packetfu 1.1.10 → 1.1.11

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 45346a86ccf70ceeb48ded267817e9395bb796d8
+  data.tar.gz: 92a9e7485b2d2089b9f4e4d0ee5ccdd00bea34a0
+SHA512:
+  metadata.gz: 013e4765cf60749f3d12431446e7b8b82a63889cb60abbb5d6d2abc69b6dbc2812ffd768fd0ad5341b73d729ee3ae1a8620f6aa521c9579dc17be197767100a2
+  data.tar.gz: 7a0e1442c308792c79a00065852b13e91be050a68b981b02bc78f12db9d12955eb00b6f56be576228cbf4a8719f51e55e3f424916b7939b1ddb1f5eb47737351

data.tar.gz.sig

@@ -0,0 +1,2 @@
+�zt����N@l
+<����)��;Q����4O9_цy�

data/.gitignore

@@ -2,3 +2,6 @@
 doc/
 pkg/
 test/*test.pcap
+Gemfile.lock
+.ruby-gemset*
+.ruby-version*

data/.travis.yml

@@ -0,0 +1,8 @@
+language: ruby
+before_install:
+ - sudo apt-get install libpcap-dev -qq
+rvm:
+  - 1.9.3
+  - 2.0.0
+  - 2.1.6
+  - 2.2.2

data/CONTRIBUTING.md

@@ -0,0 +1,47 @@
+# Contributing to PacketFu 
+
+Thanks for your interest in contributing to PacketFu.
+
+If you could follow the following guidelines, you will make it much easier for 
+us to give feedback, help you find whatever problem you have and fix it.
+
+## Issues
+
+If you have questions of any kind, or are unsure of how something works, please
+[create an issue](https://github.com/packetfu/packetfu/issues/new).
+
+Please try to answer the following questions in your issue:
+
+- What did you do?
+- What did you expect to happen?
+- What happened instead?
+
+If you have identified a bug, it would be very helpful if you could include a 
+way to replicate the bug.  Ideally a failing test would be perfect, but even a 
+simple script demonstrating the error would suffice.
+
+Feature requests are great and if submitted they will be considered for 
+inclusion, but sending a pull request is much more awesome.
+
+## Pull Requests
+
+If you want your pull requests to be accepted, please follow the following guidelines:
+
+- [**Add tests!**](http://rspec.info/) Your patch won't be accepted (or will be delayed) if it doesn't have tests.
+
+- [**Document any change in behaviour**](http://yardoc.org/) Make sure the README and any other
+  relevant documentation are kept up-to-date.
+
+- [**Create topic branches**](https://github.com/dchelimsky/rspec/wiki/Topic-Branches) Don't ask us to pull from your master branch.
+
+- [**One pull request per feature**](https://help.github.com/articles/using-pull-requests) If you want to do more than one thing, send
+  multiple pull requests.
+
+- [**Send coherent history**](http://stackoverflow.com/questions/6934752/git-combining-multiple-commits-before-pushing) Make sure each individual commit in your pull
+  request is meaningful. If you had to make multiple intermediate commits while
+  developing, please squash them before sending them to us.
+
+- [**Follow coding conventions**](https://github.com/styleguide/ruby) The standard Ruby stuff, two spaces indent,
+  don't omit parens unless you have a good reason.
+
+Thank you so much for contributing!

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in packetfu.gemspec
+gemspec

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2008-2012, Tod Beardsley
+Copyright (c) 2008-2014, Tod Beardsley
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

data/README.rdoc

@@ -1,59 +1,64 @@
 = PacketFu
 
-A library for reading and writing packets to an interface or to a libpcap-formatted file.
+{<img src="https://travis-ci.org/packetfu/packetfu.svg?branch=master" alt="Build Status" />}[https://travis-ci.org/packetfu/packetfu]
+{<img src="https://codeclimate.com/github/packetfu/packetfu.png" />}[https://codeclimate.com/github/packetfu/packetfu]
 
-It is maintained at http://code.google.com/p/packetfu and https://github.com/todb/packetfu (which repository will win?)
+A library for reading and writing packets to an interface or to a
+libpcap-formatted file.
+
+It is maintained at https://github.com/packetfu/packetfu .
 
