awesome-awesomeness/html/scapy.html

<h1 id="awesome-scapy-awesome">Awesome Scapy <a
href="https://awesome.re"><img src="https://awesome.re/badge.svg"
alt="Awesome" /></a></h1>
<p align="center">
<a href="https://scapy.net/"><img src="https://github.com/secdev/scapy/blob/master/doc/scapy_logo.png" width="200" alt="Scapy" /></a>
</p>
<p>A curated list of tools, add-ons, articles or cool exploits using
<strong><a href="https://scapy.net">Scapy</a></strong>, the Python-based
interactive packet manipulation program &amp; library. Feel free to <a
href="https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fsecdev%2Fawesome-scapy%2Fedit%2Fmain%2FREADME.md">contribute</a>!</p>
<p>You can also <a href="https://github.com/topics/scapy">explore Scapy
topics</a> on GitHub!</p>
<h2 id="contents">Contents</h2>
<ul>
<li><a href="#tools">Tools</a></li>
<li><a href="#exploits">Exploits</a></li>
</ul>
<h2 id="tools">Tools</h2>
<p><em>Tools that use Scapy (a lot) or extend it</em></p>
<p>Fun - <a
href="https://github.com/evilsocket/pwnagotchi">pwnagotchi</a> - Your AI
pet that hacks WiFI to grow. It’s super cute.</p>
<p>DDoS - <a href="https://github.com/epsylon/ufonet">ufonet</a> -
Create your own botnet to send untraceable DDoS attacks.</p>
<p>Wi-Fi. - <a
href="https://github.com/calebmadrigal/trackerjacker">trackerjacker</a>
- Maps and tracks Wi-Fi networks and devices through raw 802.11
monitoring. - <a
href="https://github.com/wifiphisher/wifiphisher">wifiphisher</a> -
Create rogue access point.</p>
<p>IPv6 - <a href="https://github.com/aatlasis/Chiron">Chiron</a> - An
IPv6 security assessment framework. - <a
href="https://github.com/fox-it/mitm6">mitm6</a> - Performs MiTM for
IPv6.</p>
<p>Measurements - <a
href="https://github.com/rwhalb/mtraceroute">mtraceroute</a> - Create
cool graphs over multiple traceroute analysis. - <a
href="https://wiki.networksecuritytoolkit.org/nstwiki/index.php?title=HowTo_Use_The_Scapy:_Multi-Traceroute_-_MTR">Network
Security Toolkit (NST)</a> - Includes an enhanced version of
<code>mtraceroute</code> with IP Geolocation and GUI management. - <a
href="https://github.com/criteo/netprobify">netprobify</a> - Network
probing tool crafted for datacenters (but not only). Probing using: TCP,
UDP or ICMP.</p>
<p>Protocols - <a
href="https://github.com/Samsung/cotopaxi">Cotopaxi</a> - Set of tools
for security testing of Internet of Things devices using specific
network IoT protocols (AMQP, CoAP, DTLS, HTCPCP, KNX, mDNS, MQTT,
MQTT-SN, QUIC, RTSP, SSDP) . - <a
href="https://github.com/Forescout/project-memoria-detector">project-memoria-detector</a>
- Determine whether a network device runs a specific embedded TCP/IP
stack. - <a href="https://github.com/sensepost/routopsy">routopsy</a> -
Toolkit to attack DRP &amp; FHRP. - <a
href="https://github.com/cea-sec/TorPylle">TorPylle</a> - Implementation
of the OR (TOR) protocol.</p>
<p>Unit Tests - <a
href="https://github.com/torvalds/linux/blob/master/tools/testing/selftests/tc-testing/plugin-lib/scapyPlugin.py">Linux
Kernel</a> - Linux Traffic Control (tc) testing suite. - <a
href="https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fsearch%3Fq%3Dscapy%2Brepo%253Aopenbsd%252Fsrc%2Bpath%253Aregress%252F%26type%3DCode%26ref%3Dadvsearch%26l%3D%26l%3D">OpenBSD</a>
- IPv6 stack testing suite. - <a
href="https://github.com/RIOT-OS/RIOT/search?l=Python&amp;q=scapy&amp;type=Code">RIOT-OS</a>
- RIOT OS networking testing suite.</p>
<p>Visualization - <a
href="https://pypi.org/project/scapy-packet-viewer/">Scapy-Packet-Viewer</a>
- Minimal packet viewer similar to tshark/mitmproxy. Based on urwid.</p>
<p>Misc - <a href="https://github.com/frawau/aioblescan">aioblescan</a>
- Scan and decode advertised BLE info. - <a
href="https://github.com/Orange-Cyberdefense/fenrir-ocd">fenrir</a> -
Bypass wired 802.1x protection. - <a
