Skip to content

Commit 4789d6e

Browse files
author
casterbyte
committed
fix for pcap packets entries
1 parent 130dc68 commit 4789d6e

File tree

1 file changed

+28
-5
lines changed

1 file changed

+28
-5
lines changed

above.py

Lines changed: 28 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,7 @@ def packet_detection(packet):
7878
print(Fore.WHITE + Style.BRIGHT + '-' * 50)
7979
print(Fore.WHITE + Style.BRIGHT + "[+] Detected MACSec")
8080
print(Fore.YELLOW + Style.BRIGHT + "[+] The network may be using 802.1X, keep that in mind")
81+
packets.append(packet)
8182
try:
8283
print(Fore.GREEN + Style.BRIGHT + "[*] System Identifier: " + Fore.WHITE + Style.BRIGHT + packet[0][MACsec][MACsecSCI].system_identifier)
8384
except:
@@ -96,6 +97,7 @@ def hex_to_string(hex):
9697
print(Fore.GREEN + Style.BRIGHT + "[*] Tools: " + Fore.WHITE + Style.BRIGHT + "Loki, Scapy, FRRouting")
9798
print(Fore.GREEN + Style.BRIGHT + "[*] OSPF Area ID: " + Fore.WHITE + Style.BRIGHT + str(packet[OSPF_Hdr].area))
9899
print(Fore.GREEN + Style.BRIGHT + "[*] OSPF Neighbor IP: " + Fore.WHITE + Style.BRIGHT + str(packet[OSPF_Hdr].src))
100+
packets.append(packet)
99101

100102
if packet.haslayer(Ether):
101103
mac_src = packet[Ether].src
@@ -127,6 +129,7 @@ def hex_to_string(hex):
127129
print(Fore.WHITE + Style.BRIGHT + "[+] Detected BGP Packet")
128130
print(Fore.GREEN + Style.BRIGHT + "[+] Attack Impact: " + Fore.YELLOW + Style.BRIGHT + "Route Hijacking")
129131
print(Fore.GREEN + Style.BRIGHT + "[*] Tools: " + Fore.WHITE + Style.BRIGHT + "Scapy, FRRouting")
132+
packets.append(packet)
130133

131134
bgp_header = packet.getlayer(BGPHeader)
132135
if bgp_header:
@@ -159,6 +162,7 @@ def hex_to_string(hex):
159162
print(Fore.GREEN + Style.BRIGHT + "[*] HSRP Group Number: " + Fore.WHITE + Style.BRIGHT + str(packet[HSRP].group))
160163
print(Fore.GREEN + Style.BRIGHT + "[+] HSRP Virtual IP Address: " + Fore.WHITE + Style.BRIGHT + str(packet[HSRP].virtualIP))
161164
print(Fore.GREEN + Style.BRIGHT + "[*] HSRP Speaker IP: " + Fore.WHITE + Style.BRIGHT + str(packet[IP].src))
165+
packets.append(packet)
162166

163167
if packet.haslayer(Ether):
164168
mac_src = packet[Ether].src
@@ -184,6 +188,7 @@ def hex_to_string(hex):
184188
if packet.haslayer(VRRP):
185189
print(Fore.WHITE + Style.BRIGHT + '-' * 50)
186190
print(Fore.WHITE + Style.BRIGHT + "[+] Detected VRRPv2 Packet")
191+
packets.append(packet)
187192

188193
if packet.haslayer(AH):
189194
print (Fore.YELLOW + Style.BRIGHT + "[!] Authentication: AH Header detected, VRRP packet is encrypted")
@@ -226,6 +231,7 @@ def hex_to_string(hex):
226231
print(Fore.GREEN + Style.BRIGHT + "[*] Tools: " + Fore.WHITE + Style.BRIGHT + "Scapy, Loki")
227232
print(Fore.GREEN + Style.BRIGHT + "[*] VRRPv3 Group Number: " + Fore.WHITE + Style.BRIGHT + str(packet[VRRPv3].vrid))
228233
print(Fore.GREEN + Style.BRIGHT + "[*] VRRPv3 Speaker IP: " + Fore.WHITE + Style.BRIGHT + str(packet[IP].src))
234+
packets.append(packet)
229235

