ip/icmp scanner

Network_and_802.11/README.md

@@ -11,7 +11,23 @@
 ### Wireshark stuff
 
 - Shark the ripper
-- An extensive guide
+- A comprehensive guide
+
+### Scanner
+
+- Several scripts for sniffing/scanner:
+    * ICMPHeader class
+    * IPHeader class
+    * Scanner
+    * raw_socket
+    * ip_header_decode
+
+### netaddr
+
+- Several scripts using the **netaddr** module:
+    * testing subnet
+    * sending mail to the local network
+- A comprehensive guide
 
 ### Port Knocking
 
@@ -28,6 +44,7 @@
     * TCP Server
     * UDP Client
     * TCP Proxy
+- A comprehensive guide
 
 
 ### telnetlib
@@ -35,10 +52,12 @@
 - Example of a script to create a telnet connection with Python's **telnetlib** module.
 
 
+
 ### scapy
 
 - Several scripts with Python's **scapy** module:
     * traceroute
+- A comprehensive guide
 
 
 ### paramiko
@@ -48,6 +67,7 @@
     * ssh client for reverse shell
     * ssh server
     * ssh tunneling
+- A comprehensive guide
 
 
 ---

Network_and_802.11/netaddr/send_mail.py

@@ -0,0 +1,14 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+import netaddr
+import socket
+
+subnet = '192.168.1.0/24'
+
+for ip in netaddr.IPNetwork(subnet):
+    s = socket.socket()
+    print ip
+    s.connect((ip, 25))
+    # send email packets

Network_and_802.11/netaddr/test_netaddr.py

@@ -0,0 +1,9 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+import netaddr
+
+ip = '192.168.1.114'
+if ip in netaddr.IPNetwork('192.168.1.0/24'):
+    print('OK!')

Network_and_802.11/scanner/ICMPHeader.py

@@ -0,0 +1,27 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+''' A class for the ICMP header'''
+
+import ctypes
+
+
+
+class ICMP(ctypes.Structure):
+
+    _fields_ = [
+    ('type',        ctypes.c_ubyte),
+    ('code',        ctypes.c_ubyte),
+    ('checksum',    ctypes.c_ushort),
+    ('unused',      ctypes.c_ushort),
+    ('next_hop_mtu',ctypes.c_ushort)
+    ]
+
+    def __new__(self, socket_buffer):
+        return self.from_buffer_copy(socket_buffer)
+
+    def __init__(self, socket_buffer):
+        pass
+
+

Network_and_802.11/scanner/IPHeader.py

@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+''' A class for the IP header'''
+
+import os
+import struct
+import socket
+import ctypes
+
+
+class IP(ctypes.Structure):
+    _fields_ = [
+        ('ihl',         ctypes.c_ubyte, 4),
+        ('version',     ctypes.c_ubyte, 4),
+        ('tos',         ctypes.c_ubyte),
+        ('len',         ctypes.c_ushort),
+        ('id',          ctypes.c_ushort),
+        ('offset',      ctypes.c_ushort),
+        ('ttl',         ctypes.c_ubyte),
+        ('protocol_num',ctypes.c_ubyte),
+        ('sum',         ctypes.c_ushort),
+        ('src',         ctypes.c_ulong),
+        ('dst',         ctypes.c_ulong)
+    ]
+
+    def __new__(self, socket_buffer=None):
+        return self.from_buffer_copy(socket_buffer)
+
+    def __init__(self, socket_buffer=None):
+
+        # map protocol constants to their names
+        self.protocol_map = {1:'ICMP', 6:'TCP', 17:'UDP'}
+
+        # human readable IP addresses
+        self.src_address = socket.inet_ntoa(struct.pack('<L', self.src))
+        self.dst_address = socket.inet_ntoa(struct.pack('<L', self.dst))
+
+        # human readable protocol
+        try:
+            self.protocol = self.protocol_map[self.protocol_num]
+        except:
+            self.protocol = str(self.protocol_num)
+

Network_and_802.11/scanner/ip_header_decode.py

@@ -0,0 +1,56 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+
+import socket
+import os
+import struct
+import ctypes
+from ICMPHeader import ICMP
+
+# host to listen on
+HOST = '192.168.1.114'
+
+
+def main():
+    socket_protocol = socket.IPPROTO_ICMP
+    sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
+    sniffer.bind(( HOST, 0 ))
+    sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
+
+    # continually read in packets and parse their information
+    while 1:
+        # read in a packet and pass the first 20 bytes to initialize the IP structure
+        raw_buffer = sniffer.recvfrom(65565)[0]
+
+        #take first 20 characters for the ip header
+        ip_header = raw_buffer[0:20]
+
+        #unpack them
+        iph = struct.unpack('!BBHHHBBH4s4s' , ip_header)
+
+        # print
+        version_ihl = iph[0]
+        version = version_ihl >> 4
+        ihl = version_ihl & 0xF
+        iph_length = ihl * 4
+        ttl = iph[5]
+        protocol = iph[6]
+        s_addr = socket.inet_ntoa(iph[8]);
+        d_addr = socket.inet_ntoa(iph[9]);
+
+        print 'IP -> Version:' + str(version) + ', Header Length:' + str(ihl) + \
+        ', TTL:' + str(ttl) + ', Protocol:' + str(protocol) + ', Source:'\
+         + str(s_addr) + ', Destination:' + str(d_addr)
+
+        # create our ICMP structure
+        buf = raw_buffer[iph_length:iph_length + ctypes.sizeof(ICMP)]
+        icmp_header = ICMP(buf)
+
+        print "ICMP -> Type:%d, Code:%d" %(icmp_header.type, icmp_header.code) + '\n'
+
+
+
+if __name__ == '__main__':
+    main()