href="https://github.com/secureworks/flowsynth">flowsynth</a> - Tool for
rapidly modeling network traffic. - <a
href="https://github.com/AMOSSYS/Fragscapy">Fragscapy</a> - Fuzz network
protocols by automating the modification of outgoing network packets. -
<a href="https://github.com/fportantier/habu">Habu</a> - Toolkit with a
lot of little hacking tools. Many of them use Scapy. - <a
href="https://redmine.laas.fr/projects/mirage">mirage</a> - Powerful and
modular framework dedicated to the security analysis of wireless
communications. - <a
href="https://github.com/redcode-labs/Netenum">netenum</a> - A tool to
passively discover active hosts on a network. - <a
href="https://github.com/DanMcInerney/net-creds">net-creds</a> - Sniff
and catch all sensitive data on an interface. - <a
href="https://github.com/ANSSI-FR/packetweaver">packetweaver</a> - A
Python framework for script filing and task sequencing. - <a
href="https://github.com/FlUxIuS/p0f3plus">p0f3plus</a> - An
implementation of with extra analysis features. - <a
href="https://github.com/SecureAuthCorp/pysap">pysap</a> - Interact with
SAP using custom built frames &amp; tools. - <a
href="https://github.com/SpiderLabs/Responder">Responder</a> - LLMNR,
NBT-NS and MDNS poisoner. - <a
href="https://github.com/scapy-unroot/scapy_unroot">scapy_unroot</a> -
Tooling to use Scapy without root permissions. - <a
href="https://github.com/gpotter2/scapy-benchmarks">scapy-benchmarks</a>
- A small test suite that tracks the evolution of Scapy’s performance. -
<a href="https://github.com/HynekPetrak/sshame">sshame</a> - Tool to
brute force SSH public-key authentication. - <a
href="https://github.com/0xInfection/TIDoS-Framework">TIDoS
Framework</a> - The Offensive Manual Web Application Penetration Testing
Framework.</p>
<h2 id="exploits">Exploits</h2>
<p><em>Exploits that use Scapy. This does not count the ones included by
default</em></p>
<p>2022</p>
<ul>
<li><a href="http://blog.champtar.fr/VLAN0_LLC_SNAP">CVE-2021-28444</a>
- Windows Hyper-V Security Feature Bypass Vulnerability.</li>
</ul>
<p>2021</p>
<ul>
<li><a
href="https://blog.quarkslab.com/analysis-of-a-windows-ipv6-fragmentation-vulnerability-cve-2021-24086.html">CVE-2021-24086</a>
- Analysis of a Windows IPv6 Fragmentation Vulnerability.</li>
<li><a href="https://github.com/vanhoefm/fragattacks">fragattacks</a> -
Fragmentation &amp; Aggregation Attacks.</li>
</ul>
<p>2020</p>
<ul>
<li><a
href="https://blog.quarkslab.com/bad-neighbor-on-freebsd-ipv6-router-advertisement-vulnerabilities-in-rtsold-cve-2020-25577.html">CVE-2020-25577</a>
- Bad Neighbor on FreeBSD: IPv6 Router Advertisement Vulnerabilities in
rtsold.</li>
<li><a
href="https://blog.quarkslab.com/beware-the-bad-neighbor-analysis-and-poc-of-the-windows-ipv6-router-advertisement-vulnerability-cve-2020-16898.html">CVE-2020-16898</a>
- Beware the Bad Neighbor: Analysis and PoC of the Windows IPv6 Router
Advertisement Vulnerability.</li>
</ul>
<p>2019 - <a
href="https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf">CVE-2019-5597</a>
- IPv6 fragmentation vulnerability in OpenBSD Packet Filter.</p>
<p>2018</p>
<ul>
<li><a
href="https://github.com/r3dxpl0it/CVE-2018-4407">CVE-2018-4407</a> - A
heap buffer overflow in the networking code in the XNU operating system
kernel (iOS and macOS).</li>
</ul>
<p>2017 - <a
href="https://github.com/vanhoefm/krackattacks-scripts">krackattacks-scripts</a>
- Test if clients or access points (APs) are affected by the KRACK
attack against WPA2.</p>
<p>2016 - <a
href="https://github.com/RiskSense-Ops/CVE-2016-6366">CVE-2016-6366</a>
- The EXTRABACON exploit, a remote code execution for Cisco ASA written
by the Equation Group (NSA) and leaked by the Shadow Brokers.</p>
<p>Misc - <a href="https://github.com/dark-lbp/isf">isf</a> - ISF
(Industrial Control System Exploitation Framework). A suite that
provides exploits various industrial protocols.</p>