 == Documentation
 
-PacketFu is rdoc-compatible, which means it's sdoc compatible. In the same directory as this file, run "sdoc" by itself (gem install sdoc), and then view doc/index.html with your favored browser. Once that's done, navigate at the top, and read up on how to create a Packet or Capture from an interface with show_live or whatever.
+PacketFu is yard-compatible (as well as sdoc/rdoc, if you prefer). You
+can generate local documentation easily with either `yard doc .` or
+`sdoc`, and view doc/index.html with your favored browser. Once that's
+done, navigate at the top, and read up on how to create a Packet or
+Capture from an interface with show_live or whatever.
 
 == Requirements
 
-PcapRub: 
+PcapRub:
 
 $ rvm gem install pcaprub
 
-Marshall Beddoe's PcapRub is required only for packet reading and writing from a network interfaces (which is a pretty big only). PcapRub itself relies on libpcap 0.9.8 or later for packet injection. PcapRub also requires root privileges to access the interface directly. 
+Marshall Beddoe's PcapRub is required only for packet reading and
+writing from a network interfaces (which is a pretty big only). PcapRub
+itself relies on libpcap 0.9.8 or later for packet injection. PcapRub
+also requires root privileges to access the interface directly.
 
 === Platforms
 
-I tend to test with the following (with bash):
-
-    date > /tmp/tests.txt; for i in default 1.8.6-p420 1.8.7-p334 1.9.1-p431 1.9.2-p180 1.9.3-head
-    do rvm use $i >> /tmp/tests.txt
-    echo Testing with $i
-    echo $i >> /tmp/tests.txt; echo +++++++++++++++++++++++ >> /tmp/tests.txt
-    rvmsudo ./all_tests.rb >> /tmp/tests.txt; rspec . >> /tmp/tests.txt
-    done
-
-==== Problem Platforms
-
-* 1.8.6-p420 -- Has problems with pcaprub and capture/inject. Technically, these are pcaprub problems and not PacketFu problems, but PacketFu should at least fail better at them.
+Given the security issues with older Rubies and the long-past [EOL for
+1.8.x](http://www.ruby-lang.org/en/news/2011/10/06/plans-for-1-8-7/),
+PacketFu is rather stuck on very recent versions of 1.9.3 (as of this
+moment, the version to trust is 1.9.3-p484).
 
-* 1.9.1-p431 -- Has problems with loading gems in general, see http://redmine.ruby-lang.org/issues/2404
+==== 1.8.x
 
-* 2.0.0-p0   -- Has problems with binary encoding of strings that do not manifest in 1.9.x See https://github.com/todb/packetfu/issues/28
+EOL, no longer supported in any sense. PacketFu may or may not work.
 
+==== 1.9.x
 
+1.9.3-p484.
 
-==== Passing Platforms
-
-* 1.9.1-p378
-* 1.8.7-p334
-* 1.9.2-p180 (suggested version)
-* 1.9.3-head
-
-
+==== 2.x
 
+Not yet vetted. I don't believe there's anything exciting in these
+platforms, but there has been no attempt yet to perform formal testing.
+I know, I'm behind the times.
 
 == Examples
 
-PacketFu ships with dozens and dozens of tests, built on Test::Unit. These should give good pointers on how you're expected to use it. See the /tests directory. Furthermore, PacketFu also ships with packetfu-shell.rb, which should be run via IRB (as root, if you intend to use your interfaces).
+PacketFu ships with dozens and dozens of tests, built on Test::Unit.
+These should give good pointers on how you're expected to use it. See
+the /tests directory. Furthermore, PacketFu also ships with
+packetfu-shell.rb, which should be run via IRB (as root, if you intend
+to use your interfaces).
 
 == Author
 
-PacketFu is maintained primarily by Tod Beardsley todb@planb-security.net, with help from Open Source Land.
+PacketFu is maintained primarily by Tod Beardsley todb@packetfu.com and
+Jonathan Claudius claudijd@yahoo.com, with help from Open Source Land.
 
