packetfu 1.1.1 → 1.1.2

data/{README → README.rdoc}

@@ -33,9 +33,9 @@ I tend to test with the following (with bash):
 
 ==== Passing Platforms
 
-* 1.9.1-p378 -- my favorite and my best
+* 1.9.1-p378
 * 1.8.7-p334
-* 1.9.2-p180
+* 1.9.2-p180 (suggested version)
 * 1.9.3-head
 
 ==== Problem Platforms

metadata

@@ -1,8 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: packetfu
 version: !ruby/object:Gem::Version 
-  prerelease: 
-  version: 1.1.1
+  hash: 23
+  prerelease: false
+  segments: 
+  - 1
+  - 1
+  - 2
+  version: 1.1.2
 platform: ruby
 authors: 
 - Tod Beardsley
@@ -10,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-06-16 00:00:00 -05:00
+date: 2011-10-01 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -21,9 +26,46 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 63
+        segments: 
+        - 0
+        - 9
+        - 2
         version: 0.9.2
   type: :development
   version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 19
+        segments: 
+        - 2
+        - 6
+        - 2
+        version: 2.6.2
+  type: :development
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: sdoc
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 23
+        segments: 
+        - 0
+        - 2
+        - 0
+        version: 0.2.0
+  type: :development
+  version_requirements: *id003
 description: PacketFu is a mid-level packet manipulation library for Ruby. With it, users can read, parse, and write network packets with the level of ease and fun they expect from Ruby. Note that this gem does not automatically require pcaprub, since users may install pcaprub through non-gem means.
 email: todb@planb-security.net
 executables: []
@@ -31,80 +73,11 @@ executables: []
 extensions: []
 
 extra_rdoc_files: 
-- README
 - .document
+- README.rdoc
 files: 
-- lib/packetfu.rb
-- lib/packetfu/version.rb
-- lib/packetfu/structfu.rb
-- lib/packetfu/capture.rb
-- lib/packetfu/pcap.rb
-- lib/packetfu/config.rb
-- lib/packetfu/inject.rb
-- lib/packetfu/protos/tcp.rb
-- lib/packetfu/protos/eth.rb
-- lib/packetfu/protos/ipv6.rb
-- lib/packetfu/protos/udp.rb
-- lib/packetfu/protos/arp.rb
-- lib/packetfu/protos/ip.rb
-- lib/packetfu/protos/invalid.rb
-- lib/packetfu/protos/icmp.rb
-- lib/packetfu/protos/hsrp.rb
-- lib/packetfu/utils.rb
-- lib/packetfu/packet.rb
-- INSTALL
-- LICENSE
-- README
 - .document
-- test/test_octets.rb
-- test/test_icmp.rb
-- test/udp_test.pcap
-- test/sample2.pcap
-- test/sample.pcap
-- test/test_ip6.rb
-- test/all_tests.rb
-- test/test_invalid.rb
-- test/packetfu_spec.rb
-- test/test_packet.rb
-- test/test_pcap.rb
-- test/icmp_test.pcap
-- test/test_udp.rb
-- test/sample_hsrp_pcapr.cap
-- test/tcp_spec.rb
-- test/test_tcp.rb
-- test/tcp_test.pcap
-- test/test_arp.rb
-- test/arp_test.pcap
-- test/test_inject.rb
-- test/test_eth.rb
-- test/ethpacket_spec.rb
-- test/packet_spec.rb
-- test/vlan-pcapr.cap
-- test/sample-ipv6.pcap
-- test/test_hsrp.rb
-- test/test_structfu.rb
-- test/ptest.rb
-- test/ip_test.pcap
-- test/eth_test.pcap
-- test/test_ip.rb
-- test/structfu_spec.rb
-- test/packet_subclasses_spec.rb
-- examples/oui.txt
-- examples/uniqpcap.rb
-- examples/dissect_thinger.rb
-- examples/examples.rb
-- examples/simple-stats.rb
-- examples/arphood.rb
-- examples/simple-sniffer.rb
-- examples/ethernet.rb
-- examples/arp.rb
-- examples/slammer.rb
-- examples/packetfu-shell.rb
-- examples/idsv2.rb
-- examples/ackscan.rb
-- examples/ids.rb
-- examples/new-simple-stats.rb
-- examples/100kpackets.rb
+- README.rdoc
 has_rdoc: true
 homepage: https://github.com/todb/packetfu
 licenses: 
@@ -119,34 +92,25 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
       version: "0"
-requirements: 
-- sdoc, for generating local documentation
-- rspec, v2.6.2 or later, for testing
-- pcaprub v0.9.2 or later, for packet capture/inject
+requirements: []
+
 rubyforge_project: packetfu
-rubygems_version: 1.6.2
+rubygems_version: 1.3.7
 signing_key: 
 specification_version: 3
 summary: PacketFu is a mid-level packet manipulation library.
-test_files: 
-- test/test_octets.rb
-- test/test_icmp.rb
-- test/test_ip6.rb
-- test/test_invalid.rb
-- test/test_packet.rb
-- test/test_pcap.rb
-- test/test_udp.rb
-- test/test_tcp.rb
-- test/test_arp.rb
-- test/test_inject.rb
-- test/test_eth.rb
-- test/test_hsrp.rb
-- test/test_structfu.rb
-- test/test_ip.rb
+test_files: []
+