230236
if packet.haslayer(Ether):
231237
mac_src = packet[Ether].src
@@ -249,7 +255,8 @@ def hex_to_string(hex):
249255
print(Fore.GREEN + Style.BRIGHT + "[*] Tools: " + Fore.WHITE + Style.BRIGHT + "Loki")
250256
print(Fore.YELLOW + Style.BRIGHT + "[!] GLBP has not yet been implemented by Scapy")
251257
print(Fore.YELLOW + Style.BRIGHT + "[!] Check AVG router priority values manually using Wireshark")
252-
print(Fore.YELLOW + Style.BRIGHT + "[!] If the AVG router's priority value is less than 255, you have a chance of launching a MITM attack.")
258+
print(Fore.YELLOW + Style.BRIGHT + "[!] If the AVG router's priority value is less than 255, you have a chance of launching a MITM attack.")
259+
packets.append(packet)
253260

254261
if packet.haslayer(Ether):
255262
mac_src = packet[Ether].src
@@ -269,6 +276,7 @@ def hex_to_string(hex):
269276
print(Fore.WHITE + Style.BRIGHT + "[+] Detected DTP Frame")
270277
print(Fore.GREEN + Style.BRIGHT + "[*] Attack Impact: " + Fore.YELLOW + Style.BRIGHT + "VLAN Segmentation Bypass")
271278
print(Fore.GREEN + Style.BRIGHT + "[*] Tools: " + Fore.WHITE + Style.BRIGHT + "Yersinia, Scapy")
279+
packets.append(packet)
272280

273281
if packet.haslayer(Dot3):
274282
mac_src = packet[Dot3].src
@@ -290,6 +298,7 @@ def hex_to_string(hex):
290298
print(Fore.WHITE + Style.BRIGHT + "[+] Detected STP Frame")
291299
print(Fore.GREEN + Style.BRIGHT + "[*] Attack Impact: " + Fore.YELLOW + Style.BRIGHT + "Partial MITM")
292300
print(Fore.GREEN + Style.BRIGHT + "[*] Tools: " + Fore.WHITE + Style.BRIGHT + "Yersinia, Scapy")
301+
packets.append(packet)
293302

294303
if packet.haslayer(Ether):
295304
root_switch_mac = str(packet[STP].rootmac)
@@ -320,6 +329,7 @@ def hex_to_string(hex):
320329
print(Fore.GREEN + Style.BRIGHT + "[*] Platform: " + Fore.WHITE + Style.BRIGHT + platform)
321330
print(Fore.GREEN + Style.BRIGHT + "[*] Port ID: " + Fore.WHITE + Style.BRIGHT + port_id)
322331
print(Fore.GREEN + Style.BRIGHT + "[*] IP Address: " + Fore.WHITE + Style.BRIGHT + ip_address)
332+
packets.append(packet)
323333

324334
if packet.haslayer(Ether):
325335
mac_src = packet[Ether].src
@@ -340,6 +350,7 @@ def hex_to_string(hex):
340350
print(Fore.GREEN + Style.BRIGHT + "[*] Attack Impact: " + Fore.YELLOW + Style.BRIGHT + "Subnets Discovery, Blackhole, Evil Twin")
341351
print(Fore.GREEN + Style.BRIGHT + "[*] Tools: " + Fore.WHITE + Style.BRIGHT + "Loki, Scapy, FRRouting")
342352
print(Fore.GREEN + Style.BRIGHT + "[*] AS Number: " + Fore.WHITE + Style.BRIGHT + str(packet[EIGRP].asn))
353+
packets.append(packet)
343354

344355
if packet.haslayer(IP):
345356
print(Fore.GREEN + Style.BRIGHT + "[*] EIGRP Neighbor IP: " + Fore.WHITE + Style.BRIGHT + str(packet[IP].src))
@@ -375,6 +386,7 @@ def hex_to_string(hex):
375386
print(Fore.WHITE + Style.BRIGHT + "[+] Detected LLMNR Packet")
376387
print(Fore.GREEN + Style.BRIGHT + "[*] Attack Impact: " + Fore.YELLOW + Style.BRIGHT + "LLMNR Spoofing, Credentials Interception")
377388
print(Fore.GREEN + Style.BRIGHT + "[*] Tools: " + Fore.WHITE + Style.BRIGHT + "Responder")
389+
packets.append(packet)
378390

379391
try:
380392
llmnr_query_name = packet[LLMNRQuery].qd.qname.decode()
@@ -416,6 +428,7 @@ def hex_to_string(hex):
416428
print(Fore.WHITE + Style.BRIGHT + "[+] Detected NBT-NS Packet")
417429
print(Fore.GREEN + Style.BRIGHT + "[*] Attack Impact: " + Fore.YELLOW + Style.BRIGHT + "NBT-NS Spoofing, Credentials Interception")
418430
print(Fore.GREEN + Style.BRIGHT + "[*] Tools: " + Fore.WHITE + Style.BRIGHT + "Responder")
431+
packets.append(packet)
419432

420433
try:
421434
print(Fore.GREEN + Style.BRIGHT + "[*] NBT-NS Question Name: " + Fore.WHITE + Style.BRIGHT + str(packet[0]["NBNS registration request"].QUESTION_NAME.decode()))
@@ -450,6 +463,7 @@ def hex_to_string(hex):
450463
print(Fore.GREEN + Style.BRIGHT + "[*] Tools: " + Fore.WHITE + Style.BRIGHT + "Responder")
451464
print(Fore.YELLOW + Style.BRIGHT + "[*] MDNS Spoofing works specifically against Windows machines")
452465
print(Fore.YELLOW + Style.BRIGHT + "[*] You cannot get NetNTLMv2-SSP from Apple devices")
466+
packets.append(packet)
453467

454468
if packet.haslayer(IP):
455469
ip_src = packet[IP].src
@@ -474,6 +488,7 @@ def hex_to_string(hex):
474488
if packet.haslayer(EAPOL):
475489
print(Fore.WHITE + Style.BRIGHT + '-' * 50)
476490
print(Fore.WHITE + Style.BRIGHT + "[+] Detected EAPOL")
491+
packets.append(packet)
477492
if packet[EAPOL].version == 3:
478493
print (Fore.YELLOW + Style.BRIGHT + "[*] 802.1X Version: 2010")
479494
elif packet[EAPOL].version == 2:
@@ -485,6 +500,7 @@ def hex_to_string(hex):
485500

486501
# DHCP Discover
487502
if packet.haslayer(UDP) and packet[UDP].dport == 67 and packet.haslayer(DHCP):
503+
packets.append(packet)
488504
dhcp_options = packet[DHCP].options
489505
for option in dhcp_options:
490506
if option[0] == 'message-type' and option[1] == 1:
@@ -511,7 +527,7 @@ def hex_to_string(hex):
511527
0x11: "Membership Query", 0x12: "Version 1 - Membership Report",
512528
0x16: "Version 2 - Membership Report", 0x17: "Leave Group", 0x22: "Version 3 - Membership Report"
513529
}
514-
530+
packets.append(packet)
515531
igmp_type_description = igmp_types.get(igmp_type, "Unknown IGMP Type")
516532
print(Fore.WHITE + Style.BRIGHT + '-' * 50)
517533
print(Fore.WHITE + Style.BRIGHT + f"[+] Detected IGMP Packet: {igmp_type_description}")
@@ -534,6 +550,7 @@ def hex_to_string(hex):
534550
print(Fore.YELLOW + Style.BRIGHT + "[*] ICMPv6 RS messages are used by devices to locate routers")
535551
print(Fore.GREEN + Style.BRIGHT + "[*] IPv6 Source Address: " + Fore.WHITE + Style.BRIGHT + str(packet[IPv6].src))
536552
print(Fore.GREEN + Style.BRIGHT + "[*] Target of Solicitation: " + Fore.WHITE + Style.BRIGHT + "All Routers Multicast Address (typically ff02::2)")
553+
packets.append(packet)
537554

538555

539556
# LLDP
@@ -542,6 +559,7 @@ def hex_to_string(hex):
542559
print(Fore.WHITE + Style.BRIGHT + "[+] Detected LLDP Frame")
543560
print(Fore.GREEN + Style.BRIGHT + "[*] Attack Impact: " + Fore.YELLOW + Style.BRIGHT + "Information Gathering")
544561
print(Fore.GREEN + Style.BRIGHT + "[*] Tools: " + Fore.WHITE + Style.BRIGHT + "Wireshark")
562+
packets.append(packet)
545563

546564
hostname = packet[LLDPDUSystemName].system_name.decode() if packet.haslayer(LLDPDUSystemName) and isinstance(packet[LLDPDUSystemName].system_name, bytes) else packet[LLDPDUSystemName].system_name if packet.haslayer(LLDPDUSystemName) else "Not Found"
547565
os_version = packet[LLDPDUSystemDescription].description.decode() if packet.haslayer(LLDPDUSystemDescription) and isinstance(packet[LLDPDUSystemDescription].description, bytes) else packet[LLDPDUSystemDescription].description if packet.haslayer(LLDPDUSystemDescription) else "Not Found"
@@ -632,6 +650,7 @@ def hex_to_string(hex):
632650
print(Fore.GREEN + Style.BRIGHT + "[*] Attack Impact: " + Fore.YELLOW + Style.BRIGHT + "Potential for UPnP Device Exploitation, MITM")
633651
print(Fore.GREEN + Style.BRIGHT + "[*] Tools: " + Fore.WHITE + Style.BRIGHT + "evil-ssdp")
634652
print(Fore.YELLOW + Style.BRIGHT + "[*] Not every SSDP packet tells you that an attack is possible")
653+
packets.append(packet)
635654

636655
if packet.haslayer(IP):
637656
print(Fore.GREEN + Style.BRIGHT + "[*] SSDP Source IP: " + Fore.WHITE + Style.BRIGHT + str(packet[IP].src))
@@ -658,6 +677,7 @@ def hex_to_string(hex):
658677
print(Fore.GREEN + Style.BRIGHT + "[*] Transaction ID: " + Fore.WHITE + Style.BRIGHT + str(packet[ModbusADURequest].transId))
659678
print(Fore.GREEN + Style.BRIGHT + "[*] Protocol ID: " + Fore.WHITE + Style.BRIGHT + str(packet[ModbusADURequest].protoId))
660679
print(Fore.GREEN + Style.BRIGHT + "[*] Unit ID: " + Fore.WHITE + Style.BRIGHT + str(packet[ModbusADURequest].unitId))
680+
packets.append(packet)
661681

662682
if packet.haslayer(Ether):
663683
print(Fore.YELLOW + Style.BRIGHT + "[+] Source MAC: " + Fore.WHITE + Style.BRIGHT + packet[Ether].src)
@@ -676,6 +696,7 @@ def hex_to_string(hex):
676696
print(Fore.GREEN + Style.BRIGHT + "[*] Transaction ID: " + Fore.WHITE + Style.BRIGHT + str(packet[ModbusADUResponse].transId))
677697
print(Fore.GREEN + Style.BRIGHT + "[*] Protocol ID: " + Fore.WHITE + Style.BRIGHT + str(packet[ModbusADUResponse].protoId))
678698
print(Fore.GREEN + Style.BRIGHT + "[*] Unit ID: " + Fore.WHITE + Style.BRIGHT + str(packet[ModbusADUResponse].unitId))
699+
packets.append(packet)
679700

