ip/icmp scanner

Network_and_802.11/README.md

@@ -11,7 +11,23 @@
 ### Wireshark stuff
 
 - Shark the ripper
-- An extensive guide
+- A comprehensive guide
+
+### Scanner
+
+- Several scripts for sniffing/scanner:
+ * ICMPHeader class
+ * IPHeader class
+ * Scanner
+ * raw_socket
+ * ip_header_decode
+
+### netaddr
+
+- Several scripts using the **netaddr** module:
+ * testing subnet
+ * sending mail to the local network
+- A comprehensive guide
 
 ### Port Knocking
 
@@ -28,17 +44,20 @@
  * TCP Server
  * UDP Client
  * TCP Proxy
+- A comprehensive guide
 
 
 ### telnetlib
 
 - Example of a script to create a telnet connection with Python's **telnetlib** module.
 
 
+
 ### scapy
 
 - Several scripts with Python's **scapy** module:
  * traceroute
+- A comprehensive guide
 
 
 ### paramiko
@@ -48,6 +67,7 @@
  * ssh client for reverse shell
  * ssh server
  * ssh tunneling
+- A comprehensive guide
 
 
 ---

Network_and_802.11/netaddr/send_mail.py

@@ -0,0 +1,14 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+import netaddr
+import socket
+
+subnet = '192.168.1.0/24'
+
+for ip in netaddr.IPNetwork(subnet):
+ s = socket.socket()
+ print ip
+ s.connect((ip, 25))
+ # send email packets

Network_and_802.11/netaddr/test_netaddr.py

@@ -0,0 +1,9 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+import netaddr
+
+ip = '192.168.1.114'
+if ip in netaddr.IPNetwork('192.168.1.0/24'):
+ print('OK!')

Network_and_802.11/scanner/ICMPHeader.py

@@ -0,0 +1,27 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+''' A class for the ICMP header'''
+
+import ctypes
+
+
+
+class ICMP(ctypes.Structure):
+
+ _fields_ = [
+ ('type', ctypes.c_ubyte),
+ ('code', ctypes.c_ubyte),
+ ('checksum', ctypes.c_ushort),
+ ('unused', ctypes.c_ushort),
+ ('next_hop_mtu',ctypes.c_ushort)
+ ]
+
+ def __new__(self, socket_buffer):
+ return self.from_buffer_copy(socket_buffer)
+
+ def __init__(self, socket_buffer):
+ pass
+
+

Network_and_802.11/scanner/IPHeader.py

@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+''' A class for the IP header'''
+
+import os
+import struct
+import socket
+import ctypes
+
+
+class IP(ctypes.Structure):
+ _fields_ = [
+ ('ihl', ctypes.c_ubyte, 4),
+ ('version', ctypes.c_ubyte, 4),
+ ('tos', ctypes.c_ubyte),
+ ('len', ctypes.c_ushort),
+ ('id', ctypes.c_ushort),
+ ('offset', ctypes.c_ushort),
+ ('ttl', ctypes.c_ubyte),
+ ('protocol_num',ctypes.c_ubyte),
+ ('sum', ctypes.c_ushort),
+ ('src', ctypes.c_ulong),
+ ('dst', ctypes.c_ulong)
+ ]
+
+ def __new__(self, socket_buffer=None):
+ return self.from_buffer_copy(socket_buffer)
+
+ def __init__(self, socket_buffer=None):
+
+ # map protocol constants to their names
+ self.protocol_map = {1:'ICMP', 6:'TCP', 17:'UDP'}
+
+ # human readable IP addresses
+ self.src_address = socket.inet_ntoa(struct.pack('<L', self.src))
+ self.dst_address = socket.inet_ntoa(struct.pack('<L', self.dst))
+
+ # human readable protocol
+ try:
+ self.protocol = self.protocol_map[self.protocol_num]
+ except:
+ self.protocol = str(self.protocol_num)
+

Network_and_802.11/scanner/ip_header_decode.py

@@ -0,0 +1,56 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+
+import socket
+import os
+import struct
+import ctypes
+from ICMPHeader import ICMP
+
+# host to listen on
+HOST = '192.168.1.114'
+
+
+def main():
+ socket_protocol = socket.IPPROTO_ICMP
+ sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
+ sniffer.bind(( HOST, 0 ))
+ sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
+
+ # continually read in packets and parse their information
+ while 1:
+ # read in a packet and pass the first 20 bytes to initialize the IP structure
+ raw_buffer = sniffer.recvfrom(65565)[0]
+
+ #take first 20 characters for the ip header
+ ip_header = raw_buffer[0:20]
+
+ #unpack them
+ iph = struct.unpack('!BBHHHBBH4s4s' , ip_header)
+
+ # print
+ version_ihl = iph[0]
+ version = version_ihl >> 4
+ ihl = version_ihl & 0xF
+ iph_length = ihl * 4
+ ttl = iph[5]
+ protocol = iph[6]
+ s_addr = socket.inet_ntoa(iph[8]);
+ d_addr = socket.inet_ntoa(iph[9]);
+
+ print 'IP -> Version:' + str(version) + ', Header Length:' + str(ihl) + \
+ ', TTL:' + str(ttl) + ', Protocol:' + str(protocol) + ', Source:'\
+ + str(s_addr) + ', Destination:' + str(d_addr)
+
+ # create our ICMP structure
+ buf = raw_buffer[iph_length:iph_length + ctypes.sizeof(ICMP)]
+ icmp_header = ICMP(buf)
+
+ print "ICMP -> Type:%d, Code:%d" %(icmp_header.type, icmp_header.code) + '\n'
+
+
+
+if __name__ == '__main__':
+ main()