data/INSTALL

@@ -1,40 +0,0 @@
-== INSTALL
-
-Installation is pretty straightforward -- it's a gem now!
-
-$ rvm gem install packetfu
-
-Not using rvm? For shame! Get it now, it will make your life 100x better.
-
-$ links http://rvm.beginrescueend.com/
-
-If you are installing from a source checkout, just run (as root / rvmsudo):
-
-$ rvmsudo ./setup.rb
-$ sudo ruby ./setup.rb # If not on rvm, and seriously what is wrong with you?
-
-== Testing
-
-The easiest way to test the installation is to run PacketFu via
-irb, using the example shell in the "examples" directory:
-
-% sudo irb -r packetfu-shell.rb
-
-After the banner, you should see something like:
-
->>> Use $packetfu_default.config for salient networking details.
-IP:  192.168.1.100   Mac: 00:1d:e0:54:2f:7e   Gateway: 00:03:2f:32:a5:3c
-Net: 192.168.1.0                              Iface:   wlan0
->>> Packet capturing/injecting enabled.
-<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
-
-If not, then Something Went Wrong. It's most likely that you have either
-an older or broken version of pcaprub (try installing the version provided
-with Metasploit), or you have a very, very old version of libpcap (version
-0.9.4 is the oldest tested version, and there's really no reason to not
-be at least on 1.0.0).
-
-== Complaints
-
-If things don't work out, please contact todb@planb-security.net, and I'll
-try to get you all sorted out.

data/LICENSE

@@ -1,28 +0,0 @@
-== LICENSE
-
-Copyright (c) 2008-2011, Tod Beardsley
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-    * Redistributions of source code must retain the above copyright
-      notice, this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above copyright
-      notice, this list of conditions and the following disclaimer in the
-      documentation and/or other materials provided with the distribution.
-    * Neither the name of Tod Beardsley nor the
-      names of its contributors may be used to endorse or promote products
-      derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY TOD BEARDSLEY ''AS IS'' AND ANY
-EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL TOD BEARDSLEY BE LIABLE FOR ANY
-DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-

data/examples/100kpackets.rb

@@ -1,41 +0,0 @@
-#!/usr/bin/env ruby
-
-# Used mainly to test for memory leaks and to demo the preferred ways of
-# reading and writing packets to and from pcap files.
-require './examples' # For path setting slight-of-hand
-require 'packetfu'
-
-include PacketFu
-puts "Generating packets... (#{Time.now.utc})"
-
-File.unlink("/tmp/out.pcap") if File.exists? "/tmp/out.pcap"
-start_time = Time.now.utc
-count = 0
-
-100.times do
-	@pcaps = []
-	1000.times do 
-		u = UDPPacket.new
-		u.ip_src = [rand(2**32-1)].pack("N")
-		u.ip_dst = [rand(2**32-1)].pack("N")
-		u.recalc
-		@pcaps << u
-	end
-	pfile = PcapFile.new
-	res = pfile.array_to_file(:filename => "/tmp/out.pcap", :array => @pcaps, :append => true)
-	count += res.last
-	puts "Wrote #{count} packets in #{Time.now.utc - start_time} seconds"
-end
-
-read_bytes_start = Time.now.utc
-puts "Reading packet bytes..."
-packet_bytes = PcapFile.read_packet_bytes "/tmp/out.pcap"
-puts "Read #{packet_bytes.size} packet byte blobs in #{Time.now.utc - read_bytes_start} seconds."
-
-read_packets_start = Time.now.utc
-puts "Reading packets..."
-packet_bytes = PcapFile.read_packets "/tmp/out.pcap"
-puts "Read #{packet_bytes.size} parsed packets in #{Time.now.utc - read_packets_start} seconds."
-
-
-

data/examples/ackscan.rb

@@ -1,38 +0,0 @@
-#!/usr/bin/env ruby
-require 'packetfu'
-# Portscanning!
-# Run this on one machine
-#cap = Capture.new(:iface=>'wlan0') # or whatever your interface is
-#cap.show_live(:filter => 'src net 209.85.165')
-# Run this on another:
-#cap = Capture.new(:iface=>'wlan0') # or whatever your interface is
-#cap = Capture.new(:iface=>'wlan0') # or whatever your interface is
-# Run this on the third
-def do_scan
-	puts "Generating packets..."
-	pkt_array = gen_packets.sort_by {rand}
-	puts "Dumping them on the wire..."
-	inj = PacketFu::Inject.new(:iface => ARGV[0])
-	inj.array_to_wire(:array=>pkt_array)
-	puts "Done!"
-end
-
-def gen_packets
-	config = PacketFu::Utils.whoami?(:iface=>ARGV[0])
-	pkt = PacketFu::TCPPacket.new(:config=>config, :flavor=>"Windows")
-	pkt.payload ="all I wanna do is ACK ACK ACK and a RST and take your money"
-	pkt.ip_daddr="209.85.165.0"	# One of Google's networks
-	pkt.tcp_flags.ack=1
-	pkt.tcp_dst=81
-	pkt_array = []
-	256.times do |i|
-	 pkt.ip_dst.o4=i
-	 pkt.tcp_src = rand(5000 - 1025) + 1025
- 	 pkt.recalc
- 	 pkt_array << pkt.to_s
- 	end
- 	pkt_array
-end
-
-do_scan
-