Network_and_802.11/scanner/raw_socket.py

@@ -0,0 +1,56 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+''' A Basic Sniffer'''
+
+import socket
+import os
+
+# DEFINE CONSTANTS
+# host to listen
+HOST = '192.168.1.114'
+
+
+def main(host):
+
+    OS = os.name
+
+    # create a raw socket, binding to the public interface
+    # windows allow us to sniff all incoming packets regardless of protocol,
+    # whereas Linux forces us to specify we are sniffing ICMP
+    if OS == 'nt':
+        socket_prot = socket.IPPROTO_IP
+        sniffing(host, 1, socket_prot)
+
+    else:
+        socket_prot = socket.IPPROTO_ICMP
+        sniffing(host, 0, socket_prot)
+
+
+
+def sniffing(host, win, socket_prot):
+    while 1:
+        sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_prot)
+        sniffer.bind((host,0))
+
+        # include the IP headers in the captured packets
+        sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
+
+        # if windows, it needs to send an IOCTL to set to promiscuous mode
+        # we send IOCTL to the network card driver to enable it
+        # promiscuous mode allows us to sniff all packets that the network card sees
+        # even those not destined to the host
+        if win == 1:
+            sniffer.ioctl(socket.SIO_RCVALL, socket_RCVALL_ON)
+
+        # read in a single packet
+        print sniffer.recvfrom(65565)
+
+    if win == 1:
+        sniffer(host, 0, socket_prot)
+
+
+
+if __name__ == '__main__':
+    main(HOST)

Network_and_802.11/scanner/scanner.py

@@ -0,0 +1,81 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+import threading
+import time
+import socket
+import os
+import struct
+import ctypes
+from netaddr import IPNetwork, IPAddress
+from ICMPHeader import ICMP
+
+# host to listen on
+HOST = '192.168.1.114'
+
+
+# subnet to target (iterates through all IP address in this subnet)
+# our local network
+SUBNET = '192.168.1.0/24'
+
+# define string signature
+MESSAGE = 'hellooooo'
+
+# sprays out the udp datagram
+def udp_sender(SUBNET, MESSAGE):
+    time.sleep(5)
+    sender = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+
+    for ip in IPNetwork(SUBNET):
+        try:
+            sender.sendto(MESSAGE, ("%s" % ip, 65212))
+        except:
+            pass
+
+
+# start sending packets: separated threads  to make sure that we are not interfering
+# with our ability to sniff responses
+t = threading.Thread(target=udp_sender, args=(SUBNET, MESSAGE))
+t.start()
+
+
+def main():
+    socket_protocol = socket.IPPROTO_ICMP
+    sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
+    sniffer.bind(( HOST, 0 ))
+    sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
+
+    # continually read in packets and parse their information
+    while 1:
+        # read in a packet and pass the first 20 bytes to initialize the IP structure
+        raw_buffer = sniffer.recvfrom(65565)[0]
+
+        #take first 20 characters for the ip header
+        ip_header = raw_buffer[0:20]
+
+        #unpack them
+        iph = struct.unpack('!BBHHHBBH4s4s' , ip_header)
+
+        # print
+        version_ihl = iph[0]
+        ihl = version_ihl & 0xF
+        iph_length = ihl * 4
+        src_addr = socket.inet_ntoa(iph[8]);
+
+        # create our ICMP structure
+        buf = raw_buffer[iph_length:iph_length + ctypes.sizeof(ICMP)]
+        icmp_header = ICMP(buf)
+
+        # check for the type 3 and code: first check to make sure that the ICMP
+        # response is coming from within our target subenet
+        if icmp_header.code == 3 and icmp_header.type == 3:
+            # make sure host is in our target subnet
+            if IPAddress(src_addr) in IPNetwork(SUBNET):
+                # make sure it has magic message
+                if raw_buffer[len(raw_buffer) - len(MESSAGE):] == MESSAGE:
+                    print("Host up: %s" % src_addr)
+
+
+if __name__ == '__main__':
+    main()

Network_and_802.11/scanner/test_netaddr.py

@@ -0,0 +1,9 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+import netaddr
+
+ip = '192.168.1.114'
+if ip in netaddr.IPNetwork('192.168.1.0/24'):
+    print('OK!')