コード例 #1
0
ファイル: nmap.py プロジェクト: plorinquer/scapy
def nmap_sig(target, oport=80, cport=81, ucport=1):
    res = {}

    tcpopt = [("WScale", 10),
              ("NOP", None),
              ("MSS", 256),
              ("Timestamp", (123, 0))]
    tests = [
        IP(dst=target, id=1) /
        TCP(seq=1, sport=5001 + i, dport=oport if i < 4 else cport,
            options=tcpopt, flags=flags)
        for i, flags in enumerate(["CS", "", "SFUP", "A", "S", "A", "FPU"])
    ]
    tests.append(IP(dst=target) / UDP(sport=5008, dport=ucport) / (300 * "i"))

    ans, unans = sr(tests, timeout=2)
    ans.extend((x, None) for x in unans)

    for snd, rcv in ans:
        if snd.sport == 5008:
            res["PU"] = (snd, rcv)
        else:
            test = "T%i" % (snd.sport - 5000)
            if rcv is not None and ICMP in rcv:
                warning("Test %s answered by an ICMP", test)
                rcv = None
            res[test] = rcv

    return nmap_probes2sig(res)
コード例 #2
0
ファイル: nmap.py プロジェクト: AntBean/scapy-com8aa1453d8d24
def nmap_sig(target, oport=80, cport=81, ucport=1):
    res = {}

    tcpopt = [ ("WScale", 10),
               ("NOP",None),
               ("MSS", 256),
               ("Timestamp",(123,0)) ]
    tests = [ IP(dst=target, id=1)/TCP(seq=1, sport=5001, dport=oport, options=tcpopt, flags="CS"),
              IP(dst=target, id=1)/TCP(seq=1, sport=5002, dport=oport, options=tcpopt, flags=0),
              IP(dst=target, id=1)/TCP(seq=1, sport=5003, dport=oport, options=tcpopt, flags="SFUP"),
              IP(dst=target, id=1)/TCP(seq=1, sport=5004, dport=oport, options=tcpopt, flags="A"),
              IP(dst=target, id=1)/TCP(seq=1, sport=5005, dport=cport, options=tcpopt, flags="S"),
              IP(dst=target, id=1)/TCP(seq=1, sport=5006, dport=cport, options=tcpopt, flags="A"),
              IP(dst=target, id=1)/TCP(seq=1, sport=5007, dport=cport, options=tcpopt, flags="FPU"),
              IP(str(IP(dst=target)/UDP(sport=5008,dport=ucport)/(300*"i"))) ]

    ans, unans = sr(tests, timeout=2)
    ans += map(lambda x: (x,None), unans)

    for S,T in ans:
        if S.sport == 5008:
            res["PU"] = nmap_udppacket_sig(S,T)
        else:
            t = "T%i" % (S.sport-5000)
            if T is not None and T.haslayer(ICMP):
                warning("Test %s answered by an ICMP" % t)
                T=None
            res[t] = nmap_tcppacket_sig(T)

