Best Python code snippet using avocado_python
ipv6fp.py
Source:ipv6fp.py
1#!/usr/bin/env python2################################################################################3# #4# IPv6 OS detection test suite #5# #6# #7# Luis MartinGarcia #8# {luis.mgarc@gmail.com} #9# #10################################################################################11import getopt12import sys13from scapy.all import *14import warnings15import time16import signal17from struct import *18from socket import *19#############################20# DEFAULT HEADER PARAMETERS #21#############################22# IP version 623IPv6_DEFAULT_HOP_LIMIT=12824IPv6_DEFAULT_TRAFFIC_CLASS=025IPv6_DEFAULT_FLOW_LABEL=0x1234526# ICMP version 627ICMPv6_DEFAULT_TYPE=128 # Cannot be changed28ICMPv6_DEFAULT_CODE=029ICMPv6_DEFAULT_IDENTIFIER=0xABCD30ICMPv6_DEFAULT_SEQUENCE=0x012331# IP version 432IPv4_DEFAULT_TTL=12833IPv4_DEFAULT_TOS=034IPv4_DEFAULT_ID=0xABCD35IPv4_DEFAULT_FRAGOFF=036IPv4_DEFAULT_FLAGS=037# ICMP version 438ICMPv4_DEFAULT_TYPE=8 # Echo request39ICMPv4_DEFAULT_CODE=040ICMPv4_DEFAULT_IDENTIFIER=0xDDEE41ICMPv4_DEFAULT_SEQUENCE=0x987642# TCP43TCP_DEFAULT_SPORT=2044TCP_DEFAULT_DPORT=8045TCP_DEFAULT_SEQ=0x1234567846TCP_DEFAULT_ACK=0x0047TCP_DEFAULT_WIN=409648TCP_DEFAULT_FLAGS='S'49TCP_DEFAULT_URG=0x0050#UDP51UDP_DEFAULT_SPORT=5352UDP_DEFAULT_DPORT=5353UDP_PORT_53_PAYLOAD="\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00"54# Payloads55ASCII_PAYLOAD_16="0123456789ABCDEF"56ASCII_PAYLOAD_32="0123456789ABCDEF"*257ASCII_PAYLOAD_64="0123456789ABCDEF"*458ASCII_PAYLOAD_128="0123456789ABCDEF"*859ASCII_PAYLOAD_256="0123456789ABCDEF"*1660ASCII_PAYLOAD_512="0123456789ABCDEF"*3261ASCII_PAYLOAD_1024="0123456789ABCDEF"*6462ASCII_PAYLOAD_2048="0123456789ABCDEF"*12863# Miscellaneous64DEFAULT_OPEN_PORT_IN_TARGET=8065DEFAULT_CLOSED_PORT_IN_TARGET=999966NUM_SEQ_SAMPLES=667DEFAULT_INTERPACKET_DELAY=068DEFAULT_CAPTURE_TIMEOUT=269####################70# GLOBAL VARIABLES #71####################72# Target host73target_host6_g=None74target_host4_g=None75# Simple list of test numbers (0, 1, 2, ... , N)76test6_ids=list()77test4_ids=list()78# List of test textual descriptions79test6_descriptions=list()80test4_descriptions=list()81# List of test probes82test6_packets=list()83test4_packets=list()84# List of test results85test6_replies=list()86test4_replies=list()87# Final result vector88result_vector6=list()89result_vector4=list()90# Offsets for the TCP source port of some probes (current Nmap OS detection probes)91source_port_g=4862192# Open and closed ports93open_port_g=None94closed_port_g=None95# Some fixed values for TCP Seq and TCP Ack96tcpSeqBase=0x5f2ecb2397tcpAck=0xbc2efd0a98# ICMP Sequence Number99icmp_seq_g=0100# Test range101first_test_g=0102last_test_g=99999103# Send & receive parameters104capture_timeout_g=DEFAULT_CAPTURE_TIMEOUT105packet_retries_g=2106interface_g=None107inter_test_delay_g=1 # Time between each test (in seconds)108inter_packet_delay_g=DEFAULT_INTERPACKET_DELAY # Time between each packet (for tests that consist of more than one)109target_mac_addr_g=None110source_ipv6_addr_g=None111source_ipv4_addr_g=None112send_eth_g=None113# Misc114debug_g=False115start_time_g=None116output_data=[]117output_file_name_g="nmap6fp"+str(random.random())[2:-4]+".6fp"118result_report_email_g="david+luis@nmap.org"119target_os_details_g=None120do_connectivity_test_g=True121interactive_mode_g=False122#################################123# DEFAULT PACKET "CONSTRUCTORS" #124#################################125# Generic IPv6 datagram126def build_default_ipv6(target):127 pkt=IPv6()128 pkt.hlim=IPv6_DEFAULT_HOP_LIMIT129 pkt.tc=IPv6_DEFAULT_TRAFFIC_CLASS130 pkt.fl=IPv6_DEFAULT_FLOW_LABEL131 pkt.dst=target132 if source_ipv6_addr_g != None :133 pkt.src=source_ipv6_addr_g134 return pkt135# Generic ICMPv6 Echo Request136def build_default_icmpv6():137 pkt=ICMPv6EchoRequest()138 pkt.code=ICMPv6_DEFAULT_CODE139 pkt.id=ICMPv6_DEFAULT_IDENTIFIER140 pkt.seq=ICMPv6_DEFAULT_SEQUENCE141 return pkt142# Generic IPv4 datagram143def build_default_ipv4(target):144 pkt=IP()145 pkt.tos=IPv4_DEFAULT_TOS146 pkt.id=IPv4_DEFAULT_ID147 pkt.flags=IPv4_DEFAULT_FLAGS148 pkt.frag=IPv4_DEFAULT_FRAGOFF149 pkt.ttl=IPv4_DEFAULT_TTL150 pkt.dst=target151 if source_ipv4_addr_g != None :152 pkt.src=source_ipv4_addr_g153 return pkt154# Generic ICMPv4 Echo Request155def build_default_icmpv4():156 pkt=ICMP()157 pkt.type=ICMPv4_DEFAULT_TYPE158 pkt.code=ICMPv4_DEFAULT_CODE159 pkt.id=ICMPv4_DEFAULT_IDENTIFIER160 pkt.seq=ICMPv4_DEFAULT_SEQUENCE161 return pkt162# Generic TCP Syn packet163def build_default_tcp():164 pkt=TCP()165 pkt.sport=TCP_DEFAULT_SPORT166 pkt.dport=TCP_DEFAULT_DPORT167 pkt.seq=TCP_DEFAULT_SEQ168 pkt.ack=TCP_DEFAULT_ACK169 pkt.dataofs= None170 pkt.reserved= 0171 pkt.flags=TCP_DEFAULT_FLAGS172 pkt.window=TCP_DEFAULT_WIN173 pkt.urgptr=TCP_DEFAULT_URG174 return pkt175# Generic UDP packet.176def build_default_udp():177 pkt=UDP()178 pkt.sport=UDP_DEFAULT_SPORT179 pkt.dport=UDP_DEFAULT_DPORT180 return pkt181# Returns an unused source port number182def get_source_port_number():183 global source_port_g184 source_port_g=source_port_g+1185 return source_port_g-1186# Returns an unused ICMP sequence number187def get_icmp_seq_number():188 global icmp_seq_g189 icmp_seq_g=icmp_seq_g+1190 return icmp_seq_g-1191#############################192# STANDARD OUTPUT FUNCTIONS #193#############################194def print_start_separator():195 print "---------------------------------- BEGIN TEST ----------------------------------"196def print_end_separator():197 print "---------------------------------- END OF TEST ---------------------------------"198def print_sent_packet(test_packet):199 if type(test_packet)==list :200 for i in range(0, len(test_packet)) :201 print "[+] Test Packet #" + str(i) + ":"202 test_packet[i].show2()203 hexdump(test_packet[i])204 else :205 print "[+] Test Packet:"206 test_packet.show2()207 hexdump(test_packet)208def store_line(line2print):209 output_data.append("#PARSE# "+line2print)210def print_and_store_line(line2print):211 print "[#] " + line2print212 store_line(line2print)213def print_received_packet(packet):214 try:215 packet.show(label_lvl=" ")216 hexdump(packet)217 except:218 return219 return220def print_parseable_test_result(test_number, responses, ip_version):221 if ip_version==4 :222 tag="result4"223 elif ip_version==6 :224 tag="result6"225 # If we received responses, print each of them226 if responses!