 See LICENSE for licensing details.
-

data/Rakefile

@@ -1,11 +1,11 @@
 
 begin
-	require 'rspec/core/rake_task'
+  require 'rspec/core/rake_task'
 rescue LoadError
-	$stderr.puts "rspec not available, so can't set up spec tasks."
+  $stderr.puts "rspec not available, so can't set up spec tasks."
 else
-	RSpec::Core::RakeTask.new
+  RSpec::Core::RakeTask.new
 
-	task :default => :spec
+  task :default => :spec
 end
 

data/bench/octets.rb

@@ -8,15 +8,15 @@ IPV4_STR = "1.2.3.4"
 
 iters = 50_000
 Benchmark.bm do |bm|
-	bm.report("Octets.new.read(...)         ") {iters.times {PacketFu::Octets.new.read(IPV4_RAW)}}
-	bm.report("Octets.new.read_quad(...)    ") {iters.times {PacketFu::Octets.new.read_quad(IPV4_STR)}}
+  bm.report("Octets.new.read(...)         ") {iters.times {PacketFu::Octets.new.read(IPV4_RAW)}}
+  bm.report("Octets.new.read_quad(...)    ") {iters.times {PacketFu::Octets.new.read_quad(IPV4_STR)}}
 
-	octets = PacketFu::Octets.new
-	bm.report("octets#read(...)             ") {iters.times {octets.read(IPV4_RAW)}}
-	bm.report("octets#read_quad(...)        ") {iters.times {octets.read_quad(IPV4_STR)}}
+  octets = PacketFu::Octets.new
+  bm.report("octets#read(...)             ") {iters.times {octets.read(IPV4_RAW)}}
+  bm.report("octets#read_quad(...)        ") {iters.times {octets.read_quad(IPV4_STR)}}
 
-	octets.read(IPV4_RAW)
-	bm.report("octets#to_x()                ") {iters.times {octets.to_x}}
-	bm.report("octets#to_i()                ") {iters.times {octets.to_i}}
-	bm.report("octets#to_s()                ") {iters.times {octets.to_s}}
+  octets.read(IPV4_RAW)
+  bm.report("octets#to_x()                ") {iters.times {octets.to_x}}
+  bm.report("octets#to_i()                ") {iters.times {octets.to_i}}
+  bm.report("octets#to_s()                ") {iters.times {octets.to_s}}
 end

data/examples/100kpackets.rb

@@ -14,18 +14,18 @@ start_time = Time.now.utc
 count = 0
 
 100.times do
-	@pcaps = []
-	1000.times do 
-		u = UDPPacket.new
-		u.ip_src = [rand(2**32-1)].pack("N")
-		u.ip_dst = [rand(2**32-1)].pack("N")
-		u.recalc
-		@pcaps << u
-	end
-	pfile = PcapFile.new
-	res = pfile.array_to_file(:filename => "/tmp/out.pcap", :array => @pcaps, :append => true)
-	count += res.last
-	puts "Wrote #{count} packets in #{Time.now.utc - start_time} seconds"
+  @pcaps = []
+  1000.times do 
+    u = UDPPacket.new
+    u.ip_src = [rand(2**32-1)].pack("N")
+    u.ip_dst = [rand(2**32-1)].pack("N")
+    u.recalc
+    @pcaps << u
+  end
+  pfile = PcapFile.new
+  res = pfile.array_to_file(:filename => "/tmp/out.pcap", :array => @pcaps, :append => true)
+  count += res.last
+  puts "Wrote #{count} packets in #{Time.now.utc - start_time} seconds"
 end
 
 read_bytes_start = Time.now.utc

data/examples/ackscan.rb

@@ -10,25 +10,25 @@ require 'packetfu'
 #cap = Capture.new(:iface=>'wlan0') # or whatever your interface is
 # Run this on the third
 def do_scan
-	puts "Generating packets..."
-	pkt_array = gen_packets.sort_by {rand}
-	puts "Dumping them on the wire..."
-	inj = PacketFu::Inject.new(:iface => ARGV[0])
-	inj.array_to_wire(:array=>pkt_array)
-	puts "Done!"
+  puts "Generating packets..."
+  pkt_array = gen_packets.sort_by {rand}
+  puts "Dumping them on the wire..."
+  inj = PacketFu::Inject.new(:iface => ARGV[0])
+  inj.array_to_wire(:array=>pkt_array)
+  puts "Done!"
 end
 
