diff --git a/Network_and_802.11/README.md b/Network_and_802.11/README.md index 419823f..99546ff 100644 --- a/Network_and_802.11/README.md +++ b/Network_and_802.11/README.md @@ -11,7 +11,23 @@ ### Wireshark stuff - Shark the ripper -- An extensive guide +- A comprehensive guide + +### Scanner + +- Several scripts for sniffing/scanner: + * ICMPHeader class + * IPHeader class + * Scanner + * raw_socket + * ip_header_decode + +### netaddr + +- Several scripts using the **netaddr** module: + * testing subnet + * sending mail to the local network +- A comprehensive guide ### Port Knocking @@ -28,6 +44,7 @@ * TCP Server * UDP Client * TCP Proxy +- A comprehensive guide ### telnetlib @@ -35,10 +52,12 @@ - Example of a script to create a telnet connection with Python's **telnetlib** module. + ### scapy - Several scripts with Python's **scapy** module: * traceroute +- A comprehensive guide ### paramiko @@ -48,6 +67,7 @@ * ssh client for reverse shell * ssh server * ssh tunneling +- A comprehensive guide --- diff --git a/Network_and_802.11/netaddr/send_mail.py b/Network_and_802.11/netaddr/send_mail.py new file mode 100755 index 0000000..882ba97 --- /dev/null +++ b/Network_and_802.11/netaddr/send_mail.py @@ -0,0 +1,14 @@ +#!/usr/bin/env python + +__author__ = "bt3" + +import netaddr +import socket + +subnet = '192.168.1.0/24' + +for ip in netaddr.IPNetwork(subnet): + s = socket.socket() + print ip + s.connect((ip, 25)) + # send email packets \ No newline at end of file diff --git a/Network_and_802.11/netaddr/test_netaddr.py b/Network_and_802.11/netaddr/test_netaddr.py new file mode 100755 index 0000000..a758b82 --- /dev/null +++ b/Network_and_802.11/netaddr/test_netaddr.py @@ -0,0 +1,9 @@ +#!/usr/bin/env python + +__author__ = "bt3" + +import netaddr + +ip = '192.168.1.114' +if ip in netaddr.IPNetwork('192.168.1.0/24'): + print('OK!') \ No newline at end of file diff --git a/Network_and_802.11/scanner/ICMPHeader.py b/Network_and_802.11/scanner/ICMPHeader.py new file mode 100644 index 0000000..ad3779c --- /dev/null +++ b/Network_and_802.11/scanner/ICMPHeader.py @@ -0,0 +1,27 @@ +#!/usr/bin/env python + +__author__ = "bt3" + +''' A class for the ICMP header''' + +import ctypes + + + +class ICMP(ctypes.Structure): + + _fields_ = [ + ('type', ctypes.c_ubyte), + ('code', ctypes.c_ubyte), + ('checksum', ctypes.c_ushort), + ('unused', ctypes.c_ushort), + ('next_hop_mtu',ctypes.c_ushort) + ] + + def __new__(self, socket_buffer): + return self.from_buffer_copy(socket_buffer) + + def __init__(self, socket_buffer): + pass + + diff --git a/Network_and_802.11/scanner/IPHeader.py b/Network_and_802.11/scanner/IPHeader.py new file mode 100644 index 0000000..2840683 --- /dev/null +++ b/Network_and_802.11/scanner/IPHeader.py @@ -0,0 +1,45 @@ +#!/usr/bin/env python + +__author__ = "bt3" + +''' A class for the IP header''' + +import os +import struct +import socket +import ctypes + + +class IP(ctypes.Structure): + _fields_ = [ + ('ihl', ctypes.c_ubyte, 4), + ('version', ctypes.c_ubyte, 4), + ('tos', ctypes.c_ubyte), + ('len', ctypes.c_ushort), + ('id', ctypes.c_ushort), + ('offset', ctypes.c_ushort), + ('ttl', ctypes.c_ubyte), + ('protocol_num',ctypes.c_ubyte), + ('sum', ctypes.c_ushort), + ('src', ctypes.c_ulong), + ('dst', ctypes.c_ulong) + ] + + def __new__(self, socket_buffer=None): + return self.from_buffer_copy(socket_buffer) + + def __init__(self, socket_buffer=None): + + # map protocol constants to their names + self.protocol_map = {1:'ICMP', 6:'TCP', 17:'UDP'} + + # human readable IP addresses + self.src_address = socket.inet_ntoa(struct.pack('> 4 + ihl = version_ihl & 0xF + iph_length = ihl * 4 + ttl = iph[5] + protocol = iph[6] + s_addr = socket.inet_ntoa(iph[8]); + d_addr = socket.inet_ntoa(iph[9]); + + print 'IP -> Version:' + str(version) + ', Header Length:' + str(ihl) + \ + ', TTL:' + str(ttl) + ', Protocol:' + str(protocol) + ', Source:'\ + + str(s_addr) + ', Destination:' + str(d_addr) + + # create our ICMP structure + buf = raw_buffer[iph_length:iph_length + ctypes.sizeof(ICMP)] + icmp_header = ICMP(buf) + + print "ICMP -> Type:%d, Code:%d" %(icmp_header.type, icmp_header.code) + '\n' + + + +if __name__ == '__main__': + main() \ No newline at end of file diff --git a/Network_and_802.11/scanner/raw_socket.py b/Network_and_802.11/scanner/raw_socket.py new file mode 100755 index 0000000..d3d2eb9 --- /dev/null +++ b/Network_and_802.11/scanner/raw_socket.py @@ -0,0 +1,56 @@ +#!