    return res
コード例 #3
0
ファイル: isakmp.py プロジェクト: Jadkadan/scapy
def ikescan(ip):
    return sr(
        IP(dst=ip)
        / UDP()
        / ISAKMP(init_cookie=RandString(8), exch_type=2)
        / ISAKMP_payload_SA(prop=ISAKMP_payload_Proposal())
    )
コード例 #4
0
ファイル: ikev2.py プロジェクト: juanvelascogomez/scapy
def ikev2scan(ip):
    return sr(
        IP(dst=ip)
        / UDP()
        / IKEv2(init_SPI=RandString(8), exch_type=34)
        / IKEv2_payload_SA(prop=IKEv2_payload_Proposal())
    )
コード例 #5
0
ファイル: isakmp.py プロジェクト: commial/scapy
def ikescan(ip):
    """Sends/receives a ISAMPK payload SA with payload proposal"""
    pkt = IP(dst=ip)
    pkt /= UDP()
    pkt /= ISAKMP(init_cookie=RandString(8), exch_type=2)
    pkt /= ISAKMP_payload_SA(prop=ISAKMP_payload_Proposal())
    return sr(pkt)
コード例 #6
0
ファイル: inet.py プロジェクト: Thomas8753/antinetcut
def traceroute(target, dport=80, minttl=1, maxttl=30, sport=RandShort(), l4 = None, filter=None, timeout=2, verbose=None, **kargs):
    """Instant TCP traceroute
traceroute(target, [maxttl=30,] [dport=80,] [sport=80,] [verbose=conf.verb]) -> None
"""
    if verbose is None:
        verbose = conf.verb
    if filter is None:
        # we only consider ICMP error packets and TCP packets with at
        # least the ACK flag set *and* either the SYN or the RST flag
        # set
        filter="(icmp and (icmp[0]=3 or icmp[0]=4 or icmp[0]=5 or icmp[0]=11 or icmp[0]=12)) or (tcp and (tcp[13] & 0x16 > 0x10))"
    if l4 is None:
        a,b = sr(IP(dst=target, id=RandShort(), ttl=(minttl,maxttl))/TCP(seq=RandInt(),sport=sport, dport=dport),
                 timeout=timeout, filter=filter, verbose=verbose, **kargs)
    else:
        # this should always work
        filter="ip"
        a,b = sr(IP(dst=target, id=RandShort(), ttl=(minttl,maxttl))/l4,
                 timeout=timeout, filter=filter, verbose=verbose, **kargs)

    a = TracerouteResult(a.res)
    if verbose:
        a.show()
    return a,b
コード例 #7
0
ファイル: inet.py プロジェクト: Thomas8753/antinetcut
def report_ports(target, ports):
    """portscan a target and output a LaTeX table
report_ports(target, ports) -> string"""
    ans,unans = sr(IP(dst=target)/TCP(dport=ports),timeout=5)
    rep = "\\begin{tabular}{|r|l|l|}\n\\hline\n"
    for s,r in ans:
        if not r.haslayer(ICMP):
            if r.payload.flags == 0x12:
                rep += r.sprintf("%TCP.sport% & open & SA \\\\\n")
    rep += "\\hline\n"
    for s,r in ans:
        if r.haslayer(ICMP):
            rep += r.sprintf("%TCPerror.dport% & closed & ICMP type %ICMP.type%/%ICMP.code% from %IP.src% \\\\\n")
        elif r.payload.flags != 0x12:
            rep += r.sprintf("%TCP.sport% & closed & TCP %TCP.flags% \\\\\n")
    rep += "\\hline\n"
    for i in unans:
        rep += i.sprintf("%TCP.dport% & ? & unanswered \\\\\n")
    rep += "\\hline\n\\end{tabular}\n"
    return rep
コード例 #8
0
def queso_sig(target, dport=80, timeout=3):
    p = queso_kdb.get_base()
    ret = []
    for flags in ["S", "SA", "F", "FA", "SF", "P", "SEC"]:
        ans, unans = sr(IP(dst=target)/TCP(dport=dport,flags=flags,seq=RandInt()),
                        timeout=timeout, verbose=0)
        if len(ans) == 0:
            rs = "- - - -"
        else:
            s,r = ans[0]
            rs = "%i" % (r.seq != 0)
            if not r.ack:
                r += " 0"
            elif r.ack-s.seq > 666:
                rs += " R" % 0
            else:
                rs += " +%i" % (r.ack-s.seq)
            rs += " %X" % r.window
            rs += " %x" % r.payload.flags
        ret.append(rs)
    return ret
コード例 #9
0
def send_wait_for_message(step, exp_message):
    """
    Block until the given message is (not) received.
    Parameter:
    new: (' new', optional): Only check the output printed since last time
                             this step was used for this process.
    process_name ('<name> stderr'): Name of the process to check the output of.
    message ('message <message>'): Output (part) to wait for.
    """
    world.cliopts = [] #clear options, always build new message, also possible make it in client_send_msg
    #debug.recv = []

    conf.use_pcap = True

    # Uncomment this to get debug.recv filled with all received messages
    #conf.debug_match = True
    ans,unans = sr(world.climsg, iface=world.cfg["iface"], timeout=1, nofilter=1, verbose=99)

