packetfu 1.1.11 → 1.1.12.pre

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 45346a86ccf70ceeb48ded267817e9395bb796d8
-  data.tar.gz: 92a9e7485b2d2089b9f4e4d0ee5ccdd00bea34a0
+  metadata.gz: 27fdb60e2d8cf9c2abe63361c024c6b6b4077c45
+  data.tar.gz: ddb6a367565f97de59c730d6e5141e85165407f4
 SHA512:
-  metadata.gz: 013e4765cf60749f3d12431446e7b8b82a63889cb60abbb5d6d2abc69b6dbc2812ffd768fd0ad5341b73d729ee3ae1a8620f6aa521c9579dc17be197767100a2
-  data.tar.gz: 7a0e1442c308792c79a00065852b13e91be050a68b981b02bc78f12db9d12955eb00b6f56be576228cbf4a8719f51e55e3f424916b7939b1ddb1f5eb47737351
+  metadata.gz: d063030465de3423c0b59295bd5ebd02d568d1832f7770965cb6825d29d645cfd6bc6ab43e40cb5871fb7b187507d3ba2a1415bc3d63b7b017287b39adfd5481
+  data.tar.gz: 445f37e0c272b179382396bd2307fa24e6214fd0ae8cdb34d65cbcdef3fd05562a927239bea0f4aeaf6d79d34386827d4c2489604b9261b35422eb376ba6937b

data/.gitignore

@@ -1,7 +1,9 @@
 *.gem
 doc/
+.yardoc/
 pkg/
 test/*test.pcap
 Gemfile.lock
 .ruby-gemset*
-.ruby-version*
+.ruby-version*
+coverage

data/.rspec

@@ -0,0 +1,2 @@
+--colour
+--format documentation

data/.travis.yml

@@ -2,7 +2,6 @@ language: ruby
 before_install:
  - sudo apt-get install libpcap-dev -qq
 rvm:
-  - 1.9.3
-  - 2.0.0
   - 2.1.6
-  - 2.2.2
+  - 2.2.3
+  - 2.3.0

