def multi_ping_scanner(source, interface, flood, flooding_interval):
for ifaces in scapy.arch.linux.in6_getifaddr(
): #in6_getifaddr() #return a list of IPs - ifaces, etc
if ifaces[2] == interface:
#Simple Echo Request
packet = scapy.layers.inet6.IPv6(
src=ifaces[0], dst="ff02::1") / create_layer4.icmpv6(
128, 0, "")
scapy.sendrecv.sendp(
scapy.layers.l2.Ether(dst="33:33:00:00:00:01") / packet,
iface=interface,
loop=flood,
inter=flooding_interval)
#Unsolicted Neighbor Advertisement
packet = scapy.layers.inet6.IPv6(
src=ifaces[0], dst="ff02::1"
) / scapy.layers.inet6.ICMPv6ND_NA(
R=0, S=0, O=0, tgt=auxiliary_functions.get_my_ip(interface))
scapy.sendrecv.sendp(
scapy.layers.l2.Ether(dst="33:33:00:00:00:01") / packet,
iface=interface,
loop=flood,
inter=flooding_interval)
#Unknown Option in an IPv6 Destination Option Extension Header
packet = scapy.layers.inet6.IPv6(
src=ifaces[0],
dst="ff02::1") / scapy.layers.inet6.IPv6ExtHdrDestOpt(
options=scapy.layers.inet6.HBHOptUnknown(
otype=128, optdata='x')) / create_layer4.icmpv6(
128, 0, "")
scapy.sendrecv.sendp(
scapy.layers.l2.Ether(dst="33:33:00:00:00:01") / packet,
iface=interface,
loop=flood,
inter=flooding_interval)
#Send an unknown (Fake) IPv6 Extension Header
packet = scapy.layers.inet6.IPv6(
src=ifaces[0],
dst="ff02::1",
nh=200,
) / scapy.layers.inet6.IPv6ExtHdrDestOpt() / create_layer4.icmpv6(
128, 0, "")
scapy.sendrecv.sendp(
scapy.layers.l2.Ether(dst="33:33:00:00:00:01") / packet,
iface=interface,
loop=flood,
inter=flooding_interval)
def ping_scanner(source, destination, ether_dst, interface, icmp_payload):
other_side = destination
my_PATH_MTU = len(icmp_payload) + 48
packet = scapy.layers.inet6.IPv6(src=source,
dst=destination) / create_layer4.icmpv6(
128, 0, icmp_payload)
try:
ans, unans = scapy.sendrecv.srp(scapy.layers.l2.Ether(dst=ether_dst) /
packet,
iface=interface,
retry=2,
timeout=5)
except:
print "An exception has occured. Exiting..."
for s, r in ans:
if r.payload.payload.type == 2: #ICMPv6PacketTooBig
res = r[
IPv6].src, "ICMPv6 Packet Too Big", r.payload.payload.sprintf(
"MTU=%mtu%")
#results.append(res)
other_side = r[IPv6].src
my_PATH_MTU = r.payload.payload.mtu
return other_side, my_PATH_MTU
def __init__(self, values,source_ip,mac_source,list_of_next_headers,list_of_offsets,list_of_fragment_lengths,list_of_fragment_m_bits,gw_mac,queue, IPv6_scope_defined,packets_sent_list,tid) : #print "Worker initalisation" self.queue = queue self.tid = tid self.values = values self.source_ip=source_ip self.mac_source=mac_source self.list_of_next_headers=list_of_next_headers self.list_of_offsets=list_of_offsets self.list_of_fragment_lengths=list_of_fragment_lengths self.list_of_fragment_m_bits=list_of_fragment_m_bits self.gw_mac=gw_mac self.IPv6_scope_defined=IPv6_scope_defined self.packets_sent_list=packets_sent_list while True : dest = 0 try: myworks = self.queue.get(timeout=1) dest = myworks[0] destports = myworks[1] except Queue.Empty : #print "Worker %d exiting." % (self.tid) return targets=[] ###CHECK THE VALIDITY OF THE IP DESTINATION ADDRESSES### #self.lock.acquire() #try: resolved_ipv6_address="" if checkip.is_valid_host(dest): if self.dns_resolution_cache.get(dest): dest=self.dns_resolution_cache.get(dest) else: resolved_ipv6_address=scanners.dns_resolve_ipv6_addr(self.source_ip,dest, self.values.dns_server, self.gw_mac,self.values.interface) if resolved_ipv6_address: resolved=resolved_ipv6_address[0]#get and check just the first address, alternative option below print