bbob122
diff --git a/‎Black Hat Python/chapter_03/README.md
Lines changed: 32 additions & 0 deletions b/‎Black Hat Python/chapter_03/README.md
Lines changed: 32 additions & 0 deletions
diff --git a/‎Black Hat Python/chapter_03/scanner.py
Lines changed: 149 additions & 0 deletions b/‎Black Hat Python/chapter_03/scanner.py
Lines changed: 149 additions & 0 deletions
diff --git a/‎Black Hat Python/chapter_03/sniffer_ip_header_decode.py
Lines changed: 72 additions & 0 deletions b/‎Black Hat Python/chapter_03/sniffer_ip_header_decode.py
Lines changed: 72 additions & 0 deletions
diff --git a/‎Black Hat Python/chapter_03/sniffer_with_icmp.py
Lines changed: 104 additions & 0 deletions b/‎Black Hat Python/chapter_03/sniffer_with_icmp.py
Lines changed: 104 additions & 0 deletions
diff --git a/‎Black Hat Python/chapter_04/README.md
Lines changed: 22 additions & 0 deletions b/‎Black Hat Python/chapter_04/README.md
Lines changed: 22 additions & 0 deletions
@@ -10,3 +10,35 @@ Open another terminal pick a host to ping.
 ping google.com 
 ```
 Then you should see some garbled output 
+
+### sniffer_ip_header_decode.py
+
+```bash
+sudo sniffer_ip_header_decode.py 
+```
+Open another terminal pick a host to ping.
+```bash
+ping google.com 
+```
+We would be able to see only the response and only for the ICMP protocol
+
+### sniffer_with_icmp.py
+
+```bash
+sudo python3 sniffer_with_icmp.py
+```
+Open another terminal pick a host to ping.
+```bash
+ping google.com 
+```
+
+The output actually indicates that the ping (ICMP Echo) responses are being correctly received and decoded
+
+### scanner.py
+
+This code scans a specified subnet for active hosts by sending UDP datagrams and listening for ICMP "port unreachable" responses to identify which hosts are up. It prints the IP addresses of responsive hosts within the given subnet
+```bash
+sudo python3 scanner.py 192.168.1.0
+
+# subnet to target: 192.168.1.0/24 
+```
@@ -0,0 +1,149 @@
+import ipaddress
+import os
+import socket
+import struct
+import sys
+import threading
+import time
+
+# Function to get subnet input from user
+def get_subnet():
+    while True:
+        subnet = input("Enter the subnet to target (e.g., 192.168.1.0/24): ")
+        try:
+            # Validate the subnet input
+            ipaddress.ip_network(subnet)
+            return subnet
+        except ValueError:
+            print("Invalid subnet. Please try again.")
+
+# Magic string we'll check ICMP responses for
+MESSAGE = 'PYTHONRULES!'
+
+# Class to handle IP headers
+class IP:
+    def __init__(self, buff=None):
+        # Unpack the IP header fields from the buffer
+        header = struct.unpack('<BBHHHBBH4s4s', buff)
+        self.ver = header[0] >> 4
+        self.ihl = header[0] & 0xF
+        self.tos = header[1]
+        self.len = header[2]
+        self.id = header[3]
+        self.offset = header[4]
+        self.ttl = header[5]
+        self.protocol_num = header[6]
+        self.sum = header[7]
+        self.src = header[8]
+        self.dst = header[9]
+
+        # Convert binary IP addresses to human-readable format
+        self.src_address = ipaddress.ip_address(self.src)
+        self.dst_address = ipaddress.ip_address(self.dst)
+
+        # Map protocol constants to their names
+        self.protocol_map = {1: "ICMP", 6: "TCP", 17: "UDP"}
+        try:
+            self.protocol = self.protocol_map[self.protocol_num]
+        except KeyError:
+            print('No protocol for %s' % self.protocol_num)
+            self.protocol = str(self.protocol_num)
+
+# Class to handle ICMP headers
+class ICMP:
+    def __init__(self, buff):
+        # Unpack the ICMP header fields from the buffer
+        header = struct.unpack('<BBHHH', buff)
+        self.type = header[0]
+        self.code = header[1]
+        self.sum = header[2]
+        self.id = header[3]
+        self.seq = header[4]
+
+# Function to send UDP datagrams with our magic message
+def udp_sender(subnet):
+    with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as sender:
+        # Send datagrams to all hosts in the subnet
+        for ip in ipaddress.ip_network(subnet).hosts():
+            sender.sendto(bytes(MESSAGE, 'utf8'), (str(ip), 65212))
+
+# Class to handle the scanning and sniffing process
+class Scanner:
+    def __init__(self, host):
+        self.host = host
+        # Choose the correct protocol based on the OS
+        if os.name == 'nt':
+            socket_protocol = socket.IPPROTO_IP
+        else:
+            socket_protocol = socket.IPPROTO_ICMP
+
+        # Create a raw socket
+        self.socket = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
+        self.socket.bind((host, 0))
