From 1d7e41efd45474258e74c42a0ecc7b11b707d843 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 7 May 2018 17:21:32 +0200 Subject: [PATCH] man page in plaintext --- doc/scapy.1 | 198 +++++++++++++++++++++++++++++++++++++++++++++++++ doc/scapy.1.gz | Bin 2273 -> 0 bytes setup.py | 2 +- 3 files changed, 199 insertions(+), 1 deletion(-) create mode 100644 doc/scapy.1 delete mode 100644 doc/scapy.1.gz diff --git a/doc/scapy.1 b/doc/scapy.1 new file mode 100644 index 000000000..8c2b8663d --- /dev/null +++ b/doc/scapy.1 @@ -0,0 +1,198 @@ +.TH SCAPY 1 "May 12, 2003" +.SH NAME +scapy \- Interactive packet manipulation tool +.SH SYNOPSIS +.B scapy +.RI [ options ] +.SH DESCRIPTION +This manual page documents briefly the +.B scapy +tool. +.PP +\fBscapy\fP is a powerful interactive packet manipulation tool, +packet generator, network scanner, network discovery, packet sniffer, +etc. It can for the moment replace hping, parts of nmap, arpspoof, arp-sk, +arping, tcpdump, tshark, p0f, ... +.PP +\fBscapy\fP uses the python interpreter as a command board. That means that +you can use directly python language (assign variables, use loops, +define functions, etc.) If you give a file as parameter when you run +\fBscapy\fP, your session (variables, functions, intances, ...) will be saved +when you leave the interpretor, and restored the next time you launch +\fBscapy\fP. +.PP +The idea is simple. Those kind of tools do two things : sending packets +and receiving answers. That's what \fBscapy\fP does : you define a set of +packets, it sends them, receives answers, matches requests with answers +and returns a list of packet couples (request, answer) and a list of +unmatched packets. This has the big advantage over tools like nmap or +hping that an answer is not reduced to (open/closed/filtered), but is +the whole packet. +.PP +On top of this can be build more high level functions, for example one +that does traceroutes and give as a result only the start TTL of the +request and the source IP of the answer. One that pings a whole network +and gives the list of machines answering. One that does a portscan and +returns a LaTeX report. + +.SH OPTIONS +Options for scapy are: +.TP +\fB\-h\fR +display usage +.TP +\fB\-d\fR +increase log verbosity. Can be used many times. +.TP +\fB\-s\fR FILE +use FILE to save/load session values (variables, functions, intances, ...) +.TP +\fB\-p\fR PRESTART_FILE +use PRESTART_FILE instead of $HOME/.scapy_prestart.py as pre-startup file +.TP +\fB\-P\fR +do not run prestart file +.TP +\fB\-c\fR STARTUP_FILE +use STARTUP_FILE instead of $HOME/.scapy_startup.py as startup file +.TP +\fB\-C\fR +do not run startup file + +.SH COMMANDS +Only the vital commands to begin are listed here for the moment. +.TP +\fBls()\fR +lists supported protocol layers. If a protocol layer is given as parameter, lists its fields and types of fields. +.TP +\fBlsc()\fR +lists some user commands. If a command is given as parameter, its documentation is displayed. +.TP +\fBconf\fR +this object contains the configuration. + +.SH FILES +\fB$HOME/.scapy_prestart.py\fR +This file is run before scapy core is loaded. Only the \fb\conf\fP object +is available. This file can be used to manipulate \fBconf.load_layers\fP +list to choose which layers will be loaded: + +.nf +conf.load_layers.remove("bluetooth") +conf.load_layers.append("new_layer") +.fi + +\fB$HOME/.scapy_startup.py\fR +This file is run after scapy is loaded. It can be used to configure +some of the scapy behaviors: + +.nf +conf.prog.pdfreader="xpdf" +split_layers(UDP,DNS) +.fi + +.SH EXAMPLES + +More verbose examples are available