1.DNS解析
#!/usr/bin/envpython
#coding=utf8
'''
数据包格式:
( rt=domain| arcount=0qd= 4L ihl=5L tos=0x0len=88 id=53905 flags=DF frag=0L ttl=248 proto=udp chksum=0x4e b7 src=202.96.209.5dst=192.168.1.61 options=[] | len=68 chksum=0x2652 | L rcode=ok qdcount=1ancount=2 nscount=0 arcount=0 qd= ' qtype=A qclass=IN|> an= rdata='101.226.103.106'| data='101.226.129.158'|>> ns=None ar=None |>>>) ''' from scapy.allimport * def DnsQuery(sip): ip_header=IP(src=sip,dst="202.96.209.5") udp_header=UDP(dport=53) dns_header=DNS(id=1,qr=0,opcode=0,tc=0,rd=1,qdcount=1,ancount=0,nscount=0,arcount=0)#构造标准的DNS数据包 dns_header.qd=DNSQR(qname="www.qq.com",qtype=1,qclass=1)#构造DNS资源记录 packet=ip_header/udp_header/dns_header ans,unans=sr(packet,timeout=1,verbose=0) type_dict={1:'A',5:'CNAME'} #print ans[0] for s,r in ans: print "Received_IP:%s"%(r[IP].dst) print "Query Domain:%s"%(r[DNS].qd.qname) print "%s\t%s"%("Type","IP(Domain)") print "-"*30 for i in xrange(15): try: print "%s\t%s"%(type_dict[r[DNS].an[i].type],r[DNS].an[i].rdata) except: pass print "*"*30 for x in [61]: ip="192.168.1."+str(x) #print ip DnsQuery(ip) 2.Scan Syn扫描 #!/usr/bin/envpython #coding=utf8 ''' 数据包格式: ( >>, tcp chksum=0xe4efsrc=192.168.1.1 dst=192.168.1.61 options=[] | x dport=16334 seq=0ack=1 dataofs=5L reserved=0L flags=RA window=0 chksum=0xe471 urgptr=0 | ''' from scapy.allimport * #ans,unans=sr(IP(dst="192.168.1.1")/TCP(dport=[23],flags="S"),timeout=2,verbose=0) ans,unans=sr(IP(dst="192.168.1.1")/TCP(sport=RandShort(),dport=(1,1024),flags="S"),timeout=2,verbose=0)#发送SYN包 status_dict={18:'open',20:'closed'} #print ans[0] for s,r in ans: sport,flags=r[TCP].sport,status_dict[r[TCP].flags]#获取返回的数据包源端口和响应状态,是ACK+SYN,还是RST+ACK,若是ACK+SYN则是open,否则是closed if flags!="closed": print "{0}{1}".format(sport,flags) 3.arp扫描,获取存活主机的Mac #!/usr/bin/envpython #coding=utf8 ''' 数据包格式 [( ''' from scapy.allimport * ans,unans=srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="192.168.1.0/24"),timeout=2,verbose=0) #print ans[0]#打印接收到的第1个包 for s,r in ans:#递归每一个包(包中包含发送与接收包),s发送包,r接收包 print r[Ether].src,r[ARP].psrc#打印MAC=>IP 如果想了解更多,请关注我们的公众号
公众号ID:opdevos
扫码关注