=None and len(responses)>0 :227 228 rs=-1229 for response in responses:230 rs=rs+1231 # Determine how many layers are present in the packet232 pkt=response233 layers=0234 while type(pkt)!=scapy.packet.NoPayload :235 pkt=pkt.payload236 layers=layers+1237 # Try to obtain the packet's hexdump (scapy is buggy and fails to do238 # this in certain cases). What we do here is: try to display the whole239 # packet. If it fails, remove the layer on the top and try again. Repeat240 # until we run out of layers or the operation succeeds.241 pktstr=''242 removed=0243 for i in range(0, layers) :244 try:245 pktstr=hexstr(str(response), onlyhex=1)246 break247 except :248 response[layers-i-2].remove_payload()249 print "Error displaying packet. Removing layer "+str(layers-i)250 removed=removed+1251 # Print result status (Truncated, Full or Empty) along with the total number of layers and the number of layers that were chopped.252 if removed>0 :253 print_and_store_line("rstatus={"+str(test_number)+", Truncated, "+str(layers)+", "+str(removed)+"}")254 else :255 print_and_store_line("rstatus={"+str(test_number)+", Full, "+str(layers)+ ", 0}")256 # Print the actual packet contents257 print_and_store_line( tag+ "={" + str(test_number) + ", " + str(rs) + ", " + pktstr + "}" )258 # Otherwise, print and empty response tag259 else:260 print_and_store_line("status={"+str(test_number)+", Empty, 0, 0}")261 print_and_store_line( tag + "={" + str(test_number)+ ", 0,}")262def print_parseable_sent_packet(test_number, test_packet, ip_version):263 if ip_version==4 :264 tag="sent4"265 elif ip_version==6 :266 tag="sent6"267 if type(test_packet)==list :268 for i in range(0, len(test_packet)) :269 print_and_store_line(tag + "={"+str(test_number)+", " + str(i) +", " + hexstr(str(test_packet[i]), onlyhex=1) + "}")270 else :271 print_and_store_line(tag + "={"+str(test_number)+", " + "0" +", " + hexstr(str(test_packet), onlyhex=1) + "}")272def print_parseable_time_dependant_test_result(test_number, response, ip_version):273 if ip_version==4 :274 tag="timed4_result"275 else :276 tag="timed6_result"277 if response != None :278 print_and_store_line(tag+"={"+str(test_number)+","+hexstr(str(response), onlyhex=1)+"}")279 else:280 print_and_store_line(tag+"={"+str(test_number)+",}")281def print_test_id(test_id, ip_version):282 if ip_version==4 :283 print_and_store_line("test4_id=" + str(test_id))284 else :285 print_and_store_line("test6_id=" + str(test_id))286def print_test_number(test_num):287 print_and_store_line("test_no=" + str(test_num))288def print_test_description(test_desc):289 print "[+] Test Description: " + str(test_desc)290def print_welcome_banner():291 print "================================================================="292 print "== NMAP IPv6 OS DETECTION RESEARCH TOOL =="293 print "================================================================="294 print " You are running ipv6fp, an internal research tool for the Nmap "295 print " Security Scanner. This program will send about 150 IPv6 network "296 print " probes to a target system and collect any responses received. "297 print " The results will let us build a new IPv6 stack fingerprinting "298 print " engine in Nmap. "299 print " "300 print " We'd like to thank you in advance for running this tool. After "301 print " the execution has finished, a file with the following name "302 print " will be sted in the working directory: "303 print " "304 print output_file_name_g.center(65)305 print " "306 print " Please send it to the following address: " + result_report_email_g307 print " "308 print "================================================================="309def print_debug_info():310 print "== IPv6 Routing information ====================================="311 print conf.route6312 print "== IPv4 Routing information ====================================="313 print conf.route314 print "== Other Details ================================================"315 print "[+] IPv4 Interface: " + conf.iface316 print "[+] IPv6 Interface: " + conf.iface6317 print "[+] User interface: " + interface_g318 print "[+] IPv6 enabled: " + str(conf.ipv6_enabled)319 print "[+] Python version: " + sys.version.replace('\n', '')320 print "[+] Scapy version: " + conf.version321 print "[+] Run as root: " + str(os.geteuid()==0)322 if target_os_details_g!=None:323 print "[+] OS Type: " + target_os_details_g[0]324 print "[+] OS Sub-type: " + target_os_details_g[1]325 print "[+] OS Version: " + target_os_details_g[2]326 if target_host6_g!=None :327 print "[+] Dst IPv6 Address: " + str(target_host6_g)328 if target_host4_g!=None :329 print "[+] Dst IPv4 Address: " + str(target_host4_g)330 if source_ipv6_addr_g!=None :331 print "[+] Src IPv6 Address: " + str(source_ipv6_addr_g)332 if source_ipv4_addr_g!