/usr/bin/env python + +__author__ = "bt3" + +''' A Basic Sniffer''' + +import socket +import os + +# DEFINE CONSTANTS +# host to listen +HOST = '192.168.1.114' + + +def main(host): + + OS = os.name + + # create a raw socket, binding to the public interface + # windows allow us to sniff all incoming packets regardless of protocol, + # whereas Linux forces us to specify we are sniffing ICMP + if OS == 'nt': + socket_prot = socket.IPPROTO_IP + sniffing(host, 1, socket_prot) + + else: + socket_prot = socket.IPPROTO_ICMP + sniffing(host, 0, socket_prot) + + + +def sniffing(host, win, socket_prot): + while 1: + sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_prot) + sniffer.bind((host,0)) + + # include the IP headers in the captured packets + sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) + + # if windows, it needs to send an IOCTL to set to promiscuous mode + # we send IOCTL to the network card driver to enable it + # promiscuous mode allows us to sniff all packets that the network card sees + # even those not destined to the host + if win == 1: + sniffer.ioctl(socket.SIO_RCVALL, socket_RCVALL_ON) + + # read in a single packet + print sniffer.recvfrom(65565) + + if win == 1: + sniffer(host, 0, socket_prot) + + + +if __name__ == '__main__': + main(HOST) \ No newline at end of file diff --git a/Network_and_802.11/scanner/scanner.py b/Network_and_802.11/scanner/scanner.py new file mode 100755 index 0000000..71987f1 --- /dev/null +++ b/Network_and_802.11/scanner/scanner.py @@ -0,0 +1,81 @@ +#!/usr/bin/env python + +__author__ = "bt3" + +import threading +import time +import socket +import os +import struct +import ctypes +from netaddr import IPNetwork, IPAddress +from ICMPHeader import ICMP + +# host to listen on +HOST = '192.168.1.114' + + +# subnet to target (iterates through all IP address in this subnet) +# our local network +SUBNET = '192.168.1.0/24' + +# define string signature +MESSAGE = 'hellooooo' + +# sprays out the udp datagram +def udp_sender(SUBNET, MESSAGE): + time.sleep(5) + sender = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + + for ip in IPNetwork(SUBNET): + try: + sender.sendto(MESSAGE, ("%s" % ip, 65212)) + except: + pass + + +# start sending packets: separated threads to make sure that we are not interfering +# with our ability to sniff responses +t = threading.Thread(target=udp_sender, args=(SUBNET, MESSAGE)) +t.start() + + +def main(): + socket_protocol = socket.IPPROTO_ICMP + sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol) + sniffer.bind(( HOST, 0 )) + sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) + + # continually read in packets and parse their information + while 1: + # read in a packet and pass the first 20 bytes to initialize the IP structure + raw_buffer = sniffer.recvfrom(65565)[0] + + #take first 20 characters for the ip header + ip_header = raw_buffer[0:20] + + #unpack them + iph = struct.unpack('!BBHHHBBH4s4s' , ip_header) + + # print + version_ihl = iph[0] + ihl = version_ihl & 0xF + iph_length = ihl * 4 + src_addr = socket.inet_ntoa(iph[8]); + + # create our ICMP structure + buf = raw_buffer[iph_length:iph_length + ctypes.sizeof(ICMP)] + icmp_header = ICMP(buf) + + # check for the type 3 and code: first check to make sure that the ICMP + # response is coming from within our target subenet + if icmp_header.code == 3 and icmp_header.type == 3: + # make sure host is in our target subnet + if IPAddress(src_addr) in IPNetwork(SUBNET): + # make sure it has magic message + if raw_buffer[len(raw_buffer) - len(MESSAGE):] == MESSAGE: + print("Host up: %s" % src_addr) + + +if __name__ == '__main__': + main() \ No newline at end of file diff --git a/Network_and_802.11/scanner/test_netaddr.py b/Network_and_802.11/scanner/test_netaddr.py new file mode 100755 index 0000000..a758b82 --- /dev/null +++ b/Network_and_802.11/scanner/test_netaddr.py @@ -0,0 +1,9 @@ +#!/usr/bin/env python + +__author__ = "bt3" + +import netaddr + +ip = '192.168.1.114' +if ip in netaddr.IPNetwork('192.168.1.0/24'): + print('OK!') \ No newline at end of file