resolved, "is the IPv6 address of the host",dest self.dns_resolution_cache[dest]=resolved dest=resolved #finally: # #self.lock.release() if self.IPv6_scope_defined==True or checkip.is_valid_ipv6(dest): #No reason to check for the validity of an address if a scope has been defined addr6 = ipaddr.IPAddress(dest) myaddr=addr6.exploded if myaddr[0:2]=="ff": if int(myaddr[2]) >= 0 and int(myaddr[2]) < 8: ether_dst="33:33:"+myaddr[30:32]+":"+myaddr[32:37]+":"+myaddr[37:39] #elif self.gw_mac: # ether_dst=self.gw_mac else: if self.values.target_mac: ether_dst=self.values.target_mac elif self.neighbor_solicitation_cache.get(dest): ether_dst=self.neighbor_solicitation_cache.get(dest) #elif not self.neighbor_solicitation_cache.has_key(dest): else: ether_dst=auxiliary_functions.find_single_mac(self.source_ip, dest, self.values.interface) #USE THE DEFAULT GATEWAY# if not ether_dst: if self.gw_mac: ether_dst=self.gw_mac #else: # print "Destination was not found. Please consider defining a gateway, if needed." self.neighbor_solicitation_cache[dest]=ether_dst if not ether_dst: print dest, "not found" if ether_dst: if self.values.nsol: print "IPv6 address ",dest, " has MAC adddress ", ether_dst s = scapy.config.conf.L2socket(iface=values.interface) # Open Socket Once unfragmentable_part,size_of_unfragmentable_part=create_extension_headers_chain.create_unfragmentable_part(source_ip, dest,int(values.hoplimit),values.lEu,int(values.size_of_extheaders),values.fuzz) fragmentable_extension_headers,size_of_fragmentable_extension_headers,first_next_header_value=create_extension_headers_chain.create_fragmentable_part(values.lEf,int(values.size_of_extheaders),values.fuzz) if self.values.pmtu: if int(self.values.dmtu) > 1500: print "Your MTU value is",self.values.dmtu,"bytes, which is bigger than the Ethernet MTU (1500). Exiting..." else: scanners.path_mtu_discovery(self.source_ip,dest,ether_dst,self.values.interface,self.values.dmtu) elif (self.values.pn or self.values.sS or self.values.sX or self.values.sR or self.values.sF or self.values.sA or self.values.sN or self.values.sU or self.values.rh0): layer4_and_payload=None if self.values.pn: layer4_and_payload=create_layer4.icmpv6(self.values.icmpv6_type,self.values.icmpv6_code,self.values.l4_data) elif self.values.sS: layer4_and_payload=create_layer4.tcp_packet(destports, "S", self.values.l4_data) elif self.values.sX: layer4_and_payload=create_layer4.tcp_packet(destports, "FPU",self.values.l4_data) elif self.values.sR: layer4_and_payload=create_layer4.tcp_packet(destports, "R",self.values.l4_data) elif self.values.sF: layer4_and_payload=create_layer4.tcp_packet(destports, "F",self.values.l4_data) elif self.values.sA: layer4_and_payload=create_layer4.tcp_packet(destports, "A",self.values.l4_data) elif self.values.sN: layer4_and_payload=create_layer4.tcp_packet(destports, "",self.values.l4_data) elif self.values.sU: layer4_and_payload=create_layer4.udp_packet(destports,self.values.l4_data) elif self.values.rh0: layer4_and_payload=create_layer4.type_0_routing_header([self.source_ip],self.values.layer4,self.values.l4_data,destports) packets=create_extension_headers_chain.create_datagram(mac_source,ether_dst,int(values.number_of_fragments),list_of_next_headers,list_of_offsets,list_of_fragment_lengths,list_of_fragment_m_bits,values.fragment_id,unfragmentable_part,size_of_unfragmentable_part,first_next_header_value,fragmentable_extension_headers,size_of_fragmentable_extension_headers,layer4_and_payload) create_extension_headers_chain.send_packets(s,packets,values.flood,values.delay) elif