 def gen_packets
-	config = PacketFu::Utils.whoami?(:iface=>ARGV[0])
-	pkt = PacketFu::TCPPacket.new(:config=>config, :flavor=>"Windows")
-	pkt.payload ="all I wanna do is ACK ACK ACK and a RST and take your money"
-	pkt.ip_daddr="209.85.165.0"	# One of Google's networks
-	pkt.tcp_flags.ack=1
-	pkt.tcp_dst=81
-	pkt_array = []
-	256.times do |i|
-	 pkt.ip_dst.o4=i
-	 pkt.tcp_src = rand(5000 - 1025) + 1025
+  config = PacketFu::Utils.whoami?(:iface=>ARGV[0])
+  pkt = PacketFu::TCPPacket.new(:config=>config, :flavor=>"Windows")
+  pkt.payload ="all I wanna do is ACK ACK ACK and a RST and take your money"
+  pkt.ip_daddr="209.85.165.0"	# One of Google's networks
+  pkt.tcp_flags.ack=1
+  pkt.tcp_dst=81
+  pkt_array = []
+  256.times do |i|
+   pkt.ip_dst.o4=i
+   pkt.tcp_src = rand(5000 - 1025) + 1025
  	 pkt.recalc
  	 pkt_array << pkt.to_s
  	end

data/examples/arp.rb

@@ -9,11 +9,11 @@ require './examples' # For path setting slight-of-hand
 require 'packetfu'
 
 def usage
-	if ARGV[0].nil?
-		raise ArgumentError, "You need an IP address to start with."
-	elsif !Process.euid.zero?
-		raise SecurityError, "You need to be root to run this."
-	end
+  if ARGV[0].nil?
+    raise ArgumentError, "You need an IP address to start with."
+  elsif !Process.euid.zero?
+    raise SecurityError, "You need to be root to run this."
+  end
 end
 
 usage unless target_ip = ARGV[0]		# Need a target IP.
@@ -24,36 +24,36 @@ $packetfu_default = PacketFu::Config.new(PacketFu::Utils.whoami?).config
 
 def arp(target_ip)
 
-	arp_pkt = PacketFu::ARPPacket.new(:flavor => "Windows")
-	arp_pkt.eth_saddr = arp_pkt.arp_saddr_mac = $packetfu_default[:eth_saddr]
-	arp_pkt.eth_daddr = "ff:ff:ff:ff:ff:ff"
-	arp_pkt.arp_daddr_mac = "00:00:00:00:00:00"
-
-	arp_pkt.arp_saddr_ip = $packetfu_default[:ip_saddr]
-	arp_pkt.arp_daddr_ip = target_ip 
-
-	# Stick the Capture object in its own thread.
-
-	cap_thread = Thread.new do
-		cap = PacketFu::Capture.new(:start => true, 
-																:filter => "arp src #{target_ip} and ether dst #{arp_pkt.eth_saddr}")
-		arp_pkt.to_w # Shorthand for sending single packets to the default interface.
-		target_mac = nil
-		while target_mac.nil?
-			if cap.save > 0
-				arp_response = PacketFu::Packet.parse(cap.array[0])
-				target_mac = arp_response.arp_saddr_mac if arp_response.arp_saddr_ip = target_ip
-			end
-			sleep 0.1 # Check for a response ten times per second.
-		end
-		puts "#{target_ip} is-at #{target_mac}"
-		# That's all we need.
-		exit 0
-	end
-
-	# Timeout for cap_thread
-	sleep 3; puts "Oh noes! Couldn't get an arp out of #{target_ip}. Maybe it's not here."
-	exit 1
+  arp_pkt = PacketFu::ARPPacket.new(:flavor => "Windows")
+  arp_pkt.eth_saddr = arp_pkt.arp_saddr_mac = $packetfu_default[:eth_saddr]
+  arp_pkt.eth_daddr = "ff:ff:ff:ff:ff:ff"
+  arp_pkt.arp_daddr_mac = "00:00:00:00:00:00"
+
+  arp_pkt.arp_saddr_ip = $packetfu_default[:ip_saddr]
+  arp_pkt.arp_daddr_ip = target_ip 
+
+  # Stick the Capture object in its own thread.
+
+  cap_thread = Thread.new do
+    cap = PacketFu::Capture.new(:start => true, 
+                                :filter => "arp src #{target_ip} and ether dst #{arp_pkt.eth_saddr}")
+    arp_pkt.to_w # Shorthand for sending single packets to the default interface.
+    target_mac = nil
+    while target_mac.nil?
+      if cap.save > 0
+        arp_response = PacketFu::Packet.parse(cap.array[0])
+        target_mac = arp_response.arp_saddr_mac if arp_response.arp_saddr_ip = target_ip
+      end
+      sleep 0.1 # Check for a response ten times per second.
+    end
+    puts "#{target_ip} is-at #{target_mac}"
+    # That's all we need.
+    exit 0
+  end
+
+  # Timeout for cap_thread
+  sleep 3; puts "Oh noes! Couldn't get an arp out of #{target_ip}. Maybe it's not here."
+  exit 1
 end
 
 arp(target_ip)

data/examples/arphood.rb

@@ -11,20 +11,20 @@ require 'open-uri'
 $oui_prefixes = {}
 $arp_results = []
 def build_oui_list
-	if ARGV[2].nil?
-		puts "Fetching the oui.txt from IEEE, it'll be a second. Avoid this with #{$0} [iface] [network] <filename>."
-	oui_file = open("http://standards.ieee.org/regauth/oui/oui.txt")
-	else
-	oui_file =	File.open(ARGV[2], "rb")
-	end
-	oui_file.each do |oui_line|
-		maybe_oui = oui_line.scan(/^[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}/i)[0]
-		unless maybe_oui.nil?
-			oui_value = maybe_oui
-			oui_vendor = oui_line.split(/\(hex\)\s*/n)[1] || "PRIVATE"
-			$oui_prefixes[oui_value] = oui_vendor.chomp
-		end
-	end
+  if ARGV[2].nil?
+    puts "Fetching the oui.txt from IEEE, it'll be a second. Avoid this with #{$0} [iface] [network] <filename>."
+  oui_file = open("http://standards.ieee.org/regauth/oui/oui.txt")
+  else
+  oui_file =	File.open(ARGV[2], "rb")
+  end
+  oui_file.each do |oui_line|
+    maybe_oui = oui_line.scan(/^[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}/i)[0]
+    unless maybe_oui.nil?
+      oui_value = maybe_oui
+      oui_vendor = oui_line.split(/\(hex\)\s*/n)[1] || "PRIVATE"
+      $oui_prefixes[oui_value] = oui_vendor.chomp
+    end
+  end
 end
 
 build_oui_list
@@ -32,30 +32,30 @@ build_oui_list
 $root_ok = true if Process.euid.zero?
 
 def arp_everyone
-	my_net = PacketFu::Config.new(PacketFu::Utils.whoami?(:iface =>(ARGV[0] || 'wlan0')))
-	threads = []
-	network = ARGV[1] || "192.168.2"
-	print "Arping around..."
-	253.times do |i|
-		threads[i] = Thread.new do
-			this_host = network + ".#{i+1}"
-			print "." 
-			colon_mac = PacketFu::Utils.arp(this_host,my_net.config)
-			unless colon_mac.nil?
-				hyphen_mac = colon_mac.tr(':','-').upcase[0,8]
-			else
-				hyphen_mac = colon_mac = "NOTHERE"
-			end
-			$arp_results <<  "%s : %s / %s" % [this_host,colon_mac,$oui_prefixes[hyphen_mac]]
-		end
-	end
-	threads.each {|thr| thr.join}
+  my_net = PacketFu::Config.new(PacketFu::Utils.whoami?(:iface =>(ARGV[0] || 'wlan0')))
+  threads = []
+  network = ARGV[1] || "192.168.2"
+  print "Arping around..."
+  253.times do |i|
+    threads[i] = Thread.new do
+      this_host = network + ".#{i+1}"
+      print "." 
+      colon_mac = PacketFu::Utils.arp(this_host,my_net.config)
+      unless colon_mac.nil?
+        hyphen_mac = colon_mac.tr(':','-').upcase[0,8]
+      else
+        hyphen_mac = colon_mac = "NOTHERE"
+      end
+      $arp_results <<  "%s : %s / %s" % [this_host,colon_mac,$oui_prefixes[hyphen_mac]]
+    end
+  end
+  threads.each {|thr| thr.join}
 end
 
 if $root_ok
-	arp_everyone
-	puts "\n"
-	sleep 3
-	$arp_results.sort.each {|a| puts a unless a =~ /NOTHERE/}
+  arp_everyone
+  puts "\n"
+  sleep 3
+  $arp_results.sort.each {|a| puts a unless a =~ /NOTHERE/}
 end