# Course #538: Scapy for Pentesting – Section 1: Introduction & Installation
## Introduction to Scapy
Scapy is a powerful Python-based interactive packet manipulation program and library, designed primarily for network penetration testing and security research. Its most significant strength lies in its ability to construct, send, receive, and dissect network packets, making it an invaluable tool for tasks such as network scanning, packet crafting, protocol analysis, and many more.
This section will guide you through the installation and configuration of Scapy on Kali Linux, its basic usage, and dive into real-world use cases that highlight its capabilities in the field of network security.
## Purpose of Scapy in Network Pentesting
Scapy excels in scenarios where detailed packet manipulation is required. It can be used for:
– **Network Discovery:** Identifying live hosts, open ports, and services running on a network.
– **Packet Crafting:** Creating custom packets for specific tasks or to exploit vulnerabilities.
– **Traffic Analysis:** Capturing and analyzing network packets to understand protocols.
– **Vulnerability Exploitation:** Testing for weaknesses in various protocols and services.
## Installation and Configuration on Kali Linux
Kali Linux comes pre-installed with many penetration testing tools, including Scapy. However, you may want to ensure it's installed or update it to the latest version. Follow the steps below to install and configure Scapy.
### Step 1: Update Kali Linux
Before installing Scapy, it's good practice to update your system. Open a terminal and run:
"`bash
sudo apt update && sudo apt upgrade -y
"`
### Step 2: Installing Scapy
You can install Scapy using the Python package manager `pip`. If you don't have Python and pip installed, you can do so with the following command:
"`bash
sudo apt install python3 python3-pip
"`
Once Python and pip are installed, you can install Scapy by executing:
"`bash
sudo pip3 install scapy
"`
### Step 3: Verifying Installation
To verify that Scapy was installed successfully, open a Python shell and try importing Scapy:
"`bash
python3
"`
Once you’re in the Python shell, type:
"`python
from scapy.all import *
"`
If there are no error messages, Scapy has been installed successfully.
### Step 4: Basic Configuration
Scapy may require some basic configuration to enable it to operate correctly, particularly regarding the capture of packets. Ensure that you run Scapy with root privileges using `sudo`, as capturing packets usually needs elevated permissions.
You can start Scapy in interactive mode by simply typing:
"`bash
sudo scapy
"`
This command brings you to the Scapy interactive shell, where you can begin experimenting with the tool.
## Step-by-Step Usage and Real-World Use Cases
### Basic Packet Creation and Sending
One of the first functionalities to explore in Scapy is its packet crafting feature. Below is the basic syntax for creating a packet and sending it:
#### Example 1: Creating and Sending a Simple ICMP Packet
"`python
from scapy.all import *
# Create an ICMP packet (Ping)
packet = IP(dst="8.8.8.8")/ICMP()
# Send the packet
send(packet)
"`
In this code snippet:
– `IP(dst="8.8.8.8")` creates an IP layer targeting Google's public DNS server.
– `ICMP()` creates an ICMP echo request (ping).
– `send(packet)` dispatches the packet over the network.
### Real-World Use Case: Network Discovery
Network discovery is a crucial component of penetration testing, which can be achieved through scanning for live hosts and open ports.
#### Example 2: Performing a Network Scan with ARP
"`python
from scapy.all import *
# Define target network
target_network = "192.168.1.0/24"
# Create ARP request
arp_request = ARP(pdst=target_network)
broadcast = Ether(dst="ff:ff:ff:ff:ff:ff")
# Combine ARP request with broadcast Ethernet frame
arp_request_broadcast = broadcast/arp_request
# Send and receive responses
answered_list = srp(arp_request_broadcast, timeout=1, verbose=False)[0]
# Print the list of live hosts
for element in answered_list:
print(element[1].psrc)
"`
In this script:
– `ARP(pdst=target_network)` creates an ARP request for the specified subnet.
– `Ether(dst="ff:ff:ff:ff:ff:ff")` creates a broadcast Ethernet frame.
– `srp()` sends the request and captures the responses, allowing you to see all active hosts on the network.
### More Advanced Usage: Packet Sniffing
Scapy can also be used to sniff packets on a network. This can help in analyzing the traffic patterns and detecting anomalies.
#### Example 3: Sniffing TCP Packets
"`python
from scapy.all import *
# Define a packet handler
def packet_handler(packet):
if packet.haslayer(TCP):
print(packet.summary())
# Start sniffing packets, filtering for TCP
sniff(filter="tcp", prn=packet_handler, count=10)
"`
In this example:
– The `sniff()` function captures packets from the network. The `filter` parameter restricts this to TCP packets.
– `prn=packet_handler` specifies a callback function to process the captured packets.
### Reference Links
For more detailed information on Scapy usage and its capabilities, consider exploring the following resources:
1. [Scapy Official Documentation](https://scapy.readthedocs.io/en/latest/)
2. [Kali Linux Documentation](https://www.kali.org/docs/)
3. [Cybersecurity and Pentesting Resources](https://www.cybrary.it/)
## Conclusion
In this section, we covered the basics of installing and configuring Scapy on Kali Linux, providing foundational knowledge that is critical for any pentester. We also explored some basic usage scenarios, including packet crafting, network discovery, and packet sniffing. By understanding these features and functionalities, you will be well-equipped to leverage Scapy in various penetration testing tasks.
In the next section, we will delve deeper into advanced Scapy functionalities, focusing on more complex packet manipulations, and real-world exploitation scenarios.
—
Made by pablo rotem / פבלו רותם