    expected_type_found = False
    received_names = ""
    world.srvmsg = []
    for x in ans:
        a,b = x
        world.srvmsg.append(b)
        print("Debug: Received packet type = %s" % get_msg_type(b))
        received_names = get_msg_type(b) + " " + received_names
        if (get_msg_type(b) == exp_message):
            expected_type_found = True

    for x in unans:
        print("Unmatched packet type = %s" % get_msg_type(x))

    print("Received traffic (answered/unanswered): %d/%d packet(s)." % (len(ans), len(unans)))

    assert len(world.srvmsg) != 0, "No response received."

    assert expected_type_found, "Expected message " + exp_message + " not received (got " + received_names + ")"
コード例 #10
0
ファイル: srv_msg.py プロジェクト: Streder/forge
def send_wait_for_message(condition_type, presence, exp_message):
    """
    Block until the given message is (not) received.
    Parameter:
    new: (' new', optional): Only check the output printed since last time
                             this step was used for this process.
    process_name ('<name> stderr'): Name of the process to check the output of.
    message ('message <message>'): Output (part) to wait for.
    """
    world.cliopts = [
    ]  # clear options, always build new message, also possible make it in client_send_msg
    may_flag = False
    #debug.recv=[]
    if str(condition_type) in "MUST":
        pass
    elif str(condition_type) in "MAY":
        may_flag = True
    # we needs to get it operational
    # problem: break test with success. (for now we can break test only with fail)
    else:
        assert False, "Invalid expected behavior: %s." % str(condition_type)

    # Uncomment this to get debug.recv filled with all received messages
    conf.debug_match = True

    # checkIPsrc must be False so scapy can correctly match response to request
    conf.checkIPsrc = False
    apply_message_fields_changes()
    timeout = world.cfg["wait_interval"]
    if "HA" in os.environ.get('PYTEST_CURRENT_TEST').split("/"):
        timeout *= world.f_cfg.ha_packet_wait_interval_factor
    ans, unans = sr(world.climsg,
                    iface=world.cfg["iface"],
                    timeout=timeout,
                    nofilter=1,
                    verbose=world.scapy_verbose)

    if world.f_cfg.show_packets_from in ['both', 'client']:
        world.climsg[0].show()

    expected_type_found = False
    received_names = ""
    world.srvmsg = []
    for x in ans:
        a, b = x
        world.srvmsg.append(b)

        if world.f_cfg.show_packets_from in ['both', 'server']:
            b.show()

        if not world.loops["active"]:
            log.info("Received packet type=%s" % get_msg_type(b))

        received_names = get_msg_type(b) + " " + received_names
        if get_msg_type(b) == exp_message:
            expected_type_found = True

    if exp_message is not None:
        for x in unans:
            log.error(("Unanswered packet type=%s" %
                       dhcp6.dhcp6_cls_by_type[x.msgtype]))

    if not world.loops["active"]:
        log.debug("Received traffic (answered/unanswered): %d/%d packet(s)." %
                  (len(ans), len(unans)))

    if may_flag:
        if len(world.srvmsg) != 0:
            assert True, "Response received."
        if len(world.srvmsg) == 0:
            assert True, "Response not received."  # stop the test... ??
    elif presence:
        assert len(world.srvmsg) != 0, "No response received."
        assert expected_type_found, "Expected message " + exp_message + " not received (got " + received_names + ")"
    elif not presence:
        assert len(world.srvmsg) == 0, "Response received, not expected"

    return world.srvmsg
        #print ("In UDP Flag")

        if (hostType == "singleHost"):

            #Add Table Headers to HTML
            htmlText = htmlText + "<h2>UDP Scan: " + str(
                hostIP
            ) + "<table><tr> <th>Host</th> <th>Port</th> <th>Status</th> </tr>"