self.values.tr_gen: if destports==-1: if self.values.layer4=="tcp": destports=80 elif self.values.layer4=="udp": destports=53 for hop_limit in range(self.values.minttl,self.values.maxttl+1): if self.values.layer4=="tcp": source_port=random.randrange(1,65535,1) while packets_sent_list.has_key(source_port): source_port=random.randrange(1,65535,1) packets_sent_list[source_port]=(hop_limit,dest) layer4_and_payload=create_layer4.tcp_packet_id(destports,"S",self.values.l4_data,source_port) elif self.values.layer4=="udp": source_port=random.randrange(1,65535,1) while packets_sent_list.has_key(source_port): source_port=random.randrange(1,65535,1) packets_sent_list[source_port]=(hop_limit,dest) layer4_and_payload=create_layer4.udp_packet_id(destports,self.values.l4_data,source_port) else: #default layer4=="icmpv6": icmpid=random.randrange(1,65535,1) #generate a random ICMPv6 id while packets_sent_list.has_key(icmpid): icmpid=random.randrange(1,65535,1) #generate a random ICMPv6 id packets_sent_list[icmpid]=(hop_limit,dest) layer4_and_payload=create_layer4.icmpv6_id(self.values.l4_data,icmpid) packets=create_extension_headers_chain.create_datagram(mac_source,ether_dst,int(values.number_of_fragments),list_of_next_headers,list_of_offsets,list_of_fragment_lengths,list_of_fragment_m_bits,values.fragment_id,unfragmentable_part,size_of_unfragmentable_part,first_next_header_value,fragmentable_extension_headers,size_of_fragmentable_extension_headers,layer4_and_payload) create_extension_headers_chain.send_packets(s,packets,values.flood,values.delay) else: if checkip.is_valid_host(dest): res_str=dest+ " could not be resolved" else: res_str=dest+ " is not a valid IPv6 address" self.results.append(res_str) self.queue.task_done()
def run(self):
print self.name, "running"
with self.lock:
self.no_of_consumers.value += 1
while True:
dest = 0
try:
myworks = self.queue.get(timeout=1)
dest = myworks[0]
destports = myworks[1]
except Queue.Empty:
print self.name, "exiting"
with self.lock:
self.no_of_consumers.value -= 1
return
###CHECK THE VALIDITY OF THE IP DESTINATION ADDRESSES###
resolved_ipv6_address = ""
if checkip.is_valid_host(dest):
if self.dns_resolution_cache.get(dest):
dest = self.dns_resolution_cache.get(dest)
else:
resolved_ipv6_address = scanners.dns_resolve_ipv6_addr(
self.source_ip, dest, self.values.dns_server,
self.gw_mac, self.values.interface)
if resolved_ipv6_address:
resolved = resolved_ipv6_address[
0] #get and check just the first address, alternative option below
print resolved, "is the IPv6 address of the host", dest
self.dns_resolution_cache[dest] = resolved
dest = resolved
if self.IPv6_scope_defined == True or checkip.is_valid_ipv6(
dest
): #No reason to check for the validity of an address if a scope has been defined
addr6 = ipaddr.IPAddress(dest)
myaddr = addr6.exploded
if myaddr[0:2] == "ff":
if int(myaddr[2]) >= 0 and int(myaddr[2]) < 8:
ether_dst = "33:33:" + myaddr[30:32] + ":" + myaddr[
32:37] + ":" + myaddr[37:39]
else:
if self.values.target_mac:
ether_dst = self.values.target_mac
elif self.neighbor_solicitation_cache.get(dest):
ether_dst = self.neighbor_solicitation_cache.get(dest)
else:
ether_dst = auxiliary_functions.find_single_mac(
self.source_ip, dest, self.values.interface)
if not ether_dst:
if self.gw_mac:
ether_dst = self.gw_mac
self.neighbor_solicitation_cache[dest] = ether_dst
if not ether_dst:
print dest, "not found"
if ether_dst:
