Scapy常用腳本



區域網路host掃描：

>>> ans,unans=srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="172.31.100.0/24"),timeout=2) >>> ans.summary(lambda (s,r):s.sprintf("%Ether.pdst% is up")) 172.31.100.1 is up 172.31.100.3 is up 172.31.100.4 is up 172.31.100.2 is up 172.31.100.26 is up 172.31.100.39 is up 172.31.100.41 is up 172.31.100.47 is up 172.31.100.53 is up

端口掃描：

>>> ans, unans=sr(IP(src="172.31.100.222", dst="172.31.100.149")/TCP(sport=60000,dport=(1,1000),flags="S")) >>> ans.filter(lambda (s,r):r.sprintf("%TCP.flags%")=="SA").summary(lambda (s,r):r.sprintf("%TCP.sport% \tis open")) http         is open 902         is open

ping：

>>> srloop(IP(dst="172.31.100.149")/ICMP(), count=4) RECV 1: IP / ICMP 172.31.100.149 > 172.31.100.222 echo-reply 0 / Padding RECV 1: IP / ICMP 172.31.100.149 > 172.31.100.222 echo-reply 0 / Padding RECV 1: IP / ICMP 172.31.100.149 > 172.31.100.222 echo-reply 0 / Padding RECV 1: IP / ICMP 172.31.100.149 > 172.31.100.222 echo-reply 0 / Padding Sent 4 packets, received 4 packets. 100.0% hits. (<Results: TCP:0 UDP:0 ICMP:4 Other:0>, <PacketList: TCP:0 UDP:0 ICMP:0 Other:0>) >>> srloop(IP(dst="172.31.100.20")/ICMP(), count=4) WARNING: Mac address to reach destination not found. Using broadcast. fail 1: IP / ICMP 172.31.100.222 > 172.31.100.20 echo-request 0 WARNING: Mac address to reach destination not found. Using broadcast. fail 1: IP / ICMP 172.31.100.222 > 172.31.100.20 echo-request 0 WARNING: Mac address to reach destination not found. Using broadcast. fail 1: IP / ICMP 172.31.100.222 > 172.31.100.20 echo-request 0 WARNING: Mac address to reach destination not found. Using broadcast. fail 1: IP / ICMP 172.31.100.222 > 172.31.100.20 echo-request 0 Sent 4 packets, received 0 packets. 0.0% hits. (<Results: TCP:0 UDP:0 ICMP:0 Other:0>, <PacketList: TCP:0 UDP:0 ICMP:4 Other:0>)

psping：

>>> srloop(IP(dst="172.31.100.149")/TCP(dport=80,flags="S"), count=4) RECV 1: IP / TCP 172.31.100.149:http > 172.31.100.222:ftp_data SA / Padding RECV 1: IP / TCP 172.31.100.149:http > 172.31.100.222:ftp_data SA / Padding RECV 1: IP / TCP 172.31.100.149:http > 172.31.100.222:ftp_data SA / Padding RECV 1: IP / TCP 172.31.100.149:http > 172.31.100.222:ftp_data SA / Padding Sent 4 packets, received 4 packets. 100.0% hits. (<Results: TCP:4 UDP:0 ICMP:0 Other:0>, <PacketList: TCP:0 UDP:0 ICMP:0 Other:0>) >>> srloop(IP(dst="172.31.100.149")/TCP(dport=81,flags="S"), count=4) RECV 1: IP / TCP 172.31.100.149:81 > 172.31.100.222:ftp_data RA / Padding RECV 1: IP / TCP 172.31.100.149:81 > 172.31.100.222:ftp_data RA / Padding RECV 1: IP / TCP 172.31.100.149:81 > 172.31.100.222:ftp_data RA / Padding RECV 1: IP / TCP 172.31.100.149:81 > 172.31.100.222:ftp_data RA / Padding Sent 4 packets, received 4 packets. 100.0% hits. (<Results: TCP:4 UDP:0 ICMP:0 Other:0>, <PacketList: TCP:0 UDP:0 ICMP:0 Other:0>)

UDPPing

原理：當使用UDP通路某個不存在的端口時，如果主機是可達的，則會傳回一條ICMP封包

>>> ans,unans=sr(IP(dst="172.31.100.1-10")/UDP(dport=0)) >>> ans.summary( lambda(s,r) : r.sprintf("%IP.src% is alive") ) 172.31.100.1 is alive