Skip to content
/ scapy-containerised Public

Container terminal application for intercepting packets within pod/namespace using Scapy and ttyd terminal

License

MIT license
5 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

saidsef/scapy-containerised

BranchesTags

Repository files navigation

Scapy Containerised

This gives you a shell inside container/namespace via TTYD, and you can use Scapy to analyse network traffic.

Scapy is a powerful Python-based interactive packet manipulation program and library.

Scapy enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.

Scapy is usable either as a shell or as a library. For further details, please head over to Getting started with Scapy, which is part of the documentation.

Prerequisite

  • Container runtime (needs to run privileged mode)
  • Some Python Knowledge
  • Have read Scapy docs

Installation

Follow these steps to build:

git clone /~https://github.com/saidsef/scapy-containerised
docker build -t saidsef/scapy-containerised:latest .
docker run -d --net=host --privileged -v /path/to/geoip2:/data docker.io/saidsef/scapy-containerised:latest

GeoIP data sets can be download from P3TERX

conf.geoip_city = "/data/GeoLite.mmdb"
conf.temp_files = "/tmp"

trace = traceroute_map(["saidsef.co.uk"], verbose=0)
trace.world_trace()

Than visit:

http://localhost:8080

In the browser termonal type:

python -m scapy.__init__

To start Scapy in interactive mode.

Deployment

To expose host interface to container enable hostNetwork: true in deployment.yml file. Consider security implications

Make certain the PORT isn't already bound to another service - if you choose to run the service on a different PORT make sure you update the relevant fields.

HELM

helm repo add scapy https://saidsef.github.io/scapy-containerised/
helm repo update
helm upgrade --install scapy scapy/scapy --namespace scapy --create-namespace

Kubectl

kubectl apply -k ./deployment

To view, bind Kubernetes service port loaclly:

kubectl port-forward --namespace scapy svc/scapy 8080:8080

Than visit:

http://localhost:8080

Sniff Packets

To list available layers:

help(scapy.layers)

Sniff function specification documentation

print sniff.__doc__
load_layer("http")
get_if_list()
sniff(iface="eth0", prn=lambda x: x.show(), lfilter=lambda x: HTTP in x, count=100)

https://scapy.readthedocs.io/en/latest/api/scapy.layers.html To load layers tls you might need to downgrade cryptography <= v38

The routes are stores in conf.route. You can use it to display the routes, or get specific routing:

conf.route

Plot unsing Matplotlib

For some special features, Scapy will need some dependencies to be installed.

p=sniff(iface="any", count=50)
p.plot(lambda x:len(x))

https://scapy.readthedocs.io/en/latest/installation.html#optional-dependencies

PDF Dump using pxy

p=IP()/ICMP()
p.pdfdump("test.pdf", target="> /tmp")

Source

Our latest and greatest source of scapy-containerised can be found on GitHub. Fork us!

Contributing

We would ❤️ you to contribute by making a pull request.

Please read the official Contribution Guide for more information on how you can contribute.

About

Container terminal application for intercepting packets within pod/namespace using Scapy and ttyd terminal

Topics

docker security-audit pcap network scapy packet-sniffer network-analysis tcpdump netfilter hacktoberfest packet-capture network-security security-tools network-virtualization packet-geoip kubernetes-terminal kubernetes-tty

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

5 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases 17

scapy-0.3.1 Latest
Feb 16, 2025
+ 16 releases

Sponsor this project

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages