet list
send                : Send packets at layer 3
sendp               : Send packets at layer 2
sendpfast           : Send packets at layer 2 using tcpreplay for performance
sniff               : Sniff packets
split_layers        : Split 2 layers previously bound
sr                  : Send and receive packets at layer 3
sr1                 : Send packets at layer 3 and return only the first answer
srbt                : send and receive using a bluetooth socket
srbt1               : send and receive 1 packet using a bluetooth socket
srflood             : Flood and receive packets at layer 3
srloop              : Send a packet at layer 3 in loop and print the answer each time
srp                 : Send and receive packets at layer 2
srp1                : Send and receive packets at layer 2 and return only the first answer
srpflood            : Flood and receive packets at layer 2
srploop             : Send a packet at layer 2 in loop and print the answer each time
traceroute          : Instant TCP traceroute
tshark              : Sniff packets and print them calling pkt.show(), a bit like text wireshark
wireshark           : Run wireshark on a list of packets
wrpcap              : Write a list of packets to a pcap file
Retrieved from "https://charlesreid1.com/w/index.php?title=Scapy&oldid=8716"