Scapy is a very powerful packet manipulation program and library, written in Python. It allows you to: forge / decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, etc. This tool can also perform tasks such as scanning, trace-routing, probing, unit tests, attacks, network discovery, and much more. (official website).
Scapy: Powerful Python-based Interactive Packet Manipulation Tool
Scapy is a Python tool that enables you to send, sniff and dissect/forge network packets. Those capabilities allows tool construction that can probe, scan or attack networks. It can replace:
p0f,even some parts of
Scapy can also perform a huge number of other specific operations/tasks that most other tools can’t, such as:
- sending invalid frames,
- injecting your own 802.11 frames,
- combining techniques (VLAN hopping + ARP cache poisoning, VOIP decoding on WEP encrypted channel, etc.),
Supported platforms (cross-platfom)
Python 2.7 and
Python 3 (3.4 to 3.6):
- Linux, OSX, * BSD, and Windows.
- Craft Packets
Scapy enables the user to describe a packet or set of packets as layers that are stacked one upon another. Layer fields have useful default values that can be overloaded. It doesn’t oblige the user to use predetermined methods or templates.
- Interpret many with single probe
Unlike many tools, it provides a complete set of data/information (send/received responses). In case of a small dataset, user might try to dig desired data himself. In other cases when data set is simply too big, most tools process and discard all data not directly related to specific point of view. Scapy in comparement, provides the complete raw data, available for multiple/different types of analysis (viewpoints).
- It decodes, doesn’t interpret,
- It is also modular. Python module can be used to build specific network tools,
- Can be easily extended to support new protocols,
- You can build your own tools,
Clone it from the github repository, and run as follows:
$ git clone https://github.com/secdev/scapy $ cd scapy $ ./run_scapy >>>
To update scapy, just run:
$ git pull $ sudo python setup.py install
If you decide not to install all optional packages, Scapy will make sure to inform you about impossibility of using certain features:
INFO: Can't import python gnuplot wrapper . Won't be able to plot. INFO: Can't import PyX. Won't be able to use psdump() or pdfdump().
cryptography , simply run:
$ sudo apt-get install tcpdump graphviz imagemagick python-gnuplot python-cryptography python-pyx
If you need the cryptography-related methods, install it with
# pip install cryptography
# yum install git python-devel # cd /tmp # git clone https://github.com/secdev/scapy # cd scapy # python setup.py install
To install optional packages, run:
# yum install graphviz python-cryptography sox PyX gnuplot numpy # cd /tmp # wget http://heanet.dl.sourceforge.net/sourceforge/gnuplot-py/gnuplot-py-1.8.tar.gz # tar xvfz gnuplot-py-1.8.tar.gz # cd gnuplot-py-1.8 # python setup.py install
Mac OS X:
On Mac OS X, it doesn’t work natively. You need to install Python bindings to use
libpcap. To install using homebrew, first update it, then run python buildings:
$ brew update
$ brew install --with-python libdnet $ brew install https://raw.githubusercontent.com/secdev/scapy/master/.travis/pylibpcap.rb $ sudo brew install --with-python libdnet $ sudo brew install https://raw.githubusercontent.com/secdev/scapy/master/.travis/pylibpcap.rb
For installation on other platforms (* BSD, Windows), check the official docu page.
To start Scapy, you’ll need root privileges:
$ sudo ./scapy
from scapy.all import *
To see detailed documentation with usage examples, click the documentation button bellow.