if not self.values.tr_gen:
self.unfragmentable_part, self.size_of_unfragmentable_part = create_extension_headers_chain.create_unfragmentable_part(
self.source_ip, dest,
int(self.values.hoplimit), self.values.lEu,
int(self.values.size_of_extheaders),
self.values.fuzz)
if self.values.nsol:
print "IPv6 address ", dest, " has MAC adddress ", ether_dst
if self.values.pmtu:
if int(self.values.dmtu) > 1500:
print "Your MTU value is", self.values.dmtu, "bytes, which is bigger than the Ethernet MTU (1500). Exiting..."
else:
scanners.path_mtu_discovery(
self.source_ip, dest, ether_dst,
self.values.interface, self.values.dmtu)
elif (self.values.pn or self.values.sS or self.values.sX
or self.values.sR or self.values.sF or self.values.sA
or self.values.sN or self.values.sU
or self.values.rh0):
layer4_and_payload = None
if self.values.pn:
layer4_and_payload = create_layer4.icmpv6(
self.values.icmpv6_type,
self.values.icmpv6_code, self.values.l4_data)
elif self.values.sS:
layer4_and_payload = create_layer4.tcp_packet(
destports, "S", self.values.l4_data)
elif self.values.sX:
layer4_and_payload = create_layer4.tcp_packet(
destports, "FPU", self.values.l4_data)
elif self.values.sR:
layer4_and_payload = create_layer4.tcp_packet(
destports, "R", self.values.l4_data)
elif self.values.sF:
layer4_and_payload = create_layer4.tcp_packet(
destports, "F", self.values.l4_data)
elif self.values.sA:
layer4_and_payload = create_layer4.tcp_packet(
destports, "A", self.values.l4_data)
elif self.values.sN:
layer4_and_payload = create_layer4.tcp_packet(
destports, "", self.values.l4_data)
elif self.values.sU:
layer4_and_payload = create_layer4.udp_packet(
destports, self.values.l4_data)
elif self.values.rh0:
layer4_and_payload = create_layer4.type_0_routing_header(
[self.source_ip], self.values.layer4,
self.values.l4_data, destports)
packets = create_extension_headers_chain.create_datagram(
self.mac_source, ether_dst,
int(self.values.number_of_fragments),
self.list_of_next_headers, self.list_of_offsets,
self.list_of_fragment_lengths,
self.list_of_fragment_m_bits,
self.values.fragment_id, self.unfragmentable_part,
self.size_of_unfragmentable_part,
self.first_next_header_value,
self.fragmentable_extension_headers,
self.size_of_fragmentable_extension_headers,
layer4_and_payload)
create_extension_headers_chain.send_packets(
self.s, packets, self.values.flood,
self.values.delay)
elif self.values.tr_gen:
print "TRACEROUTING"
packets_list = {}
if self.values.layer4 == "tcp":
if destports == -1:
destports = 80
print "Traceroute using TCP", destports
for hop_limit in range(self.values.minttl,
self.values.maxttl + 1):
source_port = random.randrange(1, 65535, 1)
while packets_list.has_key(source_port):
source_port = random.randrange(1, 65535, 1)
packets_list[source_port] = (hop_limit, dest)
layer4_and_payload = create_layer4.tcp_packet_id(
destports, "S", self.values.l4_data,
source_port)
self.unfragmentable_part, self.size_of_unfragmentable_part = create_extension_headers_chain.create_unfragmentable_part(
source_ip, dest, hop_limit,
self.values.lEu,
int(self.values.size_of_extheaders),
self.values.fuzz)
packets = create_extension_headers_chain.create_datagram(
self.mac_source, ether_dst,
int(self.values.number_of_fragments),
self.list_of_next_headers,
self.list_of_offsets,
self.list_of_fragment_lengths,
self.list_of_fragment_m_bits,
self.values.fragment_id,
self.unfragmentable_part,
self.size_of_unfragmentable_part,
self.first_next_header_value,
self.fragmentable_extension_headers, self.