+        self.socket.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
+
+        # Enable promiscuous mode on Windows
+        if os.name == 'nt':
+            self.socket.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
+
+    def sniff(self, subnet):
+        # Set to keep track of hosts that are up
+        hosts_up = set([f'{str(self.host)} *'])
+        try:
+            while True:
+                # Read a packet
+                raw_buffer = self.socket.recvfrom(65535)[0]
+
+                # Create an IP header from the first 20 bytes
+                ip_header = IP(raw_buffer[0:20])
+
+                # If it's ICMP, we want it
+                if ip_header.protocol == "ICMP":
+                    offset = ip_header.ihl * 4
+                    buf = raw_buffer[offset:offset + 8]
+                    icmp_header = ICMP(buf)
+
+                    # Check for TYPE 3 and CODE 3
+                    if icmp_header.code == 3 and icmp_header.type == 3:
+                        # Ensure the response is in our target subnet
+                        if ipaddress.ip_address(ip_header.src_address) in ipaddress.IPv4Network(subnet):
+                            # Make sure it has our magic message
+                            if raw_buffer[len(raw_buffer) - len(MESSAGE):] == bytes(MESSAGE, 'utf8'):
+                                if str(ip_header.src_address) not in hosts_up:
+                                    hosts_up.add(str(ip_header.src_address))
+                                    print(f'Host Up: {ip_header.src_address}')
+        except KeyboardInterrupt:
+            # Disable promiscuous mode on Windows
+            if os.name == 'nt':
+                self.socket.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
+
+            print('\nUser interrupted.')
+            if hosts_up:
+                print(f'\n\nSummary: Hosts up on {subnet}')
+                for host in sorted(hosts_up):
+                    print(f'{host}')
+            print('')
+            sys.exit()
+
+if __name__ == '__main__':
+    # Get the target subnet from the user
+    SUBNET = get_subnet()
+
+    # Determine the host to bind to
+    if len(sys.argv) == 2:
+        host = sys.argv[1]
+    else:
+        hostname = socket.gethostname()
+        host = socket.gethostbyname(hostname)
+
+    print("Using host:", host)
+
+    # Create a scanner instance
+    s = Scanner(host)
+
+    # Start the UDP sender in a separate thread
+    t = threading.Thread(target=udp_sender, args=(SUBNET,))
+    t.start()
+
+    # Start sniffing
+    s.sniff(SUBNET)
@@ -0,0 +1,72 @@
+import ipaddress
+import os
+import socket
+import struct
+import sys
+
+class IP:
+    def __init__(self, buff=None):
+        header = struct.unpack('<BBHHHBBH4s4s', buff)
+        self.ver = header[0] >> 4
+        self.ihl = header[0] & 0xF
+        self.tos = header[1]
+        self.len = header[2]
+        self.id = header[3]
+        self.offset = header[4]
+        self.ttl = header[5]
+        self.protocol_num = header[6]
+        self.sum = header[7]
+        self.src = header[8]
+        self.dst = header[9]
+
+        # human readable IP addresses
+        self.src_address = ipaddress.ip_address(self.src)
+        self.dst_address = ipaddress.ip_address(self.dst)
+
+        # map protocol constants to their names
+        self.protocol_map = {1: "ICMP", 6: "TCP", 17: "UDP"}
+        try:
+            self.protocol = self.protocol_map[self.protocol_num]
+        except Exception as e:
+            print('%s No protocol for %s' % (e, self.protocol_num))
+            self.protocol = str(self.protocol_num)
+
+def sniff(host):
+    # should look familiar from previous example
+    if os.name == 'nt':
+        socket_protocol = socket.IPPROTO_IP
+    else:
+        socket_protocol = socket.IPPROTO_ICMP
+
+    sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
+    sniffer.bind((host, 0))
+    sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
+
+    if os.name == 'nt':
+        sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
+
+    try:
+        while True:
+            # read a packet
+            raw_buffer = sniffer.recvfrom(65535)[0]
+
+            # create an IP header from the first 20 bytes
+            ip_header = IP(raw_buffer[0:20])
+
+            # print the detected protocol and hosts
+            print('Protocol: %s %s -> %s' % (ip_header.protocol, ip_header.src_address, ip_header.dst_address))
+
+    except KeyboardInterrupt:
+        # if we're on Windows, turn off promiscuous mode
+        if os.name == 'nt':
+            sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
