Mat Wood thepacketgeek
thepacketgeek
/ 10-tcp-port-scan.py
Last active
December 26, 2015 06:39
TCP port scanner, 1 host for an array of specified ports
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import * | |
| import random | |
| # Define end host and TCP port range | |
| host = "www.facebook.com" | |
| portRange = [22,23,80,443,3389] | |
| # Send SYN with random Src Port for each Dst port | |
| for dstPort in portRange: | |
| srcPort = random.randint(1025,65534) | |
| resp = sr1(IP(dst=host)/TCP(sport=srcPort,dport=dstPort,flags="S"),timeout=1,verbose=0) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import * | |
| answer = sr1(IP(dst="8.8.8.8")/UDP(dport=53)/DNS(rd=1,qd=DNSQR(qname="www.thepacketgeek.com")),verbose=0) | |
| print answer[DNS].summary() |
thepacketgeek
/ 09-dns-spoofer.py
Last active
March 29, 2020 23:37
Emulating PlexConnect DNS spoofer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import * | |
| DNSServerIP = "172.16.20.40" | |
| filter = "udp port 53 and ip dst " + DNSServerIP + " and not ip src " + DNSServerIP | |
| def DNS_Responder(localIP): | |
| def forwardDNS(orig_pkt): | |
| print "Forwarding: " + orig_pkt[DNSQR].qname | |
| response = sr1(IP(dst="8.8.8.8")/UDP(sport=orig_pkt[UDP].sport)/\ |
thepacketgeek
/ 07-print-ping.py
Last active
December 25, 2015 04:49
Ping an IP and print out the summary of the response packets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import * | |
| print sr1(IP(dst="4.2.2.1")/ICMP()).summary() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import * | |
| print sniff(filter="arp",count=10).summary() |
thepacketgeek
/ 08-xmas-tree-packet.py
Last active
September 22, 2023 15:35
Scapy - Creating a TCP Christmas Tree Packet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import * | |
| from random import randint | |
| # Create the skeleton of our packet | |
| template = IP(dst="172.16.20.10")/TCP() | |
| # Start lighting up those bits! | |
| template[TCP].flags = "UFP" | |
| # Create a list with a large number of packets to send |
thepacketgeek
/ 07-arp_monitor.py
Last active
May 31, 2018 20:32
Scapy - Monitor ARP traffic on network with custom console output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import * | |
| def arp_display(pkt): | |
| if pkt[ARP].op == 1: #who-has (request) | |
| return "Request: " + pkt[ARP].psrc + " is asking about " + pkt[ARP].pdst | |
| if pkt[ARP].op == 2: #is-at (response) | |
| return "*Response: " + pkt[ARP].hwsrc + " has address " + pkt[ARP].psrc | |
| print sniff(prn=arp_display, filter="arp", store=0, count=10) |
thepacketgeek
/ scapy-single-object-argument.py
Created
October 7, 2013 23:20
Using the scapy 'prn' argument, pass an object along with packet in a sniff(), s(), or sr() function.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # define API options | |
| options = {"url": "http://hosted.app/api/packets", "token": "supersecretusertoken"} | |
| # create parent function with passed in arguments | |
| def customAction(options): | |
| # uploadPacket function has access to the options object because they are 'closed' in the nested function | |
| def uploadPacket(packet): | |
| # upload packet, using passed arguments | |
| headers = {'content-type': 'application/json'} | |
| r = requests.post(options["url"], data=json.dumps(packet,options["token"]), headers=headers) |
thepacketgeek
/ scapy-multiple-arguments.py
Created
October 7, 2013 23:19
Using the scapy 'prn' argument, pass multiple arguments along with packet in a sniff(), s(), or sr() function.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # define API options | |
| url = "http://hosted.app/api/packets" | |
| token = "supersecretusertoken" | |
| # create parent function with passed in arguments | |
| def customAction(url,token): | |
| # uploadPacket function has access to the url & token parameters because they are 'closed' in the nested function | |
| def uploadPacket(packet): | |
| # upload packet, using passed arguments | |
| headers = {'content-type': 'application/json'} |
thepacketgeek
/ scapy-CustomAction.py
Last active
December 24, 2015 22:59
Run a custom function on every packet sniffed with scapy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Import Scapy module | |
| from scapy.all import * | |
| ## Create a Packet Count var | |
| packetCount = 0 | |
| ## Define our Custom Action function | |
| def customAction(packet): | |
| global packetCount | |
| packetCount += 1 |