data/README.md

@@ -0,0 +1,127 @@
+# PacketFu
+
+[![Build Status](https://secure.travis-ci.org/packetfu/packetfu.png)](http://travis-ci.org/packetfu/packetfu)
+[![Code Climate](https://codeclimate.com/github/packetfu/packetfu.png)](https://codeclimate.com/github/packetfu/packetfu)
+[![Coverage Status](https://coveralls.io/repos/github/packetfu/packetfu/badge.svg?branch=master)](https://coveralls.io/github/packetfu/packetfu?branch=master)
+
+A library for reading and writing packets to an interface or to a
+libpcap-formatted file.
+
+It is maintained [here](https://github.com/packetfu/packetfu).
+
+## Setup
+
+To install the gem, type
+
+```bash
+gem install packetfu
+```
+
+To install from source, type
+
+```bash
+gem install bundler
+git clone https://github.com/packetfu/packetfu.git
+cd packetfu
+bundle install
+```
+
+## Quick Start
+
+The best way to test your installation is by using [packetfu-shell](https://github.com/packetfu/packetfu/blob/master/examples/packetfu-shell.rb), like so
+
+```bash
+$ rvmsudo ruby examples/packetfu-shell.rb
+ _______  _______  _______  _        _______ _________ _______
+(  ____ )(  ___  )(  ____ \| \    /\(  ____ \\__   __/(  ____ \|\     /|
+| (    )|| (   ) || (    \/|  \  / /| (    \/   ) (   | (    \/| )   ( |
+| (____)|| (___) || |      |  (_/ / | (__       | |   | (__    | |   | |
+|  _____)|  ___  || |      |   _ (  |  __)      | |   |  __)   | |   | |
+| (      | (   ) || |      |  ( \ \ | (         | |   | (      | |   | |
+| )      | )   ( || (____/\|  /  \ \| (____/\   | |   | )      | (___) |
+|/       |/     \|(_______/|_/    \/(_______/   )_(   |/       (_______)
+ ____________________________              ____________________________
+(                            )            (                            )
+| 01000001 00101101 01001000 )( )( )( )( )( 00101101 01000001 00100001 |
+|                            )( )( )( )( )(                            |
+(____________________________)            (____________________________)
+                               PacketFu
+             a mid-level packet manipulation library for ruby
+
+>>> PacketFu Shell 1.1.12.
+>>> Use $packetfu_default.config for salient networking details.
+IP:  192.168.0.100   Mac: ac:bc:32:85:47:3f   Gateway: ec:08:6b:62:bc:d2
+Net: 192.168.0.0                              Iface:   en0
+>>> Packet capturing/injecting enabled.
+<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
+2.3.0 :001 >
+```
+
+Once you're a this point, you're in an IRB (aka: [REPL](https://en.wikipedia.org/wiki/Read%E2%80%93eval%E2%80%93print_loop)) interface when you can start creating and injection packets with PacketFu.
+
+Here's an example of creating a TCPPacket and sending it out on the wire:
+
+```
+2.3.0 :002 > packet = TCPPacket.new(:config => Utils.whoami?)
+ => --EthHeader-------------------------------------------
+  eth_dst      ec:08:6b:62:bc:d2 PacketFu::EthMac     
+  eth_src      ac:bc:32:85:47:3f PacketFu::EthMac     
+  eth_proto    0x0800            StructFu::Int16      
+--IPHeader--------------------------------------------
+  ip_v         4                 Fixnum               
+  ip_hl        5                 Fixnum               
+  ip_tos       0                 StructFu::Int8       
+  ip_len       20                StructFu::Int16      
+  ip_id        0x77e4            StructFu::Int16      
+  ip_frag      0                 StructFu::Int16      
+  ip_ttl       32                StructFu::Int8       
+  ip_proto     6                 StructFu::Int8       
+  ip_sum       0xffff            StructFu::Int16      
+  ip_src       192.168.0.100     PacketFu::Octets     
+  ip_dst       0.0.0.0           PacketFu::Octets     
+--TCPHeader-------------------------------------------
+  tcp_src      42653             StructFu::Int16      
+  tcp_dst      0                 StructFu::Int16      
+  tcp_seq      0x8d65fbbf        StructFu::Int32      
+  tcp_ack      0x00000000        StructFu::Int32      
+  tcp_hlen     5                 PacketFu::TcpHlen    
+  tcp_reserved 0                 PacketFu::TcpReserved
+  tcp_ecn      0                 PacketFu::TcpEcn     
+  tcp_flags    ......            PacketFu::TcpFlags   
+  tcp_win      16384             StructFu::Int16      
+  tcp_sum      0x7f29            StructFu::Int16      
+  tcp_urg      0                 StructFu::Int16      
+  tcp_opts                       PacketFu::TcpOptions
+
+2.3.0 :003 > packet.ip_dst = "8.8.8.8"
+ => "8.8.8.8"
+2.3.0 :004 > packet.tcp_dst = 53
+ => 53
+2.3.0 :005 > packet.to_w
+ => [1, 1, 54]
+```
+
+## Documentation
+
+PacketFu is yard-compatible (as well as sdoc/rdoc, if you prefer). You
+can generate local documentation easily with either `yard doc .` or
+`sdoc`, and view doc/index.html with your favored browser. Once that's
+done, navigate at the top, and read up on how to create a Packet or
+Capture from an interface with show_live or whatever.
+
+## Supported Rubies
+
+This project is integrated with travis-ci and is regularly tested to work with the following rubies:
+
+- 2.1.6
+- 2.2.3
+- 2.3.0
+
+To checkout the current build status for these rubies, click [here](https://travis-ci.org/packetfu/packetfu).
+
+## Author
+
+PacketFu is maintained primarily by Tod Beardsley todb@packetfu.com and
+Jonathan Claudius claudijd@yahoo.com, with help from Open Source Land.
+
+See [LICENSE](https://github.com/packetfu/packetfu/blob/master/LICENSE.txt) for licensing details.

data/examples/100kpackets.rb

@@ -3,10 +3,14 @@
 
 # Used mainly to test for memory leaks and to demo the preferred ways of
 # reading and writing packets to and from pcap files.
-require './examples' # For path setting slight-of-hand
+
+# Usage:
+# ruby examples/100kpackets.rb 
+
+# Path setting slight of hand:
+$: << File.expand_path("../../lib", __FILE__)
 require 'packetfu'
 
