scapy工具交互式窗口

scapy 交互式工具

安装：

如果没有安装wireshark，需要先安装 Npcap 才能使用 scapy
pip install ipython
pip install scapy

启动scapy交互式窗口：

./Scripts/scapy

显示网卡

show_interfaces()

监听数据包 sniff() count-数量 iface-网卡名 filter-筛选协议

sniff(count=10)
sniff(count=10, iface=“VMware Virtual Ethernet Adapter for VMnet8”)
pkg = sniff(count=10, iface=“VMware Virtual Ethernet Adapter for VMnet8”)
pkg = sniff(count=8, filter=“icmp”, iface=“VMware Virtual Ethernet Adapter for VMnet8”)

查看监听的内容 show() summary()

pkg[1]
pkg[1].show()
pkg[1].summary()
pkg.summary()

发送请求数据包 send() inter-间隔时间 count-次数

send(IP(dst='192.168.110.130')/ICMP())
send(IP(dst='192.168.110.130')/ICMP()/"KKKKKK")
send(IP(dst='192.168.110.130')/ICMP()/"KKKKKK", inter=1, count=3)
1
2
3

发送并接收响应数据包 sr1()

pkg = sr1(IP(dst='192.168.110.130')/ICMP()/"KKKKKK")
'''
>>
'''
1
2
3
4
5
6

从响应包中获取值

pkg[IP].src
pkg[IP].dst
pkg[Raw].load
1
2
3

伪造ARP包

sr1(ARP(psrc='192.168.110.1', pdst='192.168.110.130'))
sr1(ARP(psrc='192.168.110.1', pdst='192.168.110.2'), timeout=3)
'''
Who has 192.168.110.130? Tell 192.168.110.1
'''
1
2
3
4
5

伪造 SYN SYN-ACK ACK FIN-ACK

IP(src='192.168.110.1', dst='192.168.110.130')/TCP(dport=80, flags='S')
IP(src='192.168.110.1', dst='192.168.110.130')/TCP(dport=80, flags='SA')
IP(src='192.168.110.1', dst='192.168.110.130')/TCP(dport=80, flags='A')
IP(src='192.168.110.1', dst='192.168.110.130')/TCP(dport=80, flags='FA')
1
2
3
4

保存数据包到文件

wrpcap(‘./pkg/bk.cap’, pkg)

读取数据包文件

pkg = rdpcap(‘./pkg/bk.cap’)