def generator(self, ip_dst, n_generations, n_packets, selected_layer): # Select the final layer for randomize if selected_layer == "UDP": layer = UDP() elif selected_layer == "TCP": layer = TCP() else: layer = ICMP() for i in range(n_generations): print('Generating packets. (%s of %s)\n' % (i + 1, n_generations)) pkts_send = [ fuzz(IP(dst=ip_dst, src=RandIP())) / fuzz(layer) / str(RandString()) for j in range(n_packets) ] self.send_pkts(pkts_send)
def fuzz(self, target): for fc in self.frame_combos: p = fc[0] # base packet if p is not None: p = p(addr1=target) # dot11 packet for fp in fc[1:]: p /= fuzz(fp()) print(p.show()) self.f_send(p)
def write_data(addr): try: data = raw_input("Enter data to be written: ") packet = fuzz(L2CAP_Hdr(data)) srbt1(addr, packet, 0) except Exception as e: print("\n[!] Error: ") print(e) print('')
def main(): random.seed(args.seed) patterns = [] for i in xrange(args.patterns): transport = random.choice([UDP, TCP]) dst, src = get_rand_mac(), get_rand_mac() # cannot use fuzz() for Ethernet, or scapy tries to resolve the MAC # addresses based on the IP addresses p = Ether(dst=dst, src=src) / fuzz(IP()) / fuzz(transport()) payload = "a" * (args.psize - len(p)) p = p / payload patterns.append(p) packets = [] for i in xrange(args.packets): p = random.choice(patterns) packets.append(p) with open(args.out, 'w') as f: f.write("{} {}\n".format(args.packets, args.psize)) for p in packets: f.write(str(p))
def main(): random.seed(args.seed) patterns = [] for i in range(args.patterns): transport = random.choice([UDP, TCP]) dst, src = get_rand_mac(), get_rand_mac() # cannot use fuzz() for Ethernet, or scapy tries to resolve the MAC # addresses based on the IP addresses p = Ether(dst=dst, src=src) / fuzz(IP()) / fuzz(transport()) payload = "a" * (args.psize - len(p)) p = p / payload patterns.append(p) packets = [] for i in range(args.packets): p = random.choice(patterns) packets.append(p) with open(args.out, 'w') as f: f.write("{} {}\n".format(args.packets, args.psize)) for p in packets: f.write(str(p))
def gen_flags(self, field): """ Generates random valid flags. """ sample = fuzz(self.protocol()) # Since scapy lazily evaluates fuzzing, we first must set a # legitimate value for scapy to evaluate what combination of flags it is sample.flags = sample.flags return str(sample.flags)
def run_scapy(target, test_type, max_packets, return_packets, fuzz): packet_type = scapy.ICMP() if fuzz: packet_type = scapy.fuzz(packet_type) packet_gen = scapy.IP(dst=target) / packet_type packets = scapy.send(packet_gen, return_packets=return_packets, verbose=not return_packets, count=max_packets) if return_packets: packets.show()
def gen_flags(self, field): """ Generates a random set of flags. 50% of the time it picks randomly from a list of real flags, otherwise it returns fuzzed flags. """ if random.random() < 0.5: return random.choice(['S', 'A', 'SA', 'PA', 'FA', 'R', 'P', 'F', 'RA', '']) else: sample = fuzz(self.protocol()) # Since scapy lazily evaluates fuzzing, we first must set a # legitimate value for scapy to evaluate what combination of flags it is sample.flags = sample.flags return str(sample.flags)
def gen_udp_pkt(src=None, dst=None, payload_len=-1): """Generate random IP/UDP[Payload] packet :src: source IP address :dst: destination IP address :payload_len: size of payload :returns: packet as raw bytes """ getipaddr = lambda addr: rand_ipaddr() if addr is None else addr sip = getipaddr(src) dip = getipaddr(dst) payload = get_payload(payload_len) pkt = fuzz(IP(src=sip, dst=dip) / UDP()) / payload # pkt.show2() # os.write(2, str(pkt)) return str(pkt)