            #build and send UDP packets for single host, multiple ports
            try:
                for port in ports:
                    ip = IP(dst=host)
                    udp = UDP(dport=int(port), sport=123)
                    packet = ip / udp
                    response = sr(packet, verbose=False, timeout=20)

                    try:
                        check = response[0][ICMP][0][1][ICMP]
                        print("Port {} on {} is closed".format(port, host))
                        #Add host, port, and status to HTML
                        htmlText = htmlText + "<tr> <td>" + hostIP + "</td> <td>" + str(
                            port) + "</td> <td>Closed</td> </tr>"

                    except IndexError:
                        print("Port {} on {} is open|filtered".format(
                            port, host))
                        #Add host, port, and status to HTML
                        htmlText = htmlText + "<tr> <td>" + hostIP + "</td> <td>" + str(
                            port) + "</td> <td>open|filtered</td> </tr>"
コード例 #12
0
ファイル: srv_msg.py プロジェクト: isc-projects/forge
def send_wait_for_message(condition_type, presence, exp_message):
    """
    Block until the given message is (not) received.
    Parameter:
    new: (' new', optional): Only check the output printed since last time
                             this step was used for this process.
    process_name ('<name> stderr'): Name of the process to check the output of.
    message ('message <message>'): Output (part) to wait for.
    """
    world.cliopts = []  # clear options, always build new message, also possible make it in client_send_msg
    may_flag = False
    #debug.recv=[]
    if str(condition_type) in "MUST":
        pass
    elif str(condition_type) in "MAY":
        may_flag = True
    # we needs to get it operational
    # problem: break test with success. (for now we can break test only with fail)
    else:
        assert False, "Invalid expected behavior: %s." % str(condition_type)

    # Uncomment this to get debug.recv filled with all received messages
    conf.debug_match = True

    # checkIPsrc must be False so scapy can correctly match response to request
    conf.checkIPsrc = False
    apply_message_fields_changes()

    ans, unans = sr(world.climsg,
                    iface=world.cfg["iface"],
                    timeout=world.cfg["wait_interval"],
                    nofilter=1,
                    verbose=world.scapy_verbose)

    if world.f_cfg.show_packets_from in ['both', 'client']:
            world.climsg[0].show()

    expected_type_found = False
    received_names = ""
    world.srvmsg = []
    for x in ans:
        a, b = x
        world.srvmsg.append(b)

        if world.f_cfg.show_packets_from in ['both', 'server']:
            b.show()

        if not world.loops["active"]:
            log.info("Received packet type=%s" % get_msg_type(b))

        received_names = get_msg_type(b) + " " + received_names
        if get_msg_type(b) == exp_message:
            expected_type_found = True

    for x in unans:
        log.error(("Unanswered packet type=%s" % dhcp6.dhcp6_cls_by_type[x.msgtype]))

    if not world.loops["active"]:
        log.debug("Received traffic (answered/unanswered): %d/%d packet(s)." % (len(ans), len(unans)))

    if may_flag:
        if len(world.srvmsg) != 0:
            assert True, "Response received."
        if len(world.srvmsg) == 0:
            assert True, "Response not received."  # stop the test... ??
    elif presence:
        assert len(world.srvmsg) != 0, "No response received."
        assert expected_type_found, "Expected message " + exp_message + " not received (got " + received_names + ")"
    elif not presence:
        assert len(world.srvmsg) == 0, "Response received, not expected"

    return world.srvmsg
コード例 #13
0
ファイル: ikev2.py プロジェクト: JhonIslanskha/Garuda-Tools
def ikev2scan(ip):
    return sr(
        IP(dst=ip) / UDP() / IKEv2(init_SPI=RandString(8), exch_type=34) /
        IKEv2_payload_SA(prop=IKEv2_payload_Proposal()))
コード例 #14
0
ファイル: network.py プロジェクト: stackpath/scouter
def ping(dst, **kwargs):
    """Function to execute a ping test.

    Args:
        dst            (str): The destination address to ping. Can be either a FQDN or an IP
                              address.
        **count        (int): Keyword argument to optionally specify the number of ping packets
                              to send in a single test. Defaults to 10. Max value of 20.
        **payload_size (int): Keyword argument to optionally specify the ICMP packet's payload size.
                              Defaults to 56. Max value of 1472.