data/examples/arp.rb

@@ -1,60 +0,0 @@
-# This is a somewhat contrived and verbose demonstration of how to implement ARP manually.
-#
-# It's contrived because this is really how PacketFu::Utils got born; something similiar
-# (and a wee bit cleaner) is already available as Packet::Utils::arp, since knowing the
-# MAC address of a target IP turns out to be pretty useful day-to-day.
-
-require 'examples' # For path setting slight-of-hand
-require 'packetfu'
-
-def usage
-	if ARGV[0].nil?
-		raise ArgumentError, "You need an IP address to start with."
-	elsif !Process.euid.zero?
-		raise SecurityError, "You need to be root to run this."
-	end
-end
-
-usage unless target_ip = ARGV[0]		# Need a target IP.
-usage unless Process.euid.zero?			# Need to be root.
-IPAddr.new(target_ip)								# Check to see it's really an IP address, and not a herring or something.
-
-$packetfu_default = PacketFu::Config.new(PacketFu::Utils.whoami?).config
-
-def arp(target_ip)
-
-	arp_pkt = PacketFu::ARPPacket.new(:flavor => "Windows")
-	arp_pkt.eth_saddr = arp_pkt.arp_saddr_mac = $packetfu_default[:eth_saddr]
-	arp_pkt.eth_daddr = "ff:ff:ff:ff:ff:ff"
-	arp_pkt.arp_daddr_mac = "00:00:00:00:00:00"
-
-	arp_pkt.arp_saddr_ip = $packetfu_default[:ip_saddr]
-	arp_pkt.arp_daddr_ip = target_ip 
-
-	# Stick the Capture object in its own thread.
-
-	cap_thread = Thread.new do
-		cap = PacketFu::Capture.new(:start => true, 
-																:filter => "arp src #{target_ip} and ether dst #{arp_pkt.eth_saddr}")
-		arp_pkt.to_w # Shorthand for sending single packets to the default interface.
-		target_mac = nil
-		while target_mac.nil?
-			if cap.save > 0
-				arp_response = PacketFu::Packet.parse(cap.array[0])
-				target_mac = arp_response.arp_saddr_mac if arp_response.arp_saddr_ip = target_ip
-			end
-			sleep 0.1 # Check for a response ten times per second.
-		end
-		puts "#{target_ip} is-at #{target_mac}"
-		# That's all we need.
-		exit 0
-	end
-
-	# Timeout for cap_thread
-	sleep 3; puts "Oh noes! Couldn't get an arp out of #{target_ip}. Maybe it's not here."
-	exit 1
-end
-
-arp(target_ip)
-
-

data/examples/arphood.rb

@@ -1,59 +0,0 @@
-#!/usr/bin/env ruby
-
-# A simple local network fingerprinter. Uses the OUI list.
-
-require 'examples'
-require 'packetfu'
-require 'open-uri'
-
-$oui_prefixes = {}
-$arp_results = []
-def build_oui_list
-	if ARGV[0].nil?
-		puts "Fetching the oui.txt from IEEE, it'll be a second. Avoid this with #{$0} <filename>."
-	oui_file = open("http://standards.ieee.org/regauth/oui/oui.txt")
-	else
-	oui_file =	File.open(ARGV[0], "rb")
-	end
-	oui_file.each do |oui_line|
-		maybe_oui = oui_line.scan(/^[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}/i)[0]
-		unless maybe_oui.nil?
-			oui_value = maybe_oui
-			oui_vendor = oui_line.split(/\(hex\)\s*/n)[1] || "PRIVATE"
-			$oui_prefixes[oui_value] = oui_vendor.chomp
-		end
-	end
-end
-
-build_oui_list
-
-$root_ok = true if Process.euid.zero?
-
-def arp_everyone
-	my_net = PacketFu::Config.new(PacketFu::Utils.whoami?(:iface => 'wlan0'))
-	threads = []
-	network = "192.168.2"
-	print "Arping around..."
-	253.times do |i|
-		threads[i] = Thread.new do
-			this_host = network + ".#{i+1}"
-			print "." 
-			colon_mac = PacketFu::Utils.arp(this_host,my_net.config)
-			unless colon_mac.nil?
-				hyphen_mac = colon_mac.tr(':','-').upcase[0,8]
-			else
-				hyphen_mac = colon_mac = "NOTHERE"
-			end
-			$arp_results <<  "%s : %s / %s" % [this_host,colon_mac,$oui_prefixes[hyphen_mac]]
-		end
-	end
-	threads.join
-end
-
-if $root_ok
-	arp_everyone
-	puts "\n"
-	sleep 3
-	$arp_results.sort.each {|a| puts a unless a =~ /NOTHERE/}
-end
-