680701
if packet.haslayer(Ether):
681702
print(Fore.YELLOW + Style.BRIGHT + "[+] Source MAC: " + Fore.WHITE + Style.BRIGHT + packet[Ether].src)
@@ -692,6 +713,7 @@ def hex_to_string(hex):
692713
print(Fore.WHITE + Style.BRIGHT + '-' * 50)
693714
print(Fore.WHITE + Style.BRIGHT + "[+] Possible OMRON packet detection")
694715
print(Fore.YELLOW + Style.BRIGHT + "[!] SCADA device may have been detected")
716+
packets.append(packet)
695717
if packet.haslayer(Ether):
696718
print(Fore.YELLOW + Style.BRIGHT + "[+] Source MAC: " + Fore.WHITE + Style.BRIGHT + packet[Ether].src)
697719
print(Fore.YELLOW + Style.BRIGHT + "[+] Destination MAC: " + Fore.WHITE + Style.BRIGHT + packet[Ether].dst)
@@ -707,6 +729,7 @@ def hex_to_string(hex):
707729
print(Fore.WHITE + Style.BRIGHT + '-' * 50)
708730
print(Fore.WHITE + Style.BRIGHT + "[+] Possible S7COMM packet detection")
709731
print(Fore.YELLOW + Style.BRIGHT + "[!] SCADA device may have been detected")
732+
packets.append(packet)
710733
if packet.haslayer(Ether):
711734
print(Fore.YELLOW + Style.BRIGHT + "[+] Source MAC: " + Fore.WHITE + Style.BRIGHT + packet[Ether].src)
712735
print(Fore.YELLOW + Style.BRIGHT + "[+] Destination MAC: " + Fore.WHITE + Style.BRIGHT + packet[Ether].dst)
@@ -721,6 +744,7 @@ def hex_to_string(hex):
721744
if packet.haslayer(TacacsHeader):
722745
print(Fore.WHITE + Style.BRIGHT + '-' * 50)
723746
print(Fore.WHITE + Style.BRIGHT + "[+] Detected TACACS+ Packet")
747+
packets.append(packet)
724748
header = packet[TacacsHeader]
725749
print(Fore.GREEN + Style.BRIGHT + "[+] TACACS+ Type: " + Fore.WHITE + Style.BRIGHT + f"{header.type}")
726750
print(Fore.GREEN + Style.BRIGHT + "[+] TACACS+ Flags: " + Fore.WHITE + Style.BRIGHT + f"{header.flags}")
@@ -748,6 +772,7 @@ def hex_to_string(hex):
748772

749773
# RADIUS
750774
if packet.haslayer(Radius):
775+
packets.append(packet)
751776
radius_codes = {
752777
1: "Access-Request",
753778
2: "Access-Accept",
@@ -828,15 +853,13 @@ def hex_to_string(hex):
828853
# Mitigation
829854
print(Fore.CYAN + Style.BRIGHT + "[*] Mitigation: " + Fore.WHITE + Style.BRIGHT + "Use strong passwords, monitor unusual activities")
830855

831-
832-
833-
834856
# SNMP
835857
if packet.haslayer(UDP) and packet[UDP].dport == 161:
836858
print(Fore.WHITE + Style.BRIGHT + '-' * 50)
837859
print(Fore.WHITE + Style.BRIGHT + "[+] Detected SNMP Packet")
838860
print(Fore.GREEN + Style.BRIGHT + "[*] Attack Impact: " + Fore.YELLOW + Style.BRIGHT + "Information Gathering")
839861
print(Fore.GREEN + Style.BRIGHT + "[*] Tools: " + Fore.WHITE + Style.BRIGHT + "snmpwalk, snmpget, snmp_enum, onesixtyone")
862+
packets.append(packet)
840863

841864
if packet.haslayer(IP):
842865
ip_src = packet[IP].src

0 commit comments

Comments
 (0)