    Returns:
        dict: Returns a dictionary object with test results.

    """
    rtt = []
    comment = None
    count = kwargs.get("count", 10)
    if isinstance(count, str) and not count.isdigit():
        raise TypeError(f"Provided 'count' of '{count}' must be an integer.")
    count = abs(int(count))
    if not 1 <= count <= 20:
        comment = f"Provided count of '{count}' is not allowed. Defaulting to 10. Min: 1, Max: 20."
        count = 10
    payload_size = kwargs.get("payload_size", constants.PACKET_PAYLOAD_SIZE)
    if isinstance(payload_size, str) and not payload_size.isdigit():
        raise TypeError(
            f"Provided 'payload_size' of '{payload_size}' must be an integer.")
    payload_size = abs(int(payload_size))
    if not 0 <= payload_size <= 1472:
        raise ValueError(
            f"Provided 'packet_size' of '{payload_size}' is not allowed. Min: 0, Max: 1472."
        )
    result = {
        "dst": dst,
        "sent": count,
        "recv": None,
        "payload_size": payload_size,
        "packet_size": payload_size + 28,
        "loss": None,
        "rtt": {
            "min": None,
            "max": None,
            "avg": None
        },
        "replies": [],
        "comment": comment,
        "failed": True,
    }
    dst = _resolve(dst)
    # Get the correct egress interface name for the provided destination. This is to solve
    # issues with testing via a VPN.
    iface = _get_route_dev(dst)
    # Tell Scapy to NOT ignore the inner packet source. This is to avoid issues with NAT.
    conf.checkIPsrc = False
    # After much testing within our network I found that if we don't limit the number of
    # packets that Scapy receives in a single sniff it will essentially clog up and never
    # return from its receive loop. Adding a custom BPF filter stops this from occurring.
    packet_filter = f"(src host {dst} or dst host {dst}) and icmp"
    for seq in range(0, count):
        packet = ICMP(id=os.getpid(), seq=seq) / Raw(
            RandString(size=payload_size))
        ans = sr(
            IP(dst=dst, id=os.getpid()) / packet,
            iface=iface,
            filter=packet_filter,
            timeout=constants.PACKET_RECV_TIMEOUT,
            retry=constants.PACKET_SEND_RETRY,
            verbose=0,
        )[0]
        # Check if we got an echo-reply.
        if ans and ans[0][1][1].code == 0:
            rtt_ms = (ans[0][1].time - ans[0][0].sent_time) * 1000.0
            rtt.append(rtt_ms)
            result["replies"].append({
                "seq": ans[0][1].seq,
                "ttl": ans[0][1].ttl,
                "len":
                ans[0][1].len - 20,  # Bytes received minus the IP header.
                "rtt_ms": rtt_ms,
            })
        time.sleep(constants.PACKET_SEND_DELAY)
    # Calculate packet loss.
    result["loss"] = abs((100 * (len(rtt) - count) / count))
    # Set RTT timings if packets were received.
    if rtt:
        result["rtt"]["min"] = format(min(rtt), ".3f")
        result["rtt"]["max"] = format(max(rtt), ".3f")
        result["rtt"]["avg"] = format(sum(rtt) / len(rtt), ".3f")
        result["failed"] = False
    return result
コード例 #15
0
ファイル: 02_发包测试.py プロジェクト: qiantech/study
# copyright:   Copyright (c) 2017-2020 qa_tech Co., Ltd. All rights reserved.
# author:      Jia Huang
# create_time: 2020/7/15 15:42
# update_time: 2020/7/15 15:42
# description: function description
"""
scapy发送数据包有常用的如下几种方法:
send(pkt)  发送三层数据包,但不会受到返回的结果。
sr(pkt)  发送三层数据包,返回两个结果,分别是接收到响应的数据包和未收到响应的数据包。
sr1(pkt)  发送三层数据包,仅仅返回接收到响应的数据包。

sendp(pkt)  发送二层数据包。
srp(pkt)  发送二层数据包,并等待响应。
srp1(pkt)  发送第二层数据包,并返回响应的数据包
"""
from scapy.layers.inet import IP, TCP
from scapy.sendrecv import sr

