scapy

scapy:

 用于抓包，修改包

可单独使用，可作为python的库

依赖:python_gnuplot

使用例子：

>>> arp = ARP()    #调用ARP()函数，创建一个ARP类得实例
>>> arp.display()    #调用arp实例得一个方法，display，查看arp的参数
###[ ARP ]###
  hwtype= 0x1
  ptype= 0x800
  hwlen= 6
  plen= 4
  op= who-has
  hwsrc= 00:0c:29:26:5d:39
  psrc= 192.168.152.129
  hwdst= 00:00:00:00:00:00
  pdst= 0.0.0.0
>>> arp.pdst='10.1.1.1'    #通过赋值修改参数
>>> arp.display()    #验证修改结果
###[ ARP ]###
  hwtype= 0x1
  ptype= 0x800
  hwlen= 6
  plen= 4
  op= who-has
  hwsrc= 00:0c:29:26:5d:39
  psrc= 192.168.152.129
  hwdst= 00:00:00:00:00:00
  pdst= 10.1.1.1
>>> answer = sr1(arp)    #sr1 是一个发包的函数。还有一个和他很相似的叫sr() . s是send， r是recieve。sr1和sr的区别是发了包之后，sr1只接受第一个回答。如果没有timeout，scapy会一直发包，直到有应答

                          #sr(x, filter=None, iface=None, nofilter=0, *args, **kargs)

sr(x, filter=None, iface=None, nofilter=0, *args, **kargs)
    Send and receive packets at layer 3
    nofilter: put 1 to avoid use of bpf filters
    retry:    if positive, how many times to resend unanswered packets
              if negative, how many times to retry when no more packets are answered
    timeout:  how much time to wait after the last packet has been sent
    verbose:  set verbosity level
    multi:    whether to accept multiple answers for the same stimulus
    filter:   provide a BPF filter
    iface:    listen answers only on the given interface

#!usr/bin/python3

import logging

import subprocess

logging.getlogger('scapy.runtime').setLevel(logging.ERROR)

import scapy

if len(sys.argv) !=2

    print('help')

    sys.exit()

interface = str(sys.argv[1])

ip = subprocess.getoutput('ifconfig '+interface+" |grep 'inet ' | cut -d ' ‘ -f 10",shell=True).strip()

prefix = ip.split('.')[0]+'.'+ip.split('.')[1]+'.'+ip.split('.')[2]+'.'

for addr in range(0.254):

    answer = sr1(ARP(pdst = prefix+str(addr)),timeout=0.1,verbose=0)

    if not answer:

        print(prefix+str(addr))

SCAPY(1)                                                                  General Commands Manual                                                                 SCAPY(1)

NAME
       scapy - Interactive packet manipulation tool

SYNOPSIS
       scapy [options]

DESCRIPTION
       This manual page documents briefly the scapy tool.

       scapy  is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery, packet sniffer, etc. It can for the moment replace
       hping, parts of nmap, arpspoof, arp-sk, arping, tcpdump, tshark, p0f, ...

       scapy uses the python interpreter as a command board. That means that you can use directly python language (assign variables, use loops, define functions, etc.) If
       you  give a file as parameter when you run scapy, your session (variables, functions, intances, ...) will be saved when you leave the interpretor, and restored the
       next time you launch scapy.

       The idea is simple. Those kind of tools do two things : sending packets and receiving answers. That's what scapy does : you define a set of packets, it sends them,
       receives  answers, matches requests with answers and returns a list of packet couples (request, answer) and a list of unmatched packets. This has the big advantage
       over tools like nmap or hping that an answer is not reduced to (open/closed/filtered), but is the whole packet.

       On top of this can be build more high level functions, for example one that does traceroutes and give as a result only the start TTL of the request and the  source
       IP of the answer. One that pings a whole network and gives the list of machines answering. One that does a portscan and returns a LaTeX report.

OPTIONS
       Options for scapy are:

       -h     display usage

       -d     increase log verbosity. Can be used many times.

       -s FILE
              use FILE to save/load session values (variables, functions, intances, ...)

       -p PRESTART_FILE
              use PRESTART_FILE instead of $HOME/.scapy_prestart.py as pre-startup file

       -P     do not run prestart file

       -c STARTUP_FILE
              use STARTUP_FILE instead of $HOME/.scapy_startup.py as startup file

       -C     do not run startup file

COMMANDS
       Only the vital commands to begin are listed here for the moment.

       ls()   lists supported protocol layers. If a protocol layer is given as parameter, lists its fields and types of fields.

       lsc()  lists some user commands. If a command is given as parameter, its documentation is displayed.

       conf   this object contains the configuration.

FILES
       $HOME/.scapy_prestart.py  This  file is run before scapy core is loaded. Only the is available. This file can be used to manipulate conf.load_layers list to choose
       which layers will be loaded:

       conf.load_layers.remove("bluetooth")
       conf.load_layers.append("new_layer")

       $HOME/.scapy_startup.py This file is run after scapy is loaded. It can be used to configure some of the scapy behaviors:

       conf.prog.pdfreader="xpdf"
       split_layers(UDP,DNS)

EXAMPLES
       More verbose examples are available at http://www.secdev.org/projects/scapy/demo.html Just run scapy and try the following commands in the interpreter.

       Test the robustness of a network stack with invalid packets:
       sr(IP(dst="172.16.1.1", ihl=2, options="b$2$", version=3)/ICMP())

       Packet sniffing and dissection (with a bpf filter or thetereal-like output):
       a=sniff(filter="tcp port 110")
       a=sniff(prn = lambda x: x.display)

       Sniffed packet reemission:
       a=sniff(filter="tcp port 110")
       sendp(a)

       Pcap file packet reemission:
       sendp(rdpcap("file.cap"))

       Manual TCP traceroute:
       sr(IP(dst="www.google.com", ttl=(1,30))/TCP(seq=RandInt(), sport=RandShort(), dport=dport)

       Protocol scan:
       sr(IP(dst="172.16.1.28", proto=(1,254)))

       ARP ping:
       srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="172.16.1.1/24"))

       ACK scan:
       sr(IP(dst="172.16.1.28")/TCP(dport=(1,1024), flags="A"))

       Passive OS fingerprinting:
       sniff(prn=prnp0f)

       Active OS fingerprinting:
       nmap_fp("172.16.1.232")

       ARP cache poisonning:
       sendp(Ether(dst=tmac)/ARP(op="who-has", psrc=victim, pdst=target))

       Reporting:
       report_ports("192.168.2.34", (20,30))

SEE ALSO
       http://www.secdev.org/projects/scapy
       http://trac.secdev.org/scapy

BUGS
       Does not give the right source IP for routes that use interface aliases.

       May miss packets under heavy load.

       Session saving is limited by Python ability to marshal objects. As a consequence, lambda functions and generators can't be saved, which seriously reduce usefulness
       of this feature.

       BPF filters don't work on Point-to-point interfaces.

AUTHOR
       Philippe Biondi <phil@secdev.org>

       This manual page was written by Alberto Gonzalez Iniesta <agi@agi.as> and Philippe Biondi.

                                                                               May 12, 2003                                                                       SCAPY(1)