phaethon/kamene


Network packet and pcap file crafting/sniffing/manipulation/visualization security tool. Originally forked from scapy in 2015 and providing python3 compatibility since then.

License: GPL-2.0

Language: Python

Keywords: network-scanner, packet-crafting, pcap, python3, scapy, security, sniff


kamene (formerly known as "scapy for python3" or scapy3k)

General

Follow @pkt_kamene for recent news. Original documentation updated for kamene

News

We underwent naming transition (of github repo, pip package name, and python package name), which will be followed by new functionality. More updates to follow.

Kamene is included in the Network Security Toolkit Release 28. It used to be included in NST since Release 22 under former name.

History

This is a fork of scapy (http://www.secdev.org) originally developed to implement python3 compatibility. It has been used in production on python3 since 2015 (while secdev/scapy implemented python3 compatibility in 2018). The fork was renamed to kamene in 2018 to reduce any confusion.

These features were first implemented in kamene and some of them might have been reimplemented in scapy by now:

  • replaced PyCrypto with cryptography.io (thanks to @ThomasFaivre)
  • Windows support without a need for libdnet
  • option to return Networkx graphs instead of image, e.g. for conversations
  • replaced gnuplot with Matplotlib
  • Reading PCAP Next Generation (PCAPNG) files (please, add issues on GitHub for block types and options, which need support. Currently, reading packets only from Enhanced Packet Block)
  • new command tdecode to call tshark decoding on one packet and display results, this is handy for interactive work and debugging
  • python3 support

Installation

Install with python3 setup.py install from source tree (get it with git clone https://github.com/phaethon/kamene.git) or pip3 install kamene for latest published version.

On all OS except Linux libpcap should be installed for sending and receiving packets (not python modules - just C libraries) or winpcap driver on Windows. On some OS and configurations installing libdnet may improve experience (for MacOS: brew install libdnet). On Windows libdnet is not required. On some less common configurations netifaces may improve experience.

Usage

Use bytes() (not str()) when converting packet to bytes. Most arguments expect bytes value instead of strvalue except the ones, which are naturally suited for human input (e.g. domain name).*

You can use kamene running kamene command or by importing kamene as library from interactive python shell (python or ipython) or code. Simple example that you can try from interactive shell:

from kamene.all import *
p = IP(dst = 'www.somesite.ex') / TCP(dport = 80) / Raw(b'Some raw bytes')
# to see packet content as bytes use bytes(p) not str(p)
sr1(p)

Notice 'www.somesite.ex' as a string, and b'Some raw bytes' as bytes. Domain name is normal human input, thus it is string, raw packet content is byte data. Once you start using, it will seem easier than it looks.

Use ls() to list all supported layers. Use lsc() to list all commands.

Currently, works on Linux, Darwin, Unix and co. Using python 3.4+ on Ubuntu, MacOS, FreeBSD, Windows 10 for testing.

Compatible with scapy-http module

Reading huge pcap file

rdpcap reads whole pcap file into memory. If you need to process huge file and perform some operation per packet or calculate some statistics, you can use PcapReader with iterator interface.

with PcapReader('filename.pcap') as pcap_reader:
  for pkt in pcap_reader:
    #do something with the packet

Project Statistics

Sourcerank 10
Repository Size 2.51 MB
Stars 776
Forks 180
Watchers 51
Open issues 72
Dependencies 0
Contributors 41
Tags 22
Created
Last updated
Last pushed

Top Contributors See all

Eriks Dobelis tpltnt Ronald Henderson Bioh4z4rd Thomas Blazek johnthagen James Gries belboj Nils Weiss Pekka Pietikäinen sysengkm gaosen richard-kinder desbma jimbojd72 jessicaspencer A Yaroslav Brustinov Andrew Juha Kivekäs

Packages Referencing this Repo

scapy-python3
Packet crafting/sending/sniffing, PCAP processing tool, based on scapy with python3 compatibility
Latest release 0.26 - Updated - 776 stars
kamene
Packet crafting/sending/sniffing, PCAP processing tool, originally forked from scapy
Latest release 0.32 - Updated - 776 stars
scapy3k
Scapy packet manipulation tool (see www.secdev.org for original) py3k compatibility fork
Latest release 0.7 - Updated - 776 stars

Recent Tags See all

v0.32 May 28, 2018
v0.25 May 28, 2018
v0.31 May 26, 2018
v0.24 May 26, 2018
v0.23 November 23, 2017
v0.22 November 10, 2017
v0.21 May 30, 2017
v0.21 May 30, 2017
v0.20 April 03, 2017
0.19 November 30, 2016
v0.18 November 25, 2015
v0.17 November 25, 2015
v0.16 November 12, 2015
v0.15 November 12, 2015
v0.13 June 27, 2015

Something wrong with this page? Make a suggestion

Last synced: 2018-05-28 21:56:36 UTC

Login to resync this repository