# sr发送一个数据包,ans为响应的数据包,u_ans为未响应的数据包
pkt = IP(dst='114.114.114.114') / TCP(dport='http')
ans, u_ans = sr(pkt, timeout=1)
print(ans)
print(u_ans)

# 数据包来实现一个简单的SYN端口扫描,flags="S" 表示发送SYN数据包
port_scan = IP(dst='192.168.1.180') / TCP(dport=[22, 3389, 3306, 443, 445],
                                          flags='S')
ans, u_ans = sr(port_scan, timeout=1)

ans.summary()
コード例 #16
0
def ikev2scan(ip, **kwargs):
    """Send a IKEv2 SA to an IP and wait for answers."""
    return sr(
        IP(dst=ip) / UDP() / IKEv2(init_SPI=RandString(8), exch_type=34) /
        IKEv2_payload_SA(prop=IKEv2_payload_Proposal()),
        **kwargs)  # noqa: E501
コード例 #17
0
ファイル: rainbowscan.py プロジェクト: zzara/ShellUtils
elif args.level == 'med':
    level = 100

elif args.level == 'low':
    level = 500

elif args.level == 'insane':
    level = 1000

print('scanning the crap out of {}...'.format(sys.argv[1]))
for port in range(1,level):
    if args.icmp:
        # icmp scan
        network_layer = IP(dst=args.host)
        sr(network_layer/ICMP(), retry=0, timeout=0.001, verbose=False)
        print('icmp packet sent to host: counter {}'.format(port))

    if args.syn:
        # synscan
        network_layer = IP(dst=args.host)
        transport_layer = TCP(dport=port, flags="S")
        send(network_layer/transport_layer, verbose=False)
        print('syn packet sent to port {}'.format(port))

    if args.udp:
        # udp scan
        sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        sock.settimeout(.01)
        sock.sendto(bytes('rainbows', "utf-8"), (args.host, port))
        print('udp packet sent to port {}'.format(port))
コード例 #18
0
        packet_tos = IP(dst=list_of_network_addresses[j]) / TCP(dport=22)
        packet_len = IP(dst=list_of_network_addresses[j]) / TCP(dport=22)
        packet_id = IP(dst=list_of_network_addresses[j]) / TCP(dport=22)
        packet_frag = IP(dst=list_of_network_addresses[j]) / TCP(dport=22)
        packet_ttl = IP(dst=list_of_network_addresses[j]) / TCP(dport=22)
        packet_proto = IP(dst=list_of_network_addresses[j]) / TCP(dport=22)

        packet_ihl.ihl = 18
        packet_tos.tos = 18
        packet_len.len = 18
        packet_id.id = 18
        packet_frag.frag = 18
        packet_ttl.ttl = 18
        packet_proto.proto = 18

        answer_ihl = sr(packet_ihl, timeout=4)
        answer_tos = sr(packet_tos, timeout=4)
        answer_len = sr(packet_len, timeout=4)
        answer_id = sr(packet_id, timeout=4)
        answer_frag = sr(packet_frag, timeout=4)
        answer_ttl = sr(packet_ttl, timeout=4)
        answer_proto = sr(packet_proto, timeout=4)

        if len(answer_ihl[0]) != 0:
            if len(
                    nx.dijkstra_path(graph_ihl, list_of_network_addresses[0],
                                     list_of_network_addresses[j])) == 2:
                graph_ihl.add_edge(str(list_of_network_addresses[0]),
                                   str(list_of_network_addresses[j]),
                                   color='r',
                                   weight=6)
コード例 #19
0
def sendAndReceiveEthernetFrame(scapyFrame):
    return sr(scapyFrame, iface=managementServerNICName)
コード例 #20
0
packet_tc = IPv6(dst=ipv6_addr) / TCP(dport=22)
packet_fl = IPv6(dst=ipv6_addr) / TCP(dport=22)
packet_plen = IPv6(dst=ipv6_addr) / TCP(dport=22)
packet_nh = IPv6(dst=ipv6_addr) / TCP(dport=22)
packet_hlim = IPv6(dst=ipv6_addr) / TCP(dport=22)
packet_src = IPv6(dst=ipv6_addr) / TCP(dport=22)

packet_tc.tc = 18
packet_fl.fl = 18
packet_plen.plen = 18
packet_nh.nh = 18
packet_hlim.hlim = 18
packet_src.src = 18

answer_tc = sr(packet_tc, timeout=4)
answer_fl = sr(packet_fl, timeout=4)
answer_plen = sr(packet_plen, timeout=4)
answer_nh = sr(packet_nh, timeout=4)
answer_hlim = sr(packet_hlim, timeout=4)
answer_src = sr(packet_src, timeout=4)

if len(answer_tc[0]) != 0 and not hasattr(answer_tc[0][0][1], 'type'):
    result_json["tc"] = "True"
else:
    result_json["tc"] = "False"
if len(answer_fl[0]) != 0 and not hasattr(answer_fl[0][0][1], 'type'):
    result_json["fl"] = "True"
else:
    result_json["fl"] = "False"
コード例 #21
0
ファイル: 03_traceroute.py プロジェクト: qiantech/study
# -*- coding: utf-8 -*-
# copyright:   Copyright (c) 2017-2020 qa_tech Co., Ltd. All rights reserved.
# author:      Jia Huang
# create_time: 2020/7/16 11:18
# update_time: 2020/7/16 11:18
# description: function description
from scapy.layers.inet import IP, TCP
from scapy.sendrecv import sr
from scapy.volatile import RandShort

# tracert 114.114.114.114   windows每次发起3个icmp
ans, u_ans = sr(IP(dst='114.114.114.114', ttl=(1, 20), id=RandShort()) /
                TCP(flags=0x2),
                timeout=3)
for snd, rcv in ans:
    print(snd.ttl, rcv.src, isinstance(rcv.payload, TCP))

# 1 192.168.0.1 False   ttl=1时,到第一个路由时,Time-to-live exceeded返回icmp
# 2 192.168.1.1 False   ttl=2时,到第二个路由时,Time-to-live exceeded返回icmp
# 3 124.90.33.213 False
# 4 123.157.192.1 False
# 5 101.71.244.93 False
# 6 219.158.12.133 False
# 7 60.217.44.158 False
# 8 114.114.114.114 True
# 9 114.114.114.114 True
# 10 114.114.114.114 True
コード例 #22
0
def ikescan(ip):
    return sr(
        IP(dst=ip) / UDP() / ISAKMP(init_cookie=RandString(8), exch_type=2) /
        ISAKMP_payload_SA(prop=ISAKMP_payload_Proposal()))
コード例 #23
0
ファイル: ikev2.py プロジェクト: 6WIND/scapy
def ikev2scan(ip, **kwargs):
    """Send a IKEv2 SA to an IP and wait for answers."""
    return sr(IP(dst=ip)/UDP()/IKEv2(init_SPI=RandString(8),
                                      exch_type=34)/IKEv2_payload_SA(prop=IKEv2_payload_Proposal()), **kwargs)
コード例 #24
0
ファイル: network.py プロジェクト: stackpath/scouter
def traceroute(dst, **kwargs):
    """Function to execute a traceroute.

    Args:
        dst            (type): The destination address to trace to. Can be either a FQDN or an
                               IP address.
        **proto        (str) : Keyword argument to optionally specify the transport protocol to
                               use in the traceroute. Defaults to ICMP.
        **dport        (int) : Keyword argument to optionally specify the destination port.
                               Defaults to 80 if `proto` is TCP, and None if ICMP.
        **payload_size (int) : Keyword argument to optionally specify the ICMP/TCP packet's payload
                               size. Defaults to 56. Max value of 1472.
        **max_ttl      (int) : Keyword argument to optionally specify the max time-to-live
                               (max number of hops). Defaults to 32. Max value of 32.

    Returns:
        dict: Returns a dictionary object with test results.

