''' termspy.py : sniff packets from interface en0/eth0 using python module scapy (2.3.1) And send port number to nerves pi (WS server port 8081) v0.1b By Sam Neurohack LICENCE : BY NC scapy filter like : -f 'tcp' ''' import log print("") log.infog("Termspy") log.infog("v0.1b") print("Loading...") from time import sleep import types import random from scapy.all import * import traceback import websocket try: import thread except ImportError: import _thread as thread counter = 0 serverIP = "192.168.2.189" #serverIP = "127.0.0.1" wsPORT = 8081 import argparse parser = argparse.ArgumentParser(description="A Scanner Interface Darkly") parser.add_argument("-i","--interface", help="interface to scan") parser.add_argument("-f","--filter",help="tcpdump filter") parser.add_argument("-epi","--ephemeralportmin",help="ephemeral port min to exclude (32768 by default), set to 65536 to include all ports",type=int) parser.add_argument("-epa","--ephemeralportmax",help="ephemeral port max to exclude (61000 by default)",type=int) parser.add_argument("-d","--debug",action="store_true",default="True",help="Debug output") args = parser.parse_args() debug = args.debug print('Debug mode :', debug) if args.ephemeralportmin: ephemeralportmin = args.ephemeralportmin else: ephemeralportmin = 32768 if args.ephemeralportmax: ephemeralportmax = args.ephemeralportmax else: ephemeralportmax = 61000 if args.filter: filters = args.filter else: filters = None print('Filter :',filters) if args.interface == None: if platform == 'darwin': ifn='en0' else: ifn='eth0' else: iface = args.interface print("Running on interface :", ifn) def sendled(zzzport): # zzzport ws.send('/termspy '+str(zzzport)) def print_summary(pkt): if IP in pkt: ip_src=pkt[IP].src ip_dst=pkt[IP].dst if TCP in pkt: tcp_sport=pkt[TCP].sport tcp_dport=pkt[TCP].dport if tcp_sport < 50000: #print(" IP src " + str(ip_src) + " TCP sport " + str(tcp_sport)) sendled(tcp_sport) if tcp_dport < 50000: #print(" IP dst " + str(ip_dst) + " TCP dport " + str(tcp_dport)) sendled(tcp_dport) if UDP in pkt: udp_sport=pkt[UDP].sport udp_dport=pkt[UDP].dport if udp_sport < 50000: #print(" IP src " + str(ip_src) + " UDP sport " + str(udp_sport)) sendled(udp_sport) if udp_dport < 50000: #print(" IP dst " + str(ip_dst) + " UDP dport " + str(udp_dport)) sendled(udp_dport) if ARP in pkt and pkt[ARP].op in (1,2): print("ARP") sendled(67) def handle_error(self,request,client_address): # All callbacks pass def on_message(ws, message): print(message) def on_error(ws, error): print(error) def on_close(ws): print("### closed ###") def run(*args): try: if filters != None: print('with filters', filters) sniff(iface=ifn, prn=print_summary, store=0, filter= filters) else: print('without filter') sniff(iface=ifn, prn=print_summary, store=0) except Exception: traceback.print_exc() finally: ws.close() print("Termspy WS terminating...") def on_open(ws): print("WS connection opened") thread.start_new_thread(run, ()) if __name__ == "__main__": try: print("Connecting to WS server...") websocket.enableTrace(True) ws = websocket.WebSocketApp("ws://"+str(serverIP)+":"+str(wsPORT), on_message = on_message, on_error = on_error, on_close = on_close) ws.on_open = on_open ws.run_forever() except Exception: traceback.print_exc() finally: #ws.close() print("Termspy terminating...")