=None :333 print "[+] Src IPv4 Address: " + str(source_ipv4_addr_g)334 if target_mac_addr_g!=None:335 print "[+] Gateway MAC: " + str(target_mac_addr_g)336 print "[+] Send eth: " + str(send_eth_g)337 print "[+] Open Port: " + str(open_port_g)338 print "[+] Open Port: " + str(closed_port_g)339 print "[+] Timeout: " + str(capture_timeout_g)340 print "[+] Retries: " + str(packet_retries_g)341 print "[+] Inter-test delay: " + str(inter_test_delay_g)342 print "[+] Inter-packet delay: " + str(inter_packet_delay_g)343 print "[+] Debug: " + str(debug_g)344 print "================================================================="345def print_test_results():346 print "================================================================="347 print "== NMAP IPv6 OS DETECTION TEST RESULTS =="348 print "================================================================="349 if target_host4_g!=None :350 for i in range(0, len(test4_replies)) :351 sys.stdout.write("IPv4 TEST #")352 sys.stdout.write(str(test4_ids[i]))353 sys.stdout.write("=")354 if test4_replies[i]!=None :355 print "Response received"356 else :357 print "No response"358 if target_host6_g!=None :359 j=0360 for i in range(first_test_g, min( len(test6_replies), last_test_g+1) ) :361 sys.stdout.write("IPv6 TEST #")362 sys.stdout.write(str(test6_ids[i]))363 sys.stdout.write("=")364 if test6_replies[j]!=None :365 print "Response received"366 else :367 print "No response"368 j=j+1369 print "================================================================="370 print "== SUMMARY OF RESULTS =="371 print "================================================================="372 print_and_store_line("currtime={" + str(time.time()) +", " + time.ctime()+"}" )373 if target_os_details_g!=None:374 print_and_store_line("ostype="+target_os_details_g[0])375 print_and_store_line("ossubtype="+target_os_details_g[1])376 print_and_store_line("osversion="+target_os_details_g[2])377 if target_host6_g!=None :378 print_and_store_line("hostaddr6="+str(target_host6_g))379 if target_host4_g!=None :380 print_and_store_line("hostaddr4="+str(target_host4_g))381 print_and_store_line("timeout="+str(capture_timeout_g))382 print_and_store_line("retries="+str(packet_retries_g))383 print_and_store_line("interface="+interface_g)384 print_and_store_line("delay="+str(inter_test_delay_g))385 print_and_store_line("debug="+str(debug_g))386 if len(result_vector6) > 0 :387 print_and_store_line("rvector6=" + str(result_vector6))388 if len(result_vector4) > 0 :389 print_and_store_line("rvector4=" + str(result_vector4))390 print " "391 print " Thank you for running this tool. A file with the following name "392 print " has been created in the working directory: "393 print " "394 print output_file_name_g.center(65)395 print " "396 if target_os_details_g!=None:397 print " Please send it to the following address: " + result_report_email_g398 else :399 print " Please edit the file to provide details about the target's "400 print " operating system type and version. Read the instructions at the "401 print " top. "402 print " "403 print " Once you're done, please send the file to the following address:"404 print " "405 print result_report_email_g.center(65)406 print " "407 print "================================================================="408def get_results_file_header():409 text= [ '================================================================================',410 '== NMAP IPv6 OS DETECTION RESEARCH TOOL ==',411 '== ------------------------------------------ ==',412 '== ==',413 '== ==RESULTS FILE== ==',414 '== ==',415 '================================================================================',416 ]417 return text418def get_results_file_osrequest():419 text= [ '== IMPORTANT! Please provide some information about the target OS: OS type, ==',420 '== OS sub-type and OS version. ==',421 '== ==',422 '== Please chose an OS type and subtype from the following table, and replace ==',423 '== the XXXXXXX value in the "ostype=" and "ossubtype=" labels below (do NOT ==',424 '== include the quote marks). ==',425 '== ==',426 '== +---------+------------------------------------------------------------+ ==',427 '== | OS TYPE | OS SUB-TYPE | ==',428 '== +---------+------------------------------------------------------------+ ==',429 '== | Linux | "CentOs", "Debian", "Fedora", "Gentoo", "Mandriva", | ==',430 '== | | "Mint", "Redhat", "Slackware", "Suse", "Ubuntu", "Other" | ==',431 '== +---------+------------------------------------------------------------+ ==',432 '== | BSD | "DragonFlyBSD", "FreeBSD", "NetBSD", "OpenBSD", | ==',433 '== | | "PC-BSD", "Other" | ==',434 '== +---------+------------------------------------------------------------+ ==',435 '== | Windows | "XP", "Vista", "7", "2003 Server", "2008 Server", "Other" | ==',436 '== +---------+------------------------------------------------------------+ ==',437 '== | MacOS X | "Puma", "Jaguar", "Panther", "Tiger", "Leopard", | ==',438 '== | | "Snow Leopard", "Lion", "Other" | ==',439 '== +---------+------------------------------------------------------------+ ==',440 '== | Solaris | "Sun Solaris", "OpenSolaris", "OpenIndiana", "SchilliX", | ==',441 '== | | "Other" | ==',442 '== +---------+------------------------------------------------------------+ ==',443 '== | Other | "Router", "Firewall", "Switch", "Proxy", "Other" | ==',444 '== +---------+------------------------------------------------------------+ ==',445 '== ==',446 '== INSERT THE OS DETAILS HERE: ==',447 '#PARSE# ostype=XXXXXXX',448 '#PARSE# ossubtype=XXXXXXX',449 '#PARSE# osversion=XXXXXXX',450 '#PARSE# os_additional_comments=',451 '== ==',452 '== The OS version can be a distro version (e.g., "10.04", "Core 4"), a ==',453 '== service pack id (e.g., "SP2"), a firmware version (e.g., "12.2SG"), or a ==',454 '== kernel version (e.g., 2.6.28). ==',455 "== If you'd like to provide additional information, like the output of ==",456 '== "uname -a", details about your network configuration, etc, please add them ==',457 '== after the "os_additional_comments=" tag above. =='458 '\r\n\r\n\r\n',459 ]460 return text461def print_time_elapsed():462 print_and_store_line("elapsed=" + str(get_time_elapsed()))463def print_usage(f = sys.stdout):464 print >> f, """\465Usage: %(progname)s {Target} [Options]466 OPTIONS:467 -h, --help Show this help.468 --ot=PORT Use PORT as open TCP port (default %(ot)s).469 --ct=PORT Use PORT as closed TCP port (default %(ct)s).470 --noports Use default open/closed port numbers.471 --from=N Start from test #N472 --to=N Stop execution after test #N473 --test=N Run only test #N474 --interface=DEV Use the DEV network interface.475 --delay=N Wait N seconds between each test.476 --retries=N Retransmit unanswered packets N times.477 --send-eth Transmit packets at the ethernet level.478 --send-ip Transmit packets at the IP level.479 --debug Print debugging information.480 --addr4=ADDR Specify the target's IPv4 address.481 --interactive Ask parameter values interactively.482""" % { "progname": sys.argv[0], "ot": DEFAULT_OPEN_PORT_IN_TARGET,483 "ct": DEFAULT_CLOSED_PORT_IN_TARGET }484def print_debug(debug_msg):485 if( debug_g==True and debug_msg!=None):486 print debug_msg487########################488# PACKET I/O FUNCTIONS #489########################490def filter_ip_responses(packet_set, src, dst, ip_version):491 result=[]492 # Determine matching type493 if ip_version==6 :494 match_type=scapy.layers.inet6.IPv6495 else :496 match_type=scapy.layers.inet.IP497 for packet in packet_set :498 if type(packet)==match_type :499 if packet.dst==src and packet.src==dst :500 result.append(packet)501 return result502def filter_ipv6_responses(packet_set, src, dst):503 return filter_ip_responses(packet_set=packet_set, src=src, dst=dst, ip_version=6)504def filter_ipv4_responses(packet_set, src, dst):505 return filter_ip_responses(packet_set=packet_set, src=src, dst=dst, ip_version=4)506def filter_responses(sent, received):507 aux=[]508 final_results=[]509 if sent==None or received==None :510 return None511 # If we only have one sent packet, turn it into a list512 if type(sent)!=list :513 sent=[sent]514 # Use a copy of the supplied "sent" list so we do not modify the original515 # data, but just a copy516 backup=[]517 for pkt in sent :518 if type(pkt)==list :519 backup2=[]520 for pkt2 in pkt :521 backup2.append(pkt2.copy())522 backup.append(backup2)523 else :524 backup.append(pkt.copy())525 sent=backup526 # Remove any layer 2 headers that are present in the packets527 for i in range(0, len(sent)) :528 if str(type(sent[i])).find("scapy.layers.l2.")!=-1 :529 sent[i]=sent[i].payload530 for response in received:531 # Remove layer 2 headers532 while(True) :533 if str(type(response)).find("scapy.layers.l2.")!=-1 :534 response=response.payload535 else :536 break537 # Only keep packets that are IPv4 or IPv6538 if type(response)==scapy.layers.inet6.IPv6 or type(response)==scapy.layers.inet.IP :539 aux.append(response)540 received=aux541 # Try to find a response for every packet in the sent set542 for sent_probe in sent :543 match=False544 # Select those packets that originate from the target and are destined to us545 if type(sent_probe)==scapy.layers.inet6.IPv6 :546 response_set=filter_ipv6_responses(received, src=sent_probe.src, dst=sent_probe.dst)547 elif type(sent_probe)==scapy.layers.inet.IP :548 response_set=filter_ipv4_responses(received, src=sent_probe.src, dst=sent_probe.dst)549 else :550 response_set=[]551 for i in range(0, len(response_set)) :552 # Transmission Control Protocol553 if TCP in sent_probe:554 if TCP in response_set[i] :555 if sent_probe[TCP].dport == response_set[i][TCP].sport :556 if sent_probe[TCP].sport == response_set[i][TCP].dport :557 print_debug("TCP MATCH")558 final_results.append( [sent_probe, response_set[i]] )559 match=response_set[i]560 break561 # User Datagram Protocol562 if UDP in sent_probe :563 if UDP in response_set[i] :564 if sent_probe[UDP].dport == response_set[i][UDP].sport :565 if sent_probe[UDP].sport == response_set[i][UDP].dport :566 print_debug("UDP MATCH")567 final_results.append( [sent_probe, response_set[i]] )568 match=response_set[i]569 break570 # ICMPv6 Echo Requests571 if ICMPv6EchoRequest in sent_probe :572 if ICMPv6EchoReply in response_set[i] :573 if sent_probe[ICMPv6EchoRequest].id == response_set[i][ICMPv6EchoReply].id :574 if sent_probe[ICMPv6EchoRequest].seq == response_set[i][ICMPv6EchoReply].seq :575 print_debug("EchoRequest MATCH")576 final_results.append( [sent_probe, response_set[i]] )577 match=response_set[i]578 break579 # ICMPv6 Home Agent Address Discovery Requests580 if ICMPv6HAADRequest in sent_probe :581 if ICMPv6HAADReply in response_set[i] :582 if sent_probe[ICMPv6HAADRequest].id == response_set[i][ICMPv6HAADReply].id :583 print_debug("ICMPv6HAADRequest MATCH")584 final_results.append( [sent_probe, response_set[i]] )585 match=response_set[i]586 break587 # ICMPv6 Multicast Listener Discovery Queries588 if ICMPv6MLQuery in sent_probe :589 if ICMPv6MLReport in response_set[i] or ICMPv6MLDone in response_set[i]:590 print_debug("MLD Query MATCH")591 final_results.append( [sent_probe, response_set[i]] )592 match=response_set[i]593 break594 # ICMPv6 Mobile Prefix