-include PacketFu
 puts "Generating packets... (#{Time.now.utc})"
 
 File.unlink("/tmp/out.pcap") if File.exists? "/tmp/out.pcap"
@@ -15,14 +19,14 @@ count = 0
 
 100.times do
   @pcaps = []
-  1000.times do 
-    u = UDPPacket.new
+  1000.times do
+    u = PacketFu::UDPPacket.new
     u.ip_src = [rand(2**32-1)].pack("N")
     u.ip_dst = [rand(2**32-1)].pack("N")
     u.recalc
     @pcaps << u
   end
-  pfile = PcapFile.new
+  pfile = PacketFu::PcapFile.new
   res = pfile.array_to_file(:filename => "/tmp/out.pcap", :array => @pcaps, :append => true)
   count += res.last
   puts "Wrote #{count} packets in #{Time.now.utc - start_time} seconds"
@@ -30,13 +34,10 @@ end
 
 read_bytes_start = Time.now.utc
 puts "Reading packet bytes..."
-packet_bytes = PcapFile.read_packet_bytes "/tmp/out.pcap"
+packet_bytes = PacketFu::PcapFile.read_packet_bytes "/tmp/out.pcap"
 puts "Read #{packet_bytes.size} packet byte blobs in #{Time.now.utc - read_bytes_start} seconds."
 
 read_packets_start = Time.now.utc
 puts "Reading packets..."
-packet_bytes = PcapFile.read_packets "/tmp/out.pcap"
+packet_bytes = PacketFu::PcapFile.read_packets "/tmp/out.pcap"
 puts "Read #{packet_bytes.size} parsed packets in #{Time.now.utc - read_packets_start} seconds."
-
-
-

data/examples/ackscan.rb

@@ -1,6 +1,10 @@
 #!/usr/bin/env ruby
 # -*- coding: binary -*-
+
+# Path setting slight of hand:
+$: << File.expand_path("../../lib", __FILE__)
 require 'packetfu'
+
 # Portscanning!
 # Run this on one machine
 #cap = Capture.new(:iface=>'wlan0') # or whatever your interface is
@@ -36,4 +40,3 @@ def gen_packets
 end
 
 do_scan
-

data/examples/arp.rb

@@ -5,7 +5,8 @@
 # (and a wee bit cleaner) is already available as Packet::Utils::arp, since knowing the
 # MAC address of a target IP turns out to be pretty useful day-to-day.
 
-require './examples' # For path setting slight-of-hand
+# Path setting slight of hand:
+$: << File.expand_path("../../lib", __FILE__)
 require 'packetfu'
 
 def usage
@@ -30,12 +31,12 @@ def arp(target_ip)
   arp_pkt.arp_daddr_mac = "00:00:00:00:00:00"
 
   arp_pkt.arp_saddr_ip = $packetfu_default[:ip_saddr]
-  arp_pkt.arp_daddr_ip = target_ip 
+  arp_pkt.arp_daddr_ip = target_ip
 
   # Stick the Capture object in its own thread.
 
   cap_thread = Thread.new do
-    cap = PacketFu::Capture.new(:start => true, 
+    cap = PacketFu::Capture.new(:start => true,
                                 :filter => "arp src #{target_ip} and ether dst #{arp_pkt.eth_saddr}")
     arp_pkt.to_w # Shorthand for sending single packets to the default interface.
     target_mac = nil
@@ -57,5 +58,3 @@ def arp(target_ip)
 end
 
 arp(target_ip)
-
-

data/examples/arphood.rb

@@ -2,9 +2,11 @@
 # -*- coding: binary -*-
 
 # A simple local network fingerprinter. Uses the OUI list.
-# Usage: rvmsudo ./arphood.rb [iface] [network] <oui.txt>
+# Usage:
+# rvmsudo examples/arphood.rb [iface] [network] <oui.txt>
 
-require './examples'
+# Path setting slight of hand:
+$: << File.expand_path("../../lib", __FILE__)
 require 'packetfu'
 require 'open-uri'
 
@@ -39,7 +41,7 @@ def arp_everyone
   253.times do |i|
     threads[i] = Thread.new do
       this_host = network + ".#{i+1}"
-      print "." 
+      print "."
       colon_mac = PacketFu::Utils.arp(this_host,my_net.config)
       unless colon_mac.nil?
         hyphen_mac = colon_mac.tr(':','-').upcase[0,8]
@@ -58,4 +60,3 @@ if $root_ok
   sleep 3
   $arp_results.sort.each {|a| puts a unless a =~ /NOTHERE/}
 end
-

data/examples/dissect_thinger.rb

@@ -1,18 +1,21 @@
 #!/usr/bin/env ruby
 # -*- coding: binary -*-
 # This just allows you to eyeball the dissection stuff to make sure it's all right.
-# Some day, there will be a proper test for it.
 
-fname = ARGV[0] || "../test/sample.pcap"
+# Usage:
+# ruby examples/ethernet.rb
+
+# Path setting slight of hand:
+$: << File.expand_path("../../lib", __FILE__)
+require 'packetfu'
+include PacketFu
+
+fname = ARGV[0] || "test/sample.pcap"
 sleep_interval = ARGV[1] || 1
 
-require File.join("..","lib","packetfu")
 puts "Loaded: PacketFu v#{PacketFu.version}"
-# $: << File.join(File.expand_path(File.dirname(__FILE__)),"..","lib")
-
-include PacketFu
 
-packets = PcapFile.file_to_array fname
+packets = PacketFu::PcapFile.file_to_array fname
 packets.each do |packet|
   puts "_" * 75
   puts packet.inspect

data/examples/ethernet.rb

@@ -1,11 +1,16 @@
 # -*- coding: binary -*-
 
-require './examples' # For path setting slight-of-hand
+# Usage:
+# ruby examples/ethernet.rb
+
+# Path setting slight of hand:
+$: << File.expand_path("../../lib", __FILE__)
 require 'packetfu'
 
 eth_pkt = PacketFu::EthPacket.new
 eth_pkt.eth_saddr="01:02:03:04:05:06"
 eth_pkt.eth_daddr="0a:0b:0c:0d:0e:0f"
 eth_pkt.payload="I'm a lonely little eth packet with no real protocol information to speak of."
-puts eth_pkt.to_f('/tmp/e.pcap').inspect
-
+eth_pkt.recalc
+puts eth_pkt.inspect
+puts eth_pkt.to_f('/tmp/ethernet.pcap').inspect

data/examples/ids.rb

@@ -1,4 +1,22 @@
-require 'packetfu' # Line 1, require PacketFu.
-cap = PacketFu::Capture.new(:iface => ARGV[0], :start => true, :filter => "ip") # Line 2, set up the capture object.
-loop {cap.stream.each {|pkt| packet = PacketFu::Packet.parse(pkt) # Line 3, loop the capture forever, parsing packets.
-p "#{Time.now}: %s slammed %s" % [packet.ip_saddr, packet.ip_daddr] if packet.payload =~ /^\x04\x01{50}/ }} # Line 4, profit! I mean, alert!
+#!/usr/bin/env ruby
+# -*- coding: binary -*-
+
+# Usage:
+# rvmsudo ruby examples/idsv2.rb
+
+# Path setting slight of hand:
+$: << File.expand_path("../../lib", __FILE__)
+require 'packetfu'
+
+iface = ARGV[0] || PacketFu::Utils.default_int
+
+cap = PacketFu::Capture.new(:iface => iface, :start => true, :filter => "ip")
+
+loop do
+  cap.stream.each do |pkt|
+    packet = PacketFu::Packet.parse(pkt)
+    if packet.payload =~ /^\x04\x01{50}/
+      p "#{Time.now}: %s slammed %s" % [packet.ip_saddr, packet.ip_daddr]
+    end
+  end
+end