Network_and_802.11/scanner/raw_socket.py

@@ -0,0 +1,56 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+''' A Basic Sniffer'''
+
+import socket
+import os
+
+# DEFINE CONSTANTS
+# host to listen
+HOST = '192.168.1.114'
+
+
+def main(host):
+
+ OS = os.name
+
+ # create a raw socket, binding to the public interface
+ # windows allow us to sniff all incoming packets regardless of protocol,
+ # whereas Linux forces us to specify we are sniffing ICMP
+ if OS == 'nt':
+ socket_prot = socket.IPPROTO_IP
+ sniffing(host, 1, socket_prot)
+
+ else:
+ socket_prot = socket.IPPROTO_ICMP
+ sniffing(host, 0, socket_prot)
+
+
+
+def sniffing(host, win, socket_prot):
+ while 1:
+ sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_prot)
+ sniffer.bind((host,0))
+
+ # include the IP headers in the captured packets
+ sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
+
+ # if windows, it needs to send an IOCTL to set to promiscuous mode
+ # we send IOCTL to the network card driver to enable it
+ # promiscuous mode allows us to sniff all packets that the network card sees
+ # even those not destined to the host
+ if win == 1:
+ sniffer.ioctl(socket.SIO_RCVALL, socket_RCVALL_ON)
+
+ # read in a single packet
+ print sniffer.recvfrom(65565)
+
+ if win == 1:
+ sniffer(host, 0, socket_prot)
+
+
+
+if __name__ == '__main__':
+ main(HOST)

Network_and_802.11/scanner/scanner.py

@@ -0,0 +1,81 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+import threading
+import time
+import socket
+import os
+import struct
+import ctypes
+from netaddr import IPNetwork, IPAddress
+from ICMPHeader import ICMP
+
+# host to listen on
+HOST = '192.168.1.114'
+
+
+# subnet to target (iterates through all IP address in this subnet)
+# our local network
+SUBNET = '192.168.1.0/24'
+
+# define string signature
+MESSAGE = 'hellooooo'
+
+# sprays out the udp datagram
+def udp_sender(SUBNET, MESSAGE):
+ time.sleep(5)
+ sender = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+
+ for ip in IPNetwork(SUBNET):
+ try:
+ sender.sendto(MESSAGE, ("%s" % ip, 65212))
+ except:
+ pass
+
+
+# start sending packets: separated threads to make sure that we are not interfering
+# with our ability to sniff responses
+t = threading.Thread(target=udp_sender, args=(SUBNET, MESSAGE))
+t.start()
+
+
+def main():
+ socket_protocol = socket.IPPROTO_ICMP
+ sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
+ sniffer.bind(( HOST, 0 ))
+ sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
+
+ # continually read in packets and parse their information
+ while 1:
+ # read in a packet and pass the first 20 bytes to initialize the IP structure
+ raw_buffer = sniffer.recvfrom(65565)[0]
+
+ #take first 20 characters for the ip header
+ ip_header = raw_buffer[0:20]
+
+ #unpack them
+ iph = struct.unpack('!BBHHHBBH4s4s' , ip_header)
+
+ # print
+ version_ihl = iph[0]
+ ihl = version_ihl & 0xF
+ iph_length = ihl * 4
+ src_addr = socket.inet_ntoa(iph[8]);
+
+ # create our ICMP structure
+ buf = raw_buffer[iph_length:iph_length + ctypes.sizeof(ICMP)]
+ icmp_header = ICMP(buf)
+
+ # check for the type 3 and code: first check to make sure that the ICMP
+ # response is coming from within our target subenet
+ if icmp_header.code == 3 and icmp_header.type == 3:
+ # make sure host is in our target subnet
+ if IPAddress(src_addr) in IPNetwork(SUBNET):
+ # make sure it has magic message
+ if raw_buffer[len(raw_buffer) - len(MESSAGE):] == MESSAGE:
+ print("Host up: %s" % src_addr)
+
+
+if __name__ == '__main__':
+ main()

Network_and_802.11/scanner/test_netaddr.py

@@ -0,0 +1,9 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+import netaddr
+
+ip = '192.168.1.114'
+if ip in netaddr.IPNetwork('192.168.1.0/24'):
+ print('OK!')