Solicitations595 if ICMPv6MPSol in sent_probe :596 if ICMPv6MPAdv in response_set[i] :597 if sent_probe[ICMPv6MPSol].id == response_set[i][ICMPv6MPAdv].id :598 print_debug("ICMPv6MPSol MATCH")599 final_results.append( [sent_probe, response_set[i]] )600 match=response_set[i]601 break602 # ICMPv6 Multicast Router Discovery Solicitations603 if ICMPv6MRD_Solicitation in sent_probe :604 if ICMPv6MRD_Advertisement in response_set[i] or ICMPv6MRD_Termination in response_set[i]:605 print_debug("ICMPv6MRD_Solicitation MATCH")606 final_results.append( [sent_probe, response_set[i]] )607 match=response_set[i]608 break609 # ICMPv6 Inverse Neighbor Discovery Solicitations610 if ICMPv6ND_INDSol in sent_probe :611 if ICMPv6ND_INDAdv in response_set[i]:612 print_debug("ICMPv6ND_INDSol MATCH")613 final_results.append( [sent_probe, response_set[i]] )614 match=response_set[i]615 break616 # ICMPv6 Neighbor Discovery Solicitations617 if ICMPv6ND_NS in sent_probe :618 if ICMPv6ND_NA in response_set[i]:619 print_debug("ICMPv6ND_NS MATCH")620 final_results.append( [sent_probe, response_set[i]] )621 match=response_set[i]622 break623 # ICMPv6 Router Solicitations624 if ICMPv6ND_RS in sent_probe :625 if ICMPv6ND_RA in response_set[i]:626 print_debug("ICMPv6ND_RS MATCH")627 final_results.append( [sent_probe, response_set[i]] )628 match=response_set[i]629 break630 # ICMPv6 Node Information Queries631 if ICMPv6NIQueryIPv4 in sent_probe or ICMPv6NIQueryIPv6 in sent_probe \632 or ICMPv6NIQueryNOOP in sent_probe or ICMPv6NIQueryName in sent_probe:633 # Store which of the tests was true so we can access the layer later634 if ICMPv6NIQueryIPv4 in sent_probe :635 mytype=ICMPv6NIQueryIPv4636 elif ICMPv6NIQueryIPv6 in sent_probe :637 mytype=ICMPv6NIQueryIPv6638 elif ICMPv6NIQueryNOOP in sent_probe :639 mytype=ICMPv6NIQueryNOOP640 else :641 mytype=ICMPv6NIQueryName642 # Check if the response is some kind of Node Information reply643 if ICMPv6NIReplyIPv4 in response_set[i] or ICMPv6NIReplyIPv6 in response_set[i] \644 or ICMPv6NIReplyNOOP in response_set[i] or ICMPv6NIReplyName in response_set[i] \645 or ICMPv6NIReplyRefuse in response_set[i] or ICMPv6NIReplyUnknown in response_set[i] :646 # Store which of the tests was true so we can access the layer later647 if ICMPv6NIReplyIPv4 in response_set[i] :648 mytype2=ICMPv6NIReplyIPv4649 elif ICMPv6NIReplyIPv6 in response_set[i] :650 mytype2=ICMPv6NIReplyIPv6651 elif ICMPv6NIReplyNOOP in response_set[i] :652 mytype2=ICMPv6NIReplyNOOP653 elif ICMPv6NIReplyName in response_set[i] :654 mytype2=ICMPv6NIReplyName655 elif ICMPv6NIReplyRefuse in response_set[i] :656 mytype2=ICMPv6NIReplyRefuse657 else :658 mytype2=ICMPv6NIReplyUnknown659 # Check that the nonces are equal660 if sent_probe[mytype].nonce == response_set[i][mytype2].nonce :661 print_debug("ICMPv6NIQuery MATCH")662 final_results.append( [sent_probe, response_set[i]] )663 match=response_set[i]664 break665 # ICMPv4666 if ICMP in sent_probe :667 if ICMP in response_set[i] :668 # Sent is EchoRequest, Recv is EchoReply669 if sent_probe[ICMP].type==8 and response_set[i][ICMP].type==0:670 if sent_probe[ICMP].id == response_set[i][ICMP].id :671 if sent_probe[ICMP].seq == response_set[i][ICMP].seq :672 print_debug("ICMPv4 EchoRequest MATCH")673 final_results.append( [sent_probe, response_set[i]] )674 match=response_set[i]675 break676 # Sent is TimestampRequest, Recv is TimestampReply677 if sent_probe[ICMP].type==13 and response_set[i][ICMP].type==14:678 if sent_probe[ICMP].id == response_set[i][ICMP].id :679 if sent_probe[ICMP].seq == response_set[i][ICMP].seq :680 print_debug("ICMPv4 TimestampRequest MATCH")681 final_results.append( [sent_probe, response_set[i]] )682 match=response_set[i]683 break684 # Sent is InformationRequest, Recv is InformationReply685 if sent_probe[ICMP].type==15 and response_set[i][ICMP].type==16:686 if sent_probe[ICMP].id == response_set[i][ICMP].id :687 if sent_probe[ICMP].seq == response_set[i][ICMP].seq :688 print_debug("ICMPv4 InformationRequest MATCH")689 final_results.append( [sent_probe, response_set[i]] )690 match=response_set[i]691 break692 # Sent is AddressMaskRequest, Recv is InformationReply693 if sent_probe[ICMP].type==17 and response_set[i][ICMP].type==18:694 if sent_probe[ICMP].id == response_set[i][ICMP].id :695 if sent_probe[ICMP].seq == response_set[i][ICMP].seq :696 print_debug("ICMPv4 MaskRequest MATCH")697 final_results.append( [sent_probe, response_set[i]] )698 match=response_set[i]699 break700 # Sent is DomainNameRequest, Recv is InformationReply701 if sent_probe[ICMP].type==37 and response_set[i][ICMP].type==38:702 if sent_probe[ICMP].id == response_set[i][ICMP].id :703 if sent_probe[ICMP].seq == response_set[i][ICMP].seq :704 print_debug("ICMPv4 DomainNameRequest MATCH")705 final_results.append( [sent_probe, response_set[i]] )706 match=response_set[i]707 break708 # Check if we matched a packet, in that case, remove the response from the709 # list of captured packets so we don't match it again in future loop710 # iterations711 if (match!