size_of_fragmentable_extension_headers,
layer4_and_payload)
create_extension_headers_chain.send_packets(
self.s, packets, self.values.flood,
self.values.delay)
packets_sent_list.put(packets_list)
elif self.values.layer4 == "udp":
if destports == -1:
destports = 53
print "Traceroute using UDP", destports
for hop_limit in range(self.values.minttl,
self.values.maxttl + 1):
source_port = random.randrange(1, 65535, 1)
while packets_list.has_key(source_port):
source_port = random.randrange(1, 65535, 1)
packets_list[source_port] = (hop_limit, dest)
layer4_and_payload = create_layer4.udp_packet_id(
destports, self.values.l4_data,
source_port)
self.unfragmentable_part, self.size_of_unfragmentable_part = create_extension_headers_chain.create_unfragmentable_part(
source_ip, dest, hop_limit,
self.values.lEu,
int(self.values.size_of_extheaders),
self.values.fuzz)
packets = create_extension_headers_chain.create_datagram(
self.mac_source, ether_dst,
int(self.values.number_of_fragments),
self.list_of_next_headers,
self.list_of_offsets,
self.list_of_fragment_lengths,
self.list_of_fragment_m_bits,
self.values.fragment_id,
self.unfragmentable_part,
self.size_of_unfragmentable_part,
self.first_next_header_value,
self.fragmentable_extension_headers, self.
size_of_fragmentable_extension_headers,
layer4_and_payload)
create_extension_headers_chain.send_packets(
self.s, packets, self.values.flood,
self.values.delay)
packets_sent_list.put(packets_list)
else: #default layer4=="icmpv6":
print "Traceroute using ICMPv6", dest
for hop_limit in range(self.values.minttl,
self.values.maxttl + 1):
icmpid = random.randrange(
1, 65535, 1) #generate a random ICMPv6 id
while packets_list.has_key(icmpid):
icmpid = random.randrange(
1, 65535,
1) #generate a random ICMPv6 id
packets_list[icmpid] = (hop_limit, dest)
layer4_and_payload = create_layer4.icmpv6_id(
self.values.l4_data, icmpid)
self.unfragmentable_part, self.size_of_unfragmentable_part = create_extension_headers_chain.create_unfragmentable_part(
self.source_ip, dest, hop_limit,
self.values.lEu,
int(self.values.size_of_extheaders),
self.values.fuzz)
packets = create_extension_headers_chain.create_datagram(
self.mac_source, ether_dst,
int(self.values.number_of_fragments),
self.list_of_next_headers,
self.list_of_offsets,
self.list_of_fragment_lengths,
self.list_of_fragment_m_bits,
self.values.fragment_id,
self.unfragmentable_part,
self.size_of_unfragmentable_part,
self.first_next_header_value,
self.fragmentable_extension_headers, self.
size_of_fragmentable_extension_headers,
layer4_and_payload)
create_extension_headers_chain.send_packets(
self.s, packets, self.values.flood,
self.values.delay)
self.packets_sent_list.put(packets_list)
else:
if checkip.is_valid_host(dest):
res_str = dest + " could not be resolved"
else:
res_str = dest + " is not a valid IPv6 address"
self.results.append(res_str)
self.queue.task_done()
return