at +http://www.secdev.org/projects/scapy/demo.html +Just run \fBscapy\fP and try the following commands in the interpreter. + +.LP +Test the robustness of a network stack with invalid packets: +.nf +sr(IP(dst="172.16.1.1", ihl=2, options="\verb$\x02$", version=3)/ICMP()) +.fi + +.LP +Packet sniffing and dissection (with a bpf filter or thetereal-like output): +.nf +a=sniff(filter="tcp port 110") +a=sniff(prn = lambda x: x.display) +.fi + +.LP +Sniffed packet reemission: +.nf +a=sniff(filter="tcp port 110") +sendp(a) +.fi + +.LP +Pcap file packet reemission: +.nf +sendp(rdpcap("file.cap")) +.fi + +.LP +Manual TCP traceroute: +.nf +sr(IP(dst="www.google.com", ttl=(1,30))/TCP(seq=RandInt(), sport=RandShort(), dport=dport) +.fi + +.LP +Protocol scan: +.nf +sr(IP(dst="172.16.1.28", proto=(1,254))) +.fi + +.LP +ARP ping: +.nf +srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="172.16.1.1/24")) +.fi + +.LP +ACK scan: +.nf +sr(IP(dst="172.16.1.28")/TCP(dport=(1,1024), flags="A")) +.fi + +.LP +Passive OS fingerprinting: +.nf +sniff(prn=prnp0f) +.fi + +.LP +Active OS fingerprinting: +.nf +nmap_fp("172.16.1.232") +.fi + + +.LP +ARP cache poisonning: +.nf +sendp(Ether(dst=tmac)/ARP(op="who-has", psrc=victim, pdst=target)) +.fi + +.LP +Reporting: +.nf +report_ports("192.168.2.34", (20,30)) +.fi + +.SH SEE ALSO + +.nf +https://github.com/secdev/scapy +https://scapy.readthedocs.io/en/latest/ +.fi + +.SH BUGS +Does not give the right source IP for routes that use interface aliases. + +May miss packets under heavy load. + +Session saving is limited by Python ability to marshal objects. As a +consequence, lambda functions and generators can't be saved, which seriously +reduce usefulness of this feature. + +BPF filters don't work on Point-to-point interfaces. + + +.SH AUTHOR +Philippe Biondi +.PP +This manual page was written by Alberto Gonzalez Iniesta +and Philippe Biondi. diff --git a/doc/scapy.1.gz b/doc/scapy.1.gz deleted file mode 100644 index 042526a550657707156648cf19e22bb90c50e681..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2273 zcmV<72p;zziwFn?Z?Rbd19M|xaCt5<0F79GZ{s!+{a>GgFczo{ICA3M-t~gIs5hH- zeV4>S>;+m}4gn=m7B8}>ij*Dq)8Ct+WGmSQw?LdI6gj`=&7;HhXR*4PN56{;F}Rfn zaWNf>>G}ElK@hG!i@W*lbzl=&9mK<#Sd>oHGI4sRL?x3a<-}H&x@rpPv?+x%rr=|% z-|v>uYOxB!kAhDJ;r&AVTbPRWS@9p<_33(bb-#$#i{)Lg&b1|BjVvH~qeN{XpLh0xz%?pOrvtBoqL+nIVSO6B&Z zej-&R7EcSQwu#xP`Y`SU+EQm3wgk#0p;$P9BO)_3Su3`NJP@_23YjR8SGwHL$r@gn zOq5$$jfJc$TN#t_)0ur52l&eyT~ejZ7F(RnW&MPc=hzj7U;EuyWm#i&a5+3<&#PMD zw~!Q*#BAYuDqFO3`;~ zOslnkZVmXc3VaiM=ig5i4QkPNgC^3NI8EI7Y|dP^u{?wX%4|ZhBj) zXD6KADt}5sQQkKy6de6E2}+fulCyeS6^f#25RNAek;pDpmqi&1lnx{#qgGtPnKH#= zTRv6<-hf2u9W5gxC|>I`^qoa)kez;}Q=>=>+1AEeLZ%~yZ6Q-g9P8nd*p6HAIM+%a zqYYe=W1&`mG;khzw9C8KolUN(ORAkhTbAEed}11SYsIiVJZ{g8IF_gFK~s7)Y3D3? zg>dE4*J`ZcZ@QDnABv0Gs*PEppA)uwSA@U*Ra3MA^RDG-~|gPE`nNFdhh8?PQx+K}=&-huiD za4e#3hj%{|%ToD}R9siGb*;mxpi}H4-KAtJ6V&0c5OB07iH#@p1Ue-g>68rWs^CVh z)o%o4c#qgIfG-)lSHZG{b&84~7P3~CLAYj=dN|7;vikto2^c&8GLY`myOiGPGO3kh zEZGPYLTs#dhfrMkbO2>ig6;!1rVUT0El!JH7B|-cArU=LEl}@I3M11acI;%)P|bc5 zgq*}zBtE*oUajZ%>qi#Pie4`1(mEx%>EC@`-d;~a4#Hzaz=9Nq6c8X@tPF^={uD+=uK0zjIPZnu`4?MR&|j`hE^V~_)FP~RYv&b z`!S(Myr8ClJ>r2)I#edJOkgut=SS_pTx!$Eo1za#KIQxUK%H>X*+V)*S&Sl{S33?mqO z142Y|i(b_xhFnY;ZZ~-%(++dj6AfJgkM)rkTymUjJzPY?)VkT=;_uV&;&0(acrie0 z<;4tllJ@E_8$3`P-aR~@Pv7A!{vm*$y&p{$SGUn{)Wr`bMLmk{$yG`{iO_I|4n64+ zaYd*=gh6#8or3}wEJQz@P= z#dFvq0gaZ`{cNPis#r%duf22+;Y#a_~XNadkKVY~1 z{`-}ajMBPK=N`D%ELl-6EGmR-L58H^@4Fsxpc z-DLXVMPTMv|N8$%dFQ=rFzn)d`T?$Hh1{TO=YyA(iNt^wE?0solUfNKb+WoEqZvN9 z^!4jz?(eg2oFvx#m?6I>!`@FjG(5&90S`o-7;Q~ip0sj-oTBAG7kzk4g{00UtKkqGEp6Y8|%ovtZ?@t{3&ciYOm9;zW&*RU+rt{9H