+        sys.exit()
+
+if __name__ == '__main__':
+    if len(sys.argv) == 2:
+        host = sys.argv[1]
+    else:
+        hostname = socket.gethostname()
+        host = socket.gethostbyname(hostname)
+    print("Using host:", host)
+    sniff(host)
@@ -0,0 +1,104 @@
+import ipaddress
+import os
+import socket
+import struct
+import sys
+
+# Define a class to represent the IP header of a packet
+class IP:
+    def __init__(self, buff=None):
+        # Unpack the IP header fields from the buffer
+        header = struct.unpack('<BBHHHBBH4s4s', buff)
+        self.ver = header[0] >> 4
+        self.ihl = header[0] & 0xF
+        self.tos = header[1]
+        self.len = header[2]
+        self.id = header[3]
+        self.offset = header[4]
+        self.ttl = header[5]
+        self.protocol_num = header[6]
+        self.sum = header[7]
+        self.src = header[8]
+        self.dst = header[9]
+
+        # Convert source and destination IP addresses to human-readable format
+        self.src_address = ipaddress.ip_address(self.src)
+        self.dst_address = ipaddress.ip_address(self.dst)
+
+        # Map protocol numbers to protocol names
+        self.protocol_map = {1: "ICMP", 6: "TCP", 17: "UDP"}
+        try:
+            self.protocol = self.protocol_map[self.protocol_num]
+        except Exception as e:
+            print('%s No protocol for %s' % (e, self.protocol_num))
+            self.protocol = str(self.protocol_num)
+
+# Define a class to represent the ICMP header of a packet
+class ICMP:
+    def __init__(self, buff):
+        # Unpack the ICMP header fields from the buffer
+        header = struct.unpack('<BBHHH', buff)
+        self.type = header[0]
+        self.code = header[1]
+        self.sum = header[2]
+        self.id = header[3]
+        self.seq = header[4]
+
+# Function to sniff packets on a specified host
+def sniff(host):
+    # Determine the appropriate socket protocol
+    if os.name == 'nt':
+        socket_protocol = socket.IPPROTO_IP
+    else:
+        socket_protocol = socket.IPPROTO_ICMP
+
+    # Create a raw socket and bind it to the host
+    sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
+    sniffer.bind((host, 0))
+    sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
+
+    # If running on Windows, set the socket to promiscuous mode
+    if os.name == 'nt':
+        sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
+
+    try:
+        while True:
+            # Read a packet
+            raw_buffer = sniffer.recvfrom(65535)[0]
+
+            # Create an IP header from the first 20 bytes of the packet
+            ip_header = IP(raw_buffer[0:20])
+
+            # If the packet is ICMP, process and print its details
+            if ip_header.protocol == "ICMP":
+                print('Protocol: %s %s -> %s' % (
+                    ip_header.protocol,
+                    ip_header.src_address,
+                    ip_header.dst_address))
+                print(f'Version: {ip_header.ver}')
+                print(f'Header Length: {ip_header.ihl} TTL: {ip_header.ttl}')
+
+                # Calculate the starting point of the ICMP packet
+                offset = ip_header.ihl * 4
+                buf = raw_buffer[offset:offset + 8]
+
+                # Create an ICMP header from the buffer
+                icmp_header = ICMP(buf)
+                print('ICMP -> Type: %s Code: %s\n' % (icmp_header.type, icmp_header.code))
+    except KeyboardInterrupt:
+        # If running on Windows, turn off promiscuous mode
+        if os.name == 'nt':
+            sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)
+        sys.exit()
+
+if __name__ == '__main__':
+    # If a host is specified in command-line arguments, use it
+    if len(sys.argv) == 2:
+        host = sys.argv[1]
+    else:
+        # Otherwise, get the local machine's IP address
+        hostname = socket.gethostname()
+        host = socket.gethostbyname(hostname)
+    print("Using host:", host)
+    # Start sniffing packets on the specified host
+    sniff(host)
@@ -0,0 +1,22 @@
+### mail_sniffer.py
+
+- Install scapy package
+```python
+sudo pip3 install scapy
+```
+- A simple sniffer 
+```
+sudo python3 mail_sniffer.py
+```
+
+### mail_sniffer_using_BPF_syntax.py
+- If you are on a network where you know you're already on their internal network and you want to compromise some mail server accounts then you could do that by sniffing the network by running the below command
+```
+sudo python3 mail_sniffer_using_BPF_syntax.py
+```
+
+### arper.py
+```
+python3 arper_1.py <victim_ip> <gateway_ip> <interface>
+python3 arper_2.py <victim_ip> <gateway_ip> <interface>
+```