Skip to content
/ scapy-containerised Public

Container terminal application for intercepting packets within pod/namespace using Scapy and ttyd terminal

License

MIT license
5 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

saidsef/scapy-containerised

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

336 Commits

.devcontainer

.devcontainer

 
 

.github

.github

 
 

charts

charts

 
 

deployment

deployment

 
 

scripts

scripts

 
 

.dockerignore

.dockerignore

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

Dockerfile

Dockerfile

 
 

LICENSE.md

LICENSE.md

 
 

Pipfile

Pipfile

 
 

Pipfile.lock

Pipfile.lock

 
 

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

Scapy Containerised

This gives you a shell inside container/namespace via TTYD, and you can use Scapy to analyse network traffic.

Scapy is a powerful Python-based interactive packet manipulation program and library.

Scapy enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.

Scapy is usable either as a shell or as a library. For further details, please head over to Getting started with Scapy, which is part of the documentation.

Prerequisite

  • Container runtime (needs to run privileged mode)
  • Some Python Knowledge
  • Have read Scapy docs

Installation

Follow these steps to build:

git clone https://github.com/saidsef/scapy-containerised
docker build -t saidsef/scapy-containerised:latest .
docker run -d --net=host --privileged -v /path/to/geoip2:/data saidsef/scapy-containerised:latest

GeoIP data sets can be download from P3TERX

Than visit:

http://localhost:8080

In the browser termonal type:

python -m scapy.__init__

To start Scapy in interactive mode.

Deployment

To expose host interface to container enable hostNetwork: true in deployment.yml file. Consider security implications

Make sure the PORT isn't already bound to another service - if you choose to run the service on a different PORT make sure you update the relevant fields.

HELM

helm repo add scapy https://saidsef.github.io/scapy-containerised/
helm repo update
helm upgrade --install scapy scapy/scapy --namespace scapy --create-namespace

Kubectl

kubectl apply -k ./deployment

To view, bind Kubernetes service port loaclly:

kubectl port-forward --namespace scapy svc/scapy 8080:8080

Than visit:

http://localhost:8080

Sniff Packets

To list available layers:

help(scapy.layers)
# load_layer("http")
# get_if_list()
# sniff(iface="eth0", prn=lambda x: x.show(), lfilter=lambda x: HTTP in x, count=100)

https://scapy.readthedocs.io/en/latest/api/scapy.layers.html To load layers tls you might need to downgrade cryptography <= v38

The routes are stores in conf.route. You can use it to display the routes, or get specific routing:

conf.route

Source

Our latest and greatest source of scapy-containerised can be found on GitHub. Fork us!

Contributing

We would ❤️ you to contribute by making a pull request.

Please read the official Contribution Guide for more information on how you can contribute.

About

Container terminal application for intercepting packets within pod/namespace using Scapy and ttyd terminal

Topics

docker security-audit pcap network scapy packet-sniffer network-analysis tcpdump netfilter hacktoberfest packet-capture network-security security-tools network-virtualization packet-geoip kubernetes-terminal kubernetes-tty

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

5 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases 15

scapy-0.2.15 Latest
Feb 5, 2024
+ 14 releases

Sponsor this project

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages