A curated list of tools, add-ons, articles or cool exploits using Scapy. Feel free to contribute !
Tools that use Scapy (a lot) or extend it
DDoS
- ufonet: create your own botnet to send untraceable DDoS attacks
Wi-Fi
- trackerjacker: Maps and tracks Wi-Fi networks and devices through raw 802.11 monitoring.
- wifiphisher: create rogue access point
IPv6
Measurements
- mtraceroute: create cool graphs over multiple traceroute analysis
- Network Security Toolkit (NST): Includes an enhanced version of
mtraceroutewith IP Geolocation and GUI management
Protocols
- Cotopaxi: set of tools for security testing of Internet of Things devices using specific network IoT protocols (AMQP, CoAP, DTLS, HTCPCP, KNX, mDNS, MQTT, MQTT-SN, QUIC, RTSP, SSDP)
- project-memoria-detector: determine whether a network device runs a specific embedded TCP/IP stack
- routopsy: toolkit to attack DRP & FHRP
- TorPylle: implementation of the OR (TOR) protocol
Unit Tests
- Linux Kernel: Linux Traffic Control (tc) testing suite
- OpenBSD: IPv6 stack testing suite
- RIOT-OS: RIOT OS networking testing suite
Visualization
- Scapy-Packet-Viewer: Minimal packet viewer similar to tshark/mitmproxy. Based on urwid.
Misc
- aioblescan: scan and decode advertised BLE info
- fenrir: bypass wired 802.1x protection
- flowsynth: tool for rapidly modeling network traffic
- Fragscapy: fuzz network protocols by automating the modification of outgoing network packets
- Habu: Toolkit with a lot of little hacking tools. Many of them use Scapy
- mirage: powerful and modular framework dedicated to the security analysis of wireless communications
- netenum: a tool to passively discover active hosts on a network
- net-creds: sniff and catch all sensitive data on an interface
- packetweaver: a Python framework for script filing and task sequencing
- p0f3plus: an implementation of with extra analysis features
- pysap: interact with SAP using custom built frames & tools
- Responder: LLMNR, NBT-NS and MDNS poisoner
- scapy_unroot: tooling to use Scapy without root permissions
- scapy-benchmarks: a small test suite that tracks the evolution of Scapy's performance.
- sshame: tool to brute force SSH public-key authentication
- TIDoS Framework: The Offensive Manual Web Application Penetration Testing Framework
- Explore Scapy topics on GitHub
Exploits that use Scapy. This does not count the ones included by default
2021
- CVE-2021-24086 : Analysis of a Windows IPv6 Fragmentation Vulnerability
- fragattacks: Fragmentation & Aggregation Attacks
2020
- CVE-2020-25577: Bad Neighbor on FreeBSD: IPv6 Router Advertisement Vulnerabilities in rtsold
- CVE-2020-16898: Beware the Bad Neighbor: Analysis and PoC of the Windows IPv6 Router Advertisement Vulnerability
2019
- CVE-2019-5597: IPv6 fragmentation vulnerability in OpenBSD Packet Filter
2018
- CVE-2018-4407: a heap buffer overflow in the networking code in the XNU operating system kernel (iOS and macOS)
2017
- krackattacks-scripts: test if clients or access points (APs) are affected by the KRACK attack against WPA2
2016
- CVE-2016-6366: the EXTRABACON exploit, a remote code execution for Cisco ASA written by the Equation Group (NSA) and leaked by the Shadow Brokers
Misc
- isf: ISF (Industrial Control System Exploitation Framework). A suite that provides exploits various industrial protocols