def gen(self, field): """ Generates a value for this field. """ assert field in self.fields if field in self.generators: return self.generators[field](field) # Dual field accessors are fields that require two pieces of information # to retrieve them (for example, "options-eol"). These are delimited by # a dash "-". base = field.split("-")[0] if "-" in field and base in self.generators: return self.generators[base](field) sample = fuzz(self.protocol()) new_value = getattr(sample, field) if new_value == None: new_value = 0 elif type(new_value) != int: new_value = new_value._fix() return new_value
def run(self, hosts, dport=53): # Send SYN with random Src Port for each Dst port for host in hosts: packet = IP(dst=host) / UDP(dport=dport) / fuzz(DNS()) answer = self.send_receive(packet)
from scapy.all import IPv6, Dot1Q, IP, Ether, UDP, TCP except ModuleNotFoundError as err: print(err + ": Scapy") import sys path = str(sys.argv[1]) + "/pcap/fuzzy.pcap" pktdump = PcapWriter(path, append=False, sync=True) for i in range(0, 2000): # Generate random protocol bases, use a fuzz() over the combined packet # for full fuzzing. eth = Ether(src=RandMAC(), dst=RandMAC()) vlan = Dot1Q() ipv4 = IP(src=RandIP(), dst=RandIP()) ipv6 = IPv6(src=RandIP6(), dst=RandIP6()) udp = UDP(dport=RandShort(), sport=RandShort()) tcp = TCP(dport=RandShort(), sport=RandShort()) # IPv4 packets with fuzzing pktdump.write(fuzz(eth / ipv4 / udp)) pktdump.write(fuzz(eth / ipv4 / tcp)) pktdump.write(fuzz(eth / vlan / ipv4 / udp)) pktdump.write(fuzz(eth / vlan / ipv4 / tcp)) # IPv6 packets with fuzzing pktdump.write(fuzz(eth / ipv6 / udp)) pktdump.write(fuzz(eth / ipv6 / tcp)) pktdump.write(fuzz(eth / vlan / ipv6 / udp)) pktdump.write(fuzz(eth / vlan / ipv6 / tcp))
#!/usr/bin/python #-*- coding: utf-8 -*- # Docs for interactive use # https://scapy.readthedocs.io/en/latest/usage.html?highlight=fuzz#fuzzing # Interactive example: >>> send(IP(dst="127.0.0.1")/fuzz(UDP()/NTP(version=4)),loop=1) from scapy.all import sr1, IP, fuzz, UDP, NTP target = "127.0.0.1" target = "192.168.49.39" while True: sr1(IP(dst=target) / fuzz(UDP() / NTP(version=4)), inter=4, timeout=1)
pkt = [] for i in range(0, size): if traffic_opt == "fuzzy": eth = Ether(src=RandMAC(), dst=RandMAC()) vlan = Dot1Q() udp = UDP(dport=RandShort(), sport=RandShort()) ipv4 = IP(src=RandIP(), dst=RandIP(), len=random.randint(0, 100)) ipv6 = IPv6(src=RandIP6(), dst=RandIP6(), plen=random.randint(0, 100)) tcp = TCP(dport=RandShort(), sport=RandShort(), flags='S', dataofs=random.randint(0, 15)) # IPv4 packets with fuzzing pkt.append(fuzz(eth / ipv4 / udp)) pkt.append(fuzz(eth / ipv4 / tcp)) pkt.append(fuzz(eth / vlan / ipv4 / udp)) pkt.append(fuzz(eth / vlan / ipv4 / tcp)) # IPv6 packets with fuzzing pkt.append(fuzz(eth / ipv6 / udp)) pkt.append(fuzz(eth / ipv6 / tcp)) pkt.append(fuzz(eth / vlan / ipv6 / udp)) pkt.append(fuzz(eth / vlan / ipv6 / tcp)) else: mac_addr_src = "52:54:00:FF:FF:{:02X}".format(i % 0xff) mac_addr_dst = "80:FF:FF:FF:FF:{:02X}".format(i % 0xff) src_port = 200 + (i % 20) dst_port = 1000 + (i % 20)
def syn(ip, port): # 发送SYN包判断端口是否开放 ans, unans = sr(IP(dst=ip) / fuzz(TCP(dport=port, flags="S"))) return ans, unans