    """
    comment = None
    asn_mmdb_reader = geoip2.database.Reader("mmdb/GeoLite2-ASN.mmdb")
    proto = kwargs.get("proto", "ICMP").upper()
    if proto not in ("ICMP", "TCP"):
        comment = (
            f"Provided 'proto' of '{proto}' is not supported. Defaulting to ICMP. ('ICMP', 'TCP')."
        )
        proto = "ICMP"
    dport = kwargs.get("dport", 80)
    if isinstance(dport, str) and not dport.isdigit():
        raise TypeError(f"Provided 'dport' of '{dport}' must be an integer.")
    dport = abs(int(dport))
    if not 0 <= dport <= 65535:
        raise ValueError(
            f"Provided 'dport' of '{dport}' is not allowed. Min: 0, Max: 65535."
        )
    payload_size = kwargs.get("payload_size", constants.PACKET_PAYLOAD_SIZE)
    if isinstance(payload_size, str) and not payload_size.isdigit():
        raise TypeError(
            f"Provided 'payload_size' of '{payload_size}' must be an integer.")
    payload_size = abs(int(payload_size))
    # ICMP has a maximum payload size of 1472 bytes which is significantly less than TCP's
    # supported maximum of 65535 bytes, but since we need to support both and I do not want
    # to exceed any MTUs; I'll leave 1472 as max.
    if not 0 <= payload_size <= 1472:
        raise ValueError(
            f"Provided 'packet_size' of '{payload_size}' is not allowed. Min: 0, Max: 1472."
        )
    max_ttl = kwargs.get("max_ttl", constants.TRACE_MAX_TTL)
    if isinstance(max_ttl, str) and not max_ttl.isdigit():
        raise TypeError(
            f"Provided 'max_ttl' of '{max_ttl}' must be an integer.")
    max_ttl = abs(int(max_ttl))
    if not 0 <= max_ttl <= 32:
        raise ValueError(f"Provided 'max_ttl' of '{max_ttl}' is not allowed. "
                         f"Min: 0, Max: {constants.TRACE_MAX_TTL}.")
    result = {
        "dst": dst,
        "proto": proto,
        "dport": dport,
        "payload_size": payload_size,
        "packet_size": payload_size + {
            "ICMP": 28,
            "TCP": 40
        }[proto],
        "trace": [],
        "comment": comment,
        "failed": True,
    }
    dst = _resolve(dst)
    # Get the correct egress interface name for the provided destination. This is to solve
    # issues with testing via a VPN.
    iface = _get_route_dev(dst)
    packet = (TCP(dport=dport, flags="S") if proto == "TCP" else ICMP()) / Raw(
        RandString(size=payload_size))
    # Tell Scapy to NOT ignore the inner packet source. This is to avoid issues with NAT.
    conf.checkIPsrc = False
    for ttl in range(constants.TRACE_MIN_TTL, max_ttl + 1):
        hop_data = {
            "asn": None,
            "ttl": ttl,
            "src": None,
            "hostname": None,
            "rtt_ms": None,
            "no_response": True,
        }
        ans = sr(
            IP(dst=dst, ttl=ttl, flags="DF", id=RandShort()) / packet,
            iface=iface,
            nofilter=0,
            timeout=constants.PACKET_RECV_TIMEOUT,
            retry=constants.PACKET_SEND_RETRY,
            verbose=0,
        )[0]
        if ans and ans[0][1].src not in [
                hop["src"] for hop in result["trace"]
        ]:
            try:
                hop_data["asn"] = asn_mmdb_reader.asn(
                    ans[0][1].src).autonomous_system_number
            except geoip2.errors.AddressNotFoundError:
                pass
            hop_data["src"] = ans[0][1].src
            hop_data["hostname"] = _resolve(ans[0][1].src, reverse=True)
            hop_data["rtt_ms"] = (ans[0][1].time - ans[0][0].sent_time) * 1000
            hop_data["no_response"] = False
            result["trace"].append(hop_data)
            if ans[0][1].src == dst:
                result["failed"] = False
                break
        else:
            result["trace"].append(hop_data)
    return result