Course #538: Scapy for Pentesting
# Course #538: Scapy for Pentesting – Section 5/5## Introduction to ScapyScapy is an open-source Python-based tool that excels in packet manipulation, network discovery, and penetration testing. Its versatility allows cybersecurity professionals to create, send, sniff, and dissect network packets, making it an invaluable asset for penetration testers. In this final section, we will delve deeply into installing Scapy on Kali Linux, configuring it for optimal use, and exploring its functionalities through detailed step-by-step guides and real-world use cases.## 1. Installation and Configuration on Kali LinuxKali Linux comes with Scapy pre-installed, but for the sake of thoroughness, let's verify its installation and ensure it's configured correctly.### 1.1 Checking if Scapy is InstalledTo check if Scapy is installed on your Kali Linux system, open a terminal and run:
sudo apt update
sudo apt install scapy
This command updates your package list and installs Scapy if it isn't already installed.### 1.2 Verifying InstallationOnce the installation is complete, you can verify the installation by launching the Scapy interactive shell. Type the following command:
If Scapy is installed correctly, you should see the Scapy interactive shell prompt:[/dm_code_snippet]
>>>
[/dm_code_snippet]### 1.3 ConfigurationScapy runs best with root privileges in order to manipulate packets. It’s advisable to run Scapy with `sudo` unless you have set it up for a non-root user with the necessary permissions.Before diving into Scapy usage, ensure that the `python3-pip` package is installed (as Scapy requires Python):
sudo apt install python3-pip
You can then install additional dependencies:
sudo pip3 install –upgrade scapy
### 1.4 Additional DependenciesScapy optionally supports additional features through external libraries. You can enhance its capabilities by installing:
sudo apt install tcpdump
sudo apt install libpcap-dev
## 2. Step-by-Step Usage and Real-World Use Cases### 2.1 Basic Packet CraftingScapy allows users to create custom packets, which can be useful when testing network defenses or exploring how different systems respond to specific packet types.**Example: Crafting an ICMP Echo Request**[/dm_code_snippet]python
from scapy.all import *# Create an ICMP Echo Request packet
packet = IP(dst="8.8.8.8")/ICMP()
send(packet)
[/dm_code_snippet]This code sends an ICMP Echo Request (ping) to Google's public DNS server at `8.8.8.8`.### 2.2 Packet SniffingScapy can also be used to capture packets on the wire. This is useful for analyzing traffic or during network troubleshooting.**Example: Sniffing Packets**[/dm_code_snippet]python
from scapy.all import *# Function to process each captured packet
def packet_callback(packet):
print(packet.show())# Start sniffing packets
sniff(prn=packet_callback, count=10)
[/dm_code_snippet]This script captures the first 10 packets on the network interface and displays their details.### 2.3 Network ScanningScapy can perform network scans to identify live hosts and their open ports, simulating tools like Nmap.**Example: Simple Ping Sweep**[/dm_code_snippet]python
from scapy.all import *# Define the target subnet
ip_range = "192.168.1.0/24"# Send ICMP Echo Requests
ans, unans = sr(IP(dst=ip_range)/ICMP(), timeout=2)# Display live hosts
for sent, received in ans:
print(f"Host {received.psrc} is up")
[/dm_code_snippet]This code performs a ping sweep of all hosts in the specified subnet and prints out the IP addresses of live hosts.### 2.4 ARP SpoofingARP Spoofing is a common attack vector used to intercept traffic on a local network. Using Scapy, you can craft ARP packets to achieve this.**Example: ARP Spoofing**[/dm_code_snippet]python
from scapy.all import *target_ip = "192.168.1.5" # Target IP
gateway_ip = "192.168.1.1" # Gateway IP# Create ARP response
arp_response = ARP(op=2, psrc=gateway_ip, pdst=target_ip)# Send ARP response
send(arp_response, count=5)
[/dm_code_snippet]In this example, we send ARP replies to the target IP, telling it that we are the gateway, thus redirecting its traffic through our machine.### 2.5 Network Packet ManipulationScapy allows users to manipulate packets effectively, which can be useful in a variety of pentesting scenarios.**Example: Modifying Packet Payload**[/dm_code_snippet]python
from scapy.all import *# Create a TCP packet
packet = IP(dst="192.168.1.100")/TCP(dport=80, flags="S")/Raw(load="GET / HTTP/1.1rnHost: example.comrnrn")# Send the packet
send(packet)
[/dm_code_snippet]This constructs a TCP SYN packet and sends a simple HTTP GET request to the specified host.## 3. Detailed Technical Explanations### 3.1 Understanding Scapy’s ArchitectureScapy is built around a modular architecture, allowing it to support a wide variety of protocols. Each protocol can be represented as a class, and users can create custom packets by stacking these protocol layers.### 3.2 Protocol LayersIn Scapy, packets are composed of upper and lower layers. The most common layers include:– **Ethernet**: The data link layer for transmitting packets over a physical network.
– **IP**: The network layer responsible for routing packets.
– **TCP/UDP**: The transport layer protocols that enable communication between applications.
– **ICMP**: This protocol is used for sending control messages, such as echo requests and replies.### 3.3 Using Built-in FunctionsScapy provides several built-in functions for common tasks, enabling users to focus on higher-level objectives:– `send()`: To send packets at a low level.
– `sr()`: To send packets and receive responses, useful for scanning.
– `sniff()`: To capture live packets.
– `hexdump()`: To display packet data in a human-readable format.## 4. External Reference LinksFor further reading and enhanced understanding, the following resources are recommended:– [Scapy Official Documentation](https://scapy.readthedocs.io/en/latest/)
– [Kali Linux Official Documentation](https://www.kali.org/docs/)
– [Practical Network Scanning with Scapy](https://www.sans.org/blog/practical-network-scanning-with-scapy/)
– [Exploit Development with Scapy](https://book.hacktricks.xyz/pentesting/pentesting-scanner-exploits)
– [Scapy GitHub Repository](https://github.com/secdev/scapy)## ConclusionScapy is a powerful tool for network penetration testing, allowing users to craft, send, and analyze packets with ease. With the knowledge gained from this course, you should now be equipped to leverage Scapy effectively in your testing endeavors. Embrace the power of packet manipulation as you advance your cybersecurity skills.### Next StepsAs you progress in your penetration testing career, consider expanding your toolkit with other cybersecurity tools and resources. Regular practice with Scapy will enhance your skills and understanding of network protocols and security.—Made by pablo rotem / פבלו רותם
