Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-11-29 07:26:34 -05:00
Code Issues Projects Releases Packages Wiki Activity

add the stuff floating from other machines

Browse source
This commit is contained in:
writer 2024-10-15 10:13:30 +09:00
parent 30e65244e2
commit 35788d79e2
252 changed files with 12374 additions and 603 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Network_and_802.11/scapy/README.md
View file

@ -1,4 +1,4 @@
# The Scapy Module (by bt3)
# The Scapy Module (by Mia Stein)
[Scapy](http://www.secdev.org/projects/scapy/) is able to send and capture packets of several protocols, forging and decoding them to be used to most network tasks such as scanning, tracerouting, probing, attacks, and network discovery.
@ -38,7 +38,7 @@ The basic unit in a network communication is the *packet*. So let's create one
Scapy builds packets by the *layers* and then by the *fields* in each layer. Each layer is nested inside the parent layer, represented by the **<** and **>** brackets.
Let's start by specifying the packet's source IP and then its destination IP. This type of information goes in the **IP header**, which is a *layer 3 protocol* in the [0SI model](http://bt3gl.github.io/wiresharking-for-fun-or-profit.html):
Let's start by specifying the packet's source IP and then its destination IP. This type of information goes in the **IP header**, which is a *layer 3 protocol* in the [0SI model](http://https://singularity-sh.vercel.app/wiresharking-for-fun-or-profit.html):
```python
>>> ip = IP(src="192.168.1.114")
@ -295,7 +295,7 @@ We can check the output with:
res.summary()
```
For more advanced stuff, check out [my script for scanning subnet in selected ports](https://github.com/bt3gl/My-Gray-Hacker-Resources/blob/master/Network_and_802.11/scapy/super_scanner.py).
For more advanced stuff, check out [my script for scanning subnet in selected ports](https://github.com/go-outside-labs/My-Gray-Hacker-Resources/blob/master/Network_and_802.11/scapy/super_scanner.py).
### The Sniff() Method
@ -568,13 +568,13 @@ Running this script when loading some mail client (such as [Thunderbird](https:
-----------
## <a name="arp"></a> ARP Cache Poisoning
I talked about [ARP cache poisoning using command line arpspoof](http://bt3gl.github.io/wiresharking-for-fun-or-profit.html) in my guide about Wireshark. Here we are going to see how to implement similar tool using Scapy.
I talked about [ARP cache poisoning using command line arpspoof](http://https://singularity-sh.vercel.app/wiresharking-for-fun-or-profit.html) in my guide about Wireshark. Here we are going to see how to implement similar tool using Scapy.
ARP cache poisoning works by convincing a target machine that we are the gateway, and then convincing the gateway that all traffic should pass through our machine.
Every machine in a network maintains an ARP cache that stores the recent MAC addresses that match to IP addresses on the local network. All we need to do is to poison this cache with controlled entries.
The best way to test this is using a Windows virtual machine (take a look at [this guide I wrote](http://bt3gl.github.io/setting-up-a-playing-environment-with-virtual-machines.html)).
The best way to test this is using a Windows virtual machine (take a look at [this guide I wrote](http://https://singularity-sh.vercel.app/setting-up-a-playing-environment-with-virtual-machines.html)).
Before the attack, go to the Windows box, open the terminal (```cmd```) and check the IP and gateway IP address with```ipconfig```. Then check the associated ARP cache entry MAC address with ```arp -a```:

2
Network_and_802.11/scapy/arp_cache_poisoning.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
'''
To run you need to tell the local host machine to forward packets along

4
Network_and_802.11/scapy/ddos.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
import threading
import socket
@ -63,4 +63,4 @@ if __name__ == '__main__':
op = raw_input("Select the flood attack type: 1) syn, 2) tcp, 3)udp, 4) icmp ")
count = raw_input("Select the count: ")
ip = getIP(domainName)
option(int(count), op, ip, port)
option(int(count), op, ip, port)

4
Network_and_802.11/scapy/dns_poisoning.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from scapy.all import *
from scapy.layers.l2 import *
@ -22,4 +22,4 @@ if __name__ == '__main__':
url = "whenry_49094902fea7938f.propaganda.hc"
SPOOF_ADDR = '23.235.46.133'
TARGET = '192.168.1.125'
dns_poisoning()
dns_poisoning()

4
Network_and_802.11/scapy/example_hexdump.py
View file

@ -1,9 +1,9 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from scapy.all import *
str(IP())
a = Ether()/IP(dst="www.google.com")/TCP()/"GET /index.html HTTP/1.1"
hexdump(a)
hexdump(a)

4
Network_and_802.11/scapy/icmp_ping_sweep.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from scapy.all import *
import netaddr
@ -30,4 +30,4 @@ def sweep():
print "Out of " + str(addresses.size) + " hosts, " + str(liveCounter) + " are online."
if __name__ == '__main__':
sweep()
sweep()

4
Network_and_802.11/scapy/nmap.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from scapy.all import *
import random
@ -29,4 +29,4 @@ def nmap():
print HOST + ":" + str(dport) + " is filtered (dropped)."
if __name__ == '__main__':
nmap()
nmap()

2
Network_and_802.11/scapy/os_fingerpringing.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from scapy.all import *

2
Network_and_802.11/scapy/pcap_processing.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
import re

4
Network_and_802.11/scapy/ping.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from sys import argv, exit
from os import path
@ -29,4 +29,4 @@ if __name__ == '__main__':
HOST = '192.168.1.25'
#arp_ping(HOST)
icmp_ping(HOST)
#tcp_ping(HOST, 80)
#tcp_ping(HOST, 80)

4
Network_and_802.11/scapy/plotting.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from scapy.all import *
@ -27,4 +27,4 @@ def simple_plot():
p.plot(lambda x:len(x))
if __name__ == '__main__':
simple_plot()
simple_plot()

4
Network_and_802.11/scapy/receive_packet.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from scapy.all import *
@ -17,4 +17,4 @@ def srloop_simple():
srloop(IP(dst="www.google.com")/ICMP(), count=3)
if __name__ == '__main__':
srloop_simple
srloop_simple

4
Network_and_802.11/scapy/route.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from scapy.all import *
@ -12,4 +12,4 @@ print conf.route
conf.route.resync()
print conf.route
print conf.route

4
Network_and_802.11/scapy/scanning_ip.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
import sys
import random
@ -20,4 +20,4 @@ if __name__ == '__main__':
if len(sys.argv) > 1:
scan_ip(sys.argv[1])
else:
print 'Usage: scan_ip <destination>'
print 'Usage: scan_ip <destination>'

4
Network_and_802.11/scapy/scanning_port.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
import sys
from scapy.all import *
@ -20,4 +20,4 @@ def scan_port():
print "All ports in %s are closed." %DEST
if __name__ == '__main__':
scan_port()
scan_port()

4
Network_and_802.11/scapy/send_packet.py
View file

@ -1,10 +1,10 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from scapy.all import *
packet = IP(dst="192.168.1.114")/ICMP()/"Helloooo!"
#send(packet, loop=1)
send(packet)
packet.show()
packet.show()

4
Network_and_802.11/scapy/sniff_simple.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from scapy.all import *
@ -40,4 +40,4 @@ def sniff_callback():
if __name__ == '__main__':
tcp_sniff()
tcp_sniff()

4
Network_and_802.11/scapy/ssid.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from scapy.all import *
@ -16,4 +16,4 @@ def PacketHandler(pkt) :
if __name__ == '__main__':
ap_list = []
sniff(iface="wlp1s0", prn = PacketHandler)
sniff(iface="wlp1s0", prn = PacketHandler)

2
Network_and_802.11/scapy/stealing_emails.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
''' A simple sniffer to capture SMTP, POP3, IMAP credentials'''

4
Network_and_802.11/scapy/super_scanner.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from scapy.all import *
import netaddr
@ -58,4 +58,4 @@ def super_scanner():
if __name__ == '__main__':
super_scanner()
super_scanner()

4
Network_and_802.11/scapy/tcp_handshake.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from scapy.all import *
@ -14,4 +14,4 @@ ACK = TCP(sport=1024, dport=80, flags='A', seq=12346, ack=ack)
send(ip/ACK)
PUSH = TCP(sport=1024, dport=80, flags='', seq=12346, ack=ack)
data = "HELLO!"
send(ip/PUSH/data)
send(ip/PUSH/data)

4
Network_and_802.11/scapy/third_party_mod.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from scapy.all import *
@ -13,4 +13,4 @@ def os_finger():
sniff(prn=prnp0f)
if __name__ == '__main__':
nmap_simple()
nmap_simple()

4
Network_and_802.11/scapy/tools.py
View file

@ -1,6 +1,6 @@
#!/usr/bin/env python
__author__ = "bt3"
__author__ = "Mia Stein"
from scapy.all import *
@ -19,4 +19,4 @@ def fuzz_tcp():
send(IP(dst="192.168.1.114")/fuzz(UDP()/NTP(version=4)), loop=1)
if __name__ == '__main__':
fuzz_tcp()
fuzz_tcp()