data/examples/idsv2.rb

@@ -1,6 +1,25 @@
-require 'packetfu' # Line 0, require PacketFu for an IDS in 6 lines or less!
-cap = PacketFu::Capture.new(:iface => ARGV[0], :start => true, :filter => "ip") # Line 1, set up the capture object.
-attack_patterns = ["^gotcha", "owned!*$", "^\x04[^\x00]{50}"] # Line 2, define your attack patterns.
-loop {cap.stream.each {|pkt| packet = PacketFu::Packet.parse(pkt) # Line 3, loop the capture forever, parsing packets.
- attack_patterns.each {|sig| hit = packet.payload.scan(/#{sig}/i) || nil # Line 4, test the packet for a match against one of the attacks.
- puts "#{Time.now}: %s attacked %s [%s]" % [packet.ip_saddr, packet.ip_daddr, sig.inspect] unless hit.size.zero? }}} # Line 5, profit! I mean, alert!
+#!/usr/bin/env ruby
+# -*- coding: binary -*-
+
+# Usage:
+# rvmsudo ruby examples/idsv2.rb
+
+# Path setting slight of hand:
+$: << File.expand_path("../../lib", __FILE__)
+require 'packetfu'
+
+iface = ARGV[0] || PacketFu::Utils.default_int
+
+cap = PacketFu::Capture.new(:iface => iface, :start => true, :filter => "ip")
+
+attack_patterns = ["^gotcha", "owned!*$", "^\x04[^\x00]{50}"]
+
+loop do
+  cap.stream.each do |pkt|
+    packet = PacketFu::Packet.parse(pkt)
+    attack_patterns.each do |sig|
+      hit = packet.payload.scan(/#{sig}/i) || nil
+      puts "#{Time.now}: %s attacked %s [%s]" % [packet.ip_saddr, packet.ip_daddr, sig.inspect] unless hit.size.zero?
+    end
+  end
+end

data/examples/ifconfig.rb

@@ -1,9 +1,12 @@
 # -*- coding: binary -*-
-$:.unshift(File.expand_path(File.dirname(__FILE__) + "/../lib/"))
+# Usage:
+# ruby examples/ifconfig.rb
+
+# Path setting slight of hand:
+$: << File.expand_path("../../lib", __FILE__)
 require 'packetfu'
 
-# ifconfig for Darwin
-iface = ARGV[0] || 'en1'
+iface = ARGV[0] || PacketFu::Utils.default_int
 config = PacketFu::Utils.ifconfig(iface)
 print "#{RUBY_PLATFORM} => "
 p config

data/examples/new-simple-stats.rb

@@ -9,7 +9,11 @@
 # every 11 seconds (my own benchmark) for this script, at least
 # it doesn't hog up all your memory.
 
-require './examples' # For path setting slight-of-hand
+# Usage:
+# ruby examples/new-simple-stats.rb test/sample.pcap
+
+# Path setting slight of hand:
+$: << File.expand_path("../../lib", __FILE__)
 require 'packetfu'
 
 def print_results(stats)
@@ -46,8 +50,3 @@ if File.readable?(infile = (ARGV[0] || 'in.pcap'))
 else
   raise RuntimeError, "Need an infile, like so: #{$0} in.pcap"
 end
-
-
-
-
-

data/examples/packetfu-shell.rb

@@ -1,52 +1,13 @@
 # -*- coding: binary -*-
-# == Synopsis
-#
-# packetfu-shell.rb is intended for IRB consumption, and providing an
-# interactive interface for PacketFu experimentation.
-#
-# == Usage
-#
-#   irb -r packetfu-shell.rb
-# or
-#   sudo irb -r packetfu-shell.rb
-#
-# If run as root, packet capturing/injecting is available, which includes
-# access to Utils.whoami?
-#
-# Once loaded, the PacketFu module is mixed in, and Utils commands are
-# aliased to the PacketFu module proper. Sessions look something like
-# this:
-#
-# == Example
-#
-#  irb(main):001:0> pkt = TCPPacket.new
-#  => 00 1a c5 00 00 00 00 1a c5 00 00 00 08 00 45 00   ..............E.
-#  00 28 62 9d 00 00 ff 06 59 33 00 00 00 00 00 00   .(b.....Y3......
-#  00 00 d4 fb 00 00 18 c6 32 86 00 00 00 00 50 00   ........2.....P.
-#  40 00 4f 9d 00 00                                 @.O...
-#  irb(main):002:0> pkt.payload="I am totally up in your stack, twiddling your bits."
-#  => "I am totally up in your stack, twiddling your bits."
-#  irb(main):003:0> pkt.ip_saddr="1.2.3.4"
-#  => "1.2.3.4"
-#  irb(main):004:0> pkt.tcp_sport=13013
-#  => 13013
-#  irb(main):005:0> pkt.tcp_dport=808
-#  => 808
-#  irb(main):006:0> pkt.recalc
-#  => {"eth_src"=>{"oui"=>{"local"=>0, "oui"=>6853, "b0"=>0, "b1"=>0, "b2"=>0, "multicast"=>0, "b3"=>0, "b4"=>0, "b5"=>0}, "nic"=>{"n1"=>0, "n2"=>0, "n3"=>0}}, "body"=>{"ip_tos"=>0, "ip_src"=>{"o1"=>1, "o2"=>2, "o3"=>3, "o4"=>4}, "body"=>{"tcp_ecn"=>{"c"=>0, "n"=>0, "e"=>0}, "tcp_dst"=>808, "tcp_win"=>16384, "body"=>"I am totally up in your stack, twiddling your bits.", "tcp_flags"=>{"fin"=>0, "psh"=>0, "syn"=>0, "rst"=>0, "ack"=>0, "urg"=>0}, "tcp_hlen"=>5, "tcp_ack"=>0, "tcp_urg"=>0, "tcp_seq"=>415642246, "tcp_sum"=>51184, "tcp_reserved"=>0, "tcp_opts"=>"", "tcp_src"=>13013}, "ip_dst"=>{"o1"=>0, "o2"=>0, "o3"=>0, "o4"=>0}, "ip_frag"=>0, "ip_proto"=>6, "ip_hl"=>5, "ip_len"=>91, "ip_sum"=>21754, "ip_id"=>25245, "ip_v"=>4, "ip_ttl"=>255}, "eth_proto"=>2048, "eth_dst"=>{"oui"=>{"local"=>0, "oui"=>6853, "b0"=>0, "b1"=>0, "b2"=>0, "multicast"=>0, "b3"=>0, "b4"=>0, "b5"=>0}, "nic"=>{"n1"=>0, "n2"=>0, "n3"=>0}}}
-#  irb(main):007:0> pkt.to_f('/tmp/tcp-example.pcap')
-#  => ["/tmp/tcp-example.pcap", 145, 1, 1220048597, 1]
-#  irb(main):008:0> puts pkt.inspect_hex(2)
-#  32 d5 03 28 7c 50 1f 01 00 00 00 00 50 00 40 00   2..(|P......P.@.
-#  77 eb 00 00 49 20 61 6d 20 74 6f 74 61 6c 6c 79   w...I am totally
-#  20 75 70 20 69 6e 20 79 6f 75 72 20 73 74 61 63    up in your stac
-#  6b 2c 20 74 77 69 64 64 6c 69 6e 67 20 79 6f 75   k, twiddling you
-#  72 20 62 69 74 73 2e                              r bits.
-#  => nil
 
-$: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
-require './examples'
+# Usage:
+# rvmsudo ruby examples/packetfu-shell.rb
+
+# Path setting slight of hand:
+$: << File.expand_path("../../lib", __FILE__)
+
 require 'packetfu'
+require 'irb'
 
 module PacketFu
   def whoami?(args={})
@@ -65,7 +26,7 @@ include PacketFu
 #
 def packetfu_ascii_art
   puts <<EOM
- _______  _______  _______  _        _______ _________ _______          
+ _______  _______  _______  _        _______ _________ _______
 (  ____ )(  ___  )(  ____ \\| \\    /\\(  ____ \\\\__   __/(  ____ \\|\\     /|
 | (    )|| (   ) || (    \\/|  \\  / /| (    \\/   ) (   | (    \\/| )   ( |
 | (____)|| (___) || |      |  (_/ / | (__       | |   | (__    | |   | |
@@ -94,7 +55,7 @@ def banner
     print "IP:  %-15s Mac: %s" % [$packetfu_default.ip_saddr, $packetfu_default.eth_saddr]
     puts "   Gateway: %s" % $packetfu_default.eth_daddr
     print "Net: %-15s" % [Pcap.lookupnet($packetfu_default.iface)][0]
-    print "  " * 13 
+    print "  " * 13
     puts "Iface:   %s" % [($packetfu_default.iface)]
     puts ">>> Packet capturing/injecting enabled."
   else
@@ -112,3 +73,5 @@ rescue RuntimeError
 end
 
 banner
+
+IRB.start