=False) :712 for j in range(0, len(received)) :713 if received[j]==match :714 received.pop(j)715 break;716 continue717 # If we get here (we have not "break"ed the loop), it means that we718 # did not find any standard response. Now check for ICMP errors.719 # We do a very soft matching. We can probably make mistakes here if720 # we send many packets and we get many different resposnes, but this721 # is not a common case in ipv6fp.py, so we should be fine.722 for i in range(0, len(response_set)) :723 # ICMPv6 Parameter Problem724 if ICMPv6ParamProblem in response_set[i] :725 if IPerror6 in response_set[i] :726 if response_set[i][IPerror6].src==sent_probe.src:727 if response_set[i][IPerror6].dst==sent_probe.dst:728 if response_set[i][IPerror6].nh==sent_probe.nh:729 print_debug("ParameterProblem MATCH")730 final_results.append( [sent_probe, response_set[i]] )731 match=response_set[i]732 break733 # ICMPv6 Destination Unreachable734 if ICMPv6DestUnreach in response_set[i] :735 if IPerror6 in response_set[i] :736 if response_set[i][IPerror6].src==sent_probe.src:737 if response_set[i][IPerror6].dst==sent_probe.dst:738 if response_set[i][IPerror6].nh==sent_probe.nh:739 print_debug("DestUnreach MATCH")740 final_results.append( [sent_probe, response_set[i]] )741 match=response_set[i]742 break743 # ICMPv6 Time Exceeded744 if ICMPv6TimeExceeded in response_set[i] :745 if IPerror6 in response_set[i] :746 if response_set[i][IPerror6].src==sent_probe.src:747 if response_set[i][IPerror6].dst==sent_probe.dst:748 if response_set[i][IPerror6].nh==sent_probe.nh:749 print_debug("TimeExceede MATCH")750 final_results.append( [sent_probe, response_set[i]] )751 match=response_set[i]752 break753 # ICMPv6 Packet Too Big754 if ICMPv6PacketTooBig in response_set[i] :755 if IPerror6 in response_set[i] :756 if response_set[i][IPerror6].src==sent_probe.src:757 if response_set[i][IPerror6].dst==sent_probe.dst:758 if response_set[i][IPerror6].nh==sent_probe.nh:759 print_debug("PacketTooBig MATCH")760 final_results.append( [sent_probe, response_set[i]] )761 match=response_set[i]762 break763 # ICMPv4764 if ICMP in response_set[i] :765 # If we get here it means that the response is an ICMP error766 # message. If it contains the original IP datagram, do the match767 # using the datagram's source and destination address768 if IPerror in response_set[i] :769 if response_set[i][IPerror].src==sent_probe.src:770 if response_set[i][IPerror].dst==sent_probe.dst:771 if response_set[i][IPerror].proto==sent_probe.proto:772 print_debug("ICMP Error MATCH")773 final_results.append( [sent_probe, response_set[i]] )774 match=response_set[i]775 break776 # If it does not contain the original datagram, store it anyway,777 # providing we have a true error message.778 elif response_set[i][ICMP].type==3 or response_set[i][ICMP].type==4 \779 or response_set[i][ICMP].type==5 or response_set[i][ICMP].type==11 \780 or response_set[i][ICMP].type==12 or response_set[i][ICMP].type==40:781 print_debug("Possible ICMP Error MATCH")782 final_results.append( [sent_probe, response_set[i]] )783 match=response_set[i]784 break785 # ICMPv6 Redirects786 if ICMPv6ND_Redirect in response_set[i] :787 print_debug("Redirect MATCH")788 final_results.append( [sent_probe, response_set[i]] )789 match=response_set[i]790 break791 # Unknown ICMPv6 message types792 if ICMPv6Unknown in response_set[i] :793 print_debug("Unknown ICMP type MATCH")794 final_results.append( [sent_probe, response_set[i]] )795 match=response_set[i]796 break797 # Fragmented datagrams that contain ICMP messages (first fragment)798 if IPv6 in response_set[i] :799 if IPv6ExtHdrFragment in response_set[i] :800 if ICMPv6EchoReply in response_set[i] :801 print_debug("Some ICMP type MATCH (from frag packet #0)")802 final_results.append( [sent_probe, response_set[i]] )803 match=response_set[i]804 break805 # Fragmented datagrams that contain ICMP messages (other fragments)806 if Raw in response_set[i]:807 if IPv6 in response_set[i] :808 if IPv6ExtHdrFragment in response_set[i] :809 if response_set[i][IPv6ExtHdrFragment].nh==58 :810 print_debug("Some ICMP type MATCH (from frag packet #n)")811 final_results.append( [sent_probe, response_set[i]] )812 match=response_set[i]813 break814 # Print debug info815 else :816 hdr=sent_probe817 print_debug("SENT:")818 while True :819 print_debug(str(type(hdr)))820 hdr=hdr.payload821 if type(hdr)==scapy.packet.NoPayload :822 break823 hdr=response_set[i]824 print_debug("CAPT:")825 while True :826 print_debug(str(type(hdr)))827 hdr=hdr.payload828 if type(hdr)==scapy.packet.NoPayload :829 break830 # Check if we matched a packet, in that case, remove the response from the831 # list of captured packets so we don't match it again in future loop832 # iterations833 if (match!=False) :834 for j in range(0, len(received)) :835 if received[j]==match :836 received.pop(j)837 break;838 839 return final_results840def sndrcv_ng(pkt, timeout=1, iface=None, inter = 0, verbose=1, retry=0, multi=0) :841 print_debug("sndrcv_ng()")842 cap_pkts=[] # Responses are stored here843 if pkt==None or timeout <=0:844 return None845 # If we only have one packet to send, turn it into a list846 if type(pkt)!=list :847 pkt=[pkt]848 # Determine if we need to send at the ethernet level or not849 if type(pkt[0])==scapy.layers.l2.Ether :850 send_ether=True851 else :852 send_ether=False853 # Send and receive loop854 while retry >= 0:855 retry=retry-1856 # For into two processes, one for transmission, one for reception857 pid=1858 pid = os.fork()859 # Packet transmission child860 if pid == 0:861 print_debug("Transmission Child")862 sys.stdin.close()863 if send_ether==True :864 sendp(pkt, inter=inter, iface=iface, verbose=verbose)865 else :866 send(pkt, inter=inter, verbose=verbose)867 elif pid < 0:868 print "ERROR: unable to fork()"869 # Packet recption child870 else:871 print_debug("Reception Child")872 cap_pkts=sniff(timeout=timeout)873 print_debug("Captured " +str(len(cap_pkts)) + " packets")874 cap_pkts=filter_responses(pkt, cap_pkts)875 # If we received a response, avoid looping again876 if cap_pkts!