scapy-containerised

Scapy Containerised

Scapy is a powerful Python-based interactive packet manipulation program and library.

Scapy enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.

Scapy is usable either as a shell or as a library. For further details, please head over to Getting started with Scapy, which is part of the documentation.

Prerequisite

• Container runtime (needs to run privileged mode)
• Some Python Knowledge
• Have a read Scapy docs

Installation

Follow these steps to build:

git clone https://github.com/saidsef/scapy-containerised

docker build -t saidsef/scapy-containerised:latest .

docker run -d --net=host --privileged -v /path/to/geoip2:/data saidsef/scapy-containerised:latest

Than visit:

http://localhost:8080

In the browser termonal type:

python -m scapy.__init__

To start Scapy in interactive mode.

Deployment

To expose host interface to container enable hostNetwork: true in deployment.yml file. Consider security implications Make sure the PORT isn’t already bound to another service - if you choose to run the service on a different PORT make sure you update the relevant fields.

kubectl apply -k ./deployment

To view, bind Kubernetes service port loaclly:

kubectl port-forward --namespace web svc/scapy 8080:8080

Than visit:

http://localhost:8080

Sniff Packets

Select an interface iface name from get_if_list() result

# load_layer("tls")
# get_if_list()
# sniff(iface="ens3", prn=lambda x: x.show(), lfilter=lambda x: TLS in x, count=100)

This site is open source. Improve this page.