Awesome Scapy

A curated list of tools, add-ons, articles or cool exploits using Scapy, the Python-based interactive packet manipulation program & library. Feel free to contribute!

You can also explore Scapy topics on GitHub!

Contents

• Tools
• Exploits

Tools

Tools that use Scapy (a lot) or extend it

Fun

• pwnagotchi - Your AI pet that hacks WiFI to grow. It's super cute.

DDoS

• ufonet - Create your own botnet to send untraceable DDoS attacks.

Wi-Fi.

• trackerjacker - Maps and tracks Wi-Fi networks and devices through raw 802.11 monitoring.
• wifiphisher - Create rogue access point.

IPv6

• Chiron - An IPv6 security assessment framework.
• mitm6 - Performs MiTM for IPv6.

Measurements

• mtraceroute - Create cool graphs over multiple traceroute analysis.
• Network Security Toolkit (NST) - Includes an enhanced version of mtraceroute with IP Geolocation and GUI management.
• netprobify - Network probing tool crafted for datacenters (but not only). Probing using: TCP, UDP or ICMP.

Protocols

• Cotopaxi - Set of tools for security testing of Internet of Things devices using specific network IoT protocols (AMQP, CoAP, DTLS, HTCPCP, KNX, mDNS, MQTT, MQTT-SN, QUIC, RTSP, SSDP) .
• project-memoria-detector - Determine whether a network device runs a specific embedded TCP/IP stack.
• routopsy - Toolkit to attack DRP & FHRP.
• TorPylle - Implementation of the OR (TOR) protocol.

Unit Tests

• Linux Kernel - Linux Traffic Control (tc) testing suite.
• OpenBSD - IPv6 stack testing suite.
• RIOT-OS - RIOT OS networking testing suite.

Visualization

• Scapy-Packet-Viewer - Minimal packet viewer similar to tshark/mitmproxy. Based on urwid.

Misc

• aioblescan - Scan and decode advertised BLE info.
• fenrir - Bypass wired 802.1x protection.
• flowsynth - Tool for rapidly modeling network traffic.
• Fragscapy - Fuzz network protocols by automating the modification of outgoing network packets.
• Habu - Toolkit with a lot of little hacking tools. Many of them use Scapy.
• mirage - Powerful and modular framework dedicated to the security analysis of wireless communications.
• netenum - A tool to passively discover active hosts on a network.
• net-creds - Sniff and catch all sensitive data on an interface.
• packetweaver - A Python framework for script filing and task sequencing.
• p0f3plus - An implementation of with extra analysis features.
• pysap - Interact with SAP using custom built frames & tools.
• Responder - LLMNR, NBT-NS and MDNS poisoner.
• scapy_unroot - Tooling to use Scapy without root permissions.
• scapy-benchmarks - A small test suite that tracks the evolution of Scapy's performance.
• sshame - Tool to brute force SSH public-key authentication.
• TIDoS Framework - The Offensive Manual Web Application Penetration Testing Framework.

Exploits

Exploits that use Scapy. This does not count the ones included by default

2024

• PPPwn (CVE-2006-4304) - Playstation 4 PPPoE RCE.

2022

• CVE-2021-28444 - Windows Hyper-V Security Feature Bypass Vulnerability.

2021

• CVE-2021-24086 - Analysis of a Windows IPv6 Fragmentation Vulnerability.
• fragattacks - Fragmentation & Aggregation Attacks.

2020

• CVE-2020-25577 - Bad Neighbor on FreeBSD: IPv6 Router Advertisement Vulnerabilities in rtsold.
• CVE-2020-16898 - Beware the Bad Neighbor: Analysis and PoC of the Windows IPv6 Router Advertisement Vulnerability.

2019

• CVE-2019-5597 - IPv6 fragmentation vulnerability in OpenBSD Packet Filter.

2018

• CVE-2018-4407 - A heap buffer overflow in the networking code in the XNU operating system kernel (iOS and macOS).

2017

• krackattacks-scripts - Test if clients or access points (APs) are affected by the KRACK attack against WPA2.

2016

• CVE-2016-6366 - The EXTRABACON exploit, a remote code execution for Cisco ASA written by the Equation Group (NSA) and leaked by the Shadow Brokers.

Misc

• isf - ISF (Industrial Control System Exploitation Framework). A suite that provides exploits various industrial protocols.