=None and len(cap_pkts)>0 :877 retry=-1878 os.waitpid(pid,0)879 if pid == 0:880 os._exit(0)881 return cap_pkts882def send_and_receive(packet, verbosity=1):883 # Send packet and get response884 responses=sndrcv_ng(packet, iface=interface_g, retry=packet_retries_g, timeout=capture_timeout_g, multi=0, verbose=verbosity, inter=inter_packet_delay_g)885 if responses==None or len(responses)==0 :886 return []887 # If we got responses, strip the link layer before returning them888 for i in range(0, len(responses)) :889 responses[i][0]=strip_link_layer(responses[i][0])890 responses[i][1]=strip_link_layer(responses[i][1])891 return responses892def send_and_receive_multiple(packet, verbosity=1):893 # Send a list of packets and get the responses894 responses=sr(packet, retry=packet_retries_g, timeout=capture_timeout_g, multi=1, verbose=verbosity, inter=inter_packet_delay_g);895 return responses896def strip_link_layer(packet):897 while(True) :898 if str(type(packet)).find("scapy.layers.l2.")!=-1 :899 packet=packet.payload900 else :901 break902 return packet903def send_and_receive_eth(packet, verbosity=1):904 # Send packet(s) and get response(s)905 # Add an ethernet header to the packet(s)906 eth_hdr=Ether(dst=target_mac_addr_g)907 if type(packet)==list : # Test contains more than one packet908 for i in range(0, len(packet)) :909 packet[i]=eth_hdr/packet[i]910 else :911 packet=eth_hdr/packet912 responses=send_and_receive(packet, verbosity=verbosity)913 return responses914# Note that this function does NOT strip the ethernet header of the returned (answered, unsanswered) set.915def send_and_receive_eth_multiple(packet, verbosity=1):916 # Send packet and get response917 # Add an ethernet header to the packet(s)918 eth_hdr=Ether(dst=target_mac_addr_g)919 if type(packet)==list : # Test contains more than one packet920 for i in range(0, len(packet)) :921 packet[i]=eth_hdr/packet[i]922 else :923 packet=eth_hdr/packet924 responses=srp(packet, iface=interface_g, retry=packet_retries_g, timeout=capture_timeout_g, multi=1, verbose=verbosity, inter=inter_packet_delay_g);925 return responses926#############################927# TEST MANAGEMENT FUNCTIONS #928#############################929# Runs the specified test. It returns a packet if a response was received and930# 'None' otherwise.931def run_test(test_number, test_id, test_description, test_packet, ip_version):932 # Print test details933 print_start_separator()934 print_test_number(test_number)935 print_test_id(test_id, ip_version)936 print_time_elapsed()937 print_test_description(test_description)938 print_parseable_sent_packet(test_number, test_packet, ip_version)939 print_sent_packet(test_packet)940 # Special case: localhost needs some adjustments941 if ip_version==4 and send_eth_g==False and (target_host4_g=='127.0.0.1' or target_host4_g=='localhost') :942 tmp=conf.L3socket943 conf.L3socket = L3RawSocket944 # Send the packet and listen for responses945 if send_eth_g == True:946 responses=send_and_receive_eth(test_packet)947 else:948 responses=send_and_receive(test_packet)949 # Restore original L3 socket950 if ip_version==4 and send_eth_g==False and (target_host4_g=='127.0.0.1' or target_host4_g=='localhost') :951 conf.L3socket=tmp952 # Check if we got a response. Print it if that's the case.953 received=[]954 if(len(responses)>0 ):955 print "[+] Response received:"956 for i in range(0, len(responses)) :957 print_received_packet(responses[i][1])958 received.append(responses[i][1])959 else :960 received=None961 print "[+] No response received:"962 print_parseable_test_result(test_number, received, ip_version)963 # Cleanup and return964 print_end_separator()965 return received966# Runs the specified test. It returns a packet if a response was received and967# 'None' otherwise.968def run_test_multiple(test_number_base, test_id, test_description, test_packet, ip_version):969 # Print test details970 print_start_separator()971 print_test_number(test_number_base)972 print_test_id(test_id, ip_version)973 print_test_description(test_description)974 myresponses=[]975 # Special case: localhost needs some adjustments976 if ip_version==4 and send_eth_g==False and (target_host4_g=='127.0.0.1' or target_host4_g=='localhost') :977 tmp=conf.L3socket978 conf.L3socket = L3RawSocket979 # Send the packet and listen for responses980 if send_eth_g == True:981 responses=send_and_receive_eth_multiple(test_packet)982 else:983 responses=send_and_receive_multiple(test_packet)984 # Restore original L3 socket985 if ip_version==4 and send_eth_g==False and (target_host4_g=='127.0.0.1' or target_host4_g=='localhost') :986 conf.L3socket=tmp987 # Print packets that did not get any response988 for i in range(0, len(responses[1])) :989 print_sent_packet(responses[1][i])990 print "[+] No response received:"991 # Print packets that did get responses992 for i in range(0, len(responses[0])) :993 if type(responses[0][i][0])==scapy.layers.l2.Ether :994 print_sent_packet(responses[0][i][0].payload)995 else :996 print_sent_packet(responses[0][i][0])997 print "[+] Response received:"998 if type(responses[0][i][1])==scapy.layers.l2.Ether :999 print_received_packet(responses[0][i][1].payload)1000 myresponses.append(responses[0][i][1].payload)1001 print_parseable_time_dependant_test_result(test_number_base+i, responses[0][i][1].payload, ip_version)1002 else:1003 print_received_packet(responses[0][i][1])1004 myresponses.append(responses[0][i][1])1005 print_parseable_time_dependant_test_result(test_number_base+i, responses[0][i][1], ip_version)1006 # Cleanup and return1007 print_end_separator()1008 # Check if we got a response. Print it if that's the case.1009 if len(myresponses)>0 :1010 return myresponses1011 else :1012 return None1013################1014# TEST BATTERY #1015################1016#1017# Acknowledgments: Some of the following tests have been inspired by the1018# great "THC-IPv6" toolkit (v1.6) written by Van Hauser from the THC group,1019# (mainly from the "implementation6" tool). {http://www.thc.org/thc-ipv6/}1020#1021def set_up_ipv6_tests(target):1022 ####################################1023 # CURRENT NMAP OS DETECTION PROBES #1024 ####################################1025 # TEST 01026 test6_ids.append("NMAP_OS_PROBE_TCP_0")1027 test6_descriptions.append("TCP/SYN/OpenPort/NmapProbe0")1028 ip_packet=build_default_ipv6(target)1029 tcp_packet=build_default_tcp()1030 tcp_packet.dport=open_port_g1031 tcp_packet.sport=get_source_port_number()1032 tcp_packet.seq=tcpSeqBase+01033 tcp_packet.ack=tcpAck1034 tcp_packet.flags='S'1035 tcp_packet.options=[('WScale', 10), ('NOP', None), ('MSS',1460), ('Timestamp', (0xFFFFFFFF,0L)), ('SAckOK', '')]1036 tcp_packet.window=11037 final_packet=ip_packet/tcp_packet1038 test6_packets.append(final_packet)1039 # TEST 11040 test6_ids.append("NMAP_OS_PROBE_TCP_1")1041 test6_descriptions.append("TCP/SYN/OpenPort/NmapProbe1")1042 ip_packet=build_default_ipv6(target)1043 tcp_packet=build_default_tcp()1044 tcp_packet.dport=open_port_g1045 tcp_packet.sport=get_source_port_number()1046 tcp_packet.seq=tcpSeqBase+11047 tcp_packet.ack=tcpAck1048 tcp_packet.flags='S'1049 tcp_packet.options=[('MSS', 1400), ('WScale', 0), ('SAckOK', ''), ('Timestamp', (0xFFFFFFFF,0L)), ('EOL', '')]1050 tcp_packet.window=631051 final_packet=ip_packet/tcp_packet1052 test6_packets.append(final_packet)1053 # TEST 21054 test6_ids.append("NMAP_OS_PROBE_TCP_2")1055 test6_descriptions.append("TCP/SYN/OpenPort/NmapProbe2")1056 ip_packet=build_default_ipv6(target)1057 tcp_packet=build_default_tcp()1058 tcp_packet.dport=open_port_g1059 tcp_packet.sport=get_source_port_number()1060 tcp_packet.seq=tcpSeqBase+21061 tcp_packet.ack=tcpAck1062 tcp_packet.flags='S'1063 tcp_packet.options=[('Timestamp', (0xFFFFFFFF,0L)), ('NOP', ''), ('NOP', ''), ('WScale', 5), ('NOP', ''), ('MSS', 640)]1064 tcp_packet.window=41065 final_packet=ip_packet/tcp_packet1066 test6_packets.append(final_packet)1067 # TEST 31068 test6_ids.append("NMAP_OS_PROBE_TCP_3")1069 test6_descriptions.append("TCP/SYN/OpenPort/NmapProbe3")1070 ip_packet=build_default_ipv6(target)1071 tcp_packet=build_default_tcp()1072 tcp_packet.dport=open_port_g1073 tcp_packet.sport=get_source_port_number()1074 tcp_packet.seq=tcpSeqBase+31075 tcp_packet.ack=tcpAck1076 tcp_packet.flags='S'1077 tcp_packet.options=[('SAckOK', ''), ('Timestamp', (0xFFFFFFFF,0L)), ('WScale', 10), ('EOL', '')]1078 tcp_packet.window=41079 final_packet=ip_packet/tcp_packet1080 test6_packets.append(final_packet)1081 # TEST 41082 test6_ids.append("NMAP_OS_PROBE_TCP_4")1083 test6_descriptions.append("TCP/SYN/OpenPort/NmapProbe4")1084 ip_packet=build_default_ipv6(target)1085 tcp_packet=build_default_tcp()1086 tcp_packet.dport=open_port_g1087 tcp_packet.sport=get_source_port_number()1088 tcp_packet.seq=tcpSeqBase+41089 tcp_packet.ack=tcpAck1090 tcp_packet.flags='S'1091 tcp_packet.options=[('MSS', 536), ('SAckOK', ''), ('Timestamp', (0xFFFFFFFF,0L)), ('WScale', 10), ('EOL', '')]1092 tcp_packet.window=161093 final_packet=ip_packet/tcp_packet1094 test6_packets.append(final_packet)1095 # TEST 51096 test6_ids.append("NMAP_OS_PROBE_TCP_5")1097 test6_descriptions.append("TCP/SYN/OpenPort/NmapProbe5")1098 ip_packet=build_default_ipv6(target)1099 tcp_packet=build_default_tcp()1100 tcp_packet.dport=open_port_g1101 tcp_packet.sport=get_source_port_number()1102 tcp_packet.seq=tcpSeqBase+51103 tcp_packet.ack=tcpAck1104 tcp_packet.flags='S'1105 tcp_packet.options=[('MSS', 265), ('SAckOK', ''), ('Timestamp', (0xFFFFFFFF,0L))]1106 tcp_packet.window=5121107 final_packet=ip_packet/tcp_packet1108 test6_packets.append(final_packet)1109 # TEST 6 ECN1110 test6_ids.append("NMAP_OS_PROBE_TCP_6")1111 test6_descriptions.append("TCP/CWR|ECN|SYN/OpenPort/NmapProbe6")1112 ip_packet=build_default_ipv6(target)1113 tcp_packet=build_default_tcp()1114 tcp_packet.dport=open_port_g1115 tcp_packet.sport=get_source_port_number()1116 tcp_packet.seq=tcpSeqBase1117 tcp_packet.ack=01118 tcp_packet.urgptr=0xF7F51119 tcp_packet.flags='CES'1120 tcp_packet.options=[('WScale', 10), ('NOP', ''), ('MSS', 1460), ('SAckOK', ''), ('NOP', ''), ('NOP', '')]1121 tcp_packet.window=31122 final_packet=ip_packet/tcp_packet1123 test6_packets.append(final_packet)1124 # TEST 7 (T2)1125 test6_ids.append("NMAP_OS_PROBE_TCP_7")1126 test6_descriptions.append("TCP/NullFlags/OpenPort/NmapProbe7")1127 ip_packet=build_default_ipv6(target)1128 tcp_packet=build_default_tcp()1129 tcp_packet.dport=open_port_g1130 tcp_packet.sport=get_source_port_number()1131 tcp_packet.seq=tcpSeqBase1132 tcp_packet.ack=tcpAck1133 tcp_packet.urgptr=01134 tcp_packet.flags=''1135 tcp_packet.options=[('WScale', 10), ('NOP', ''), ('MSS', 265), ('Timestamp', (0xFFFFFFFF,0L)), ('SAckOK', '')]1136 tcp_packet.window=1281137 final_packet=ip_packet/tcp_packet1138 test6_packets.append(final_packet)1139 # TEST 8 (T3)1140 test6_ids.append("NMAP_OS_PROBE_TCP_8")1141 test6_descriptions.append("TCP/SYN|FIN|URG|PSH/OpenPort/NmapProbe8")1142 ip_packet=build_default_ipv6(target)1143 tcp_packet=build_default_tcp()1144 tcp_packet.dport=open_port_g1145 tcp_packet.sport=get_source_port_number()1146 tcp_packet.seq=tcpSeqBase1147 tcp_packet.ack=tcpAck1148 tcp_packet.urgptr=01149 tcp_packet.flags='SFUP'1150 tcp_packet.options=[('WScale', 10), ('NOP', ''), ('MSS', 265), ('Timestamp', (0xFFFFFFFF,0L)), ('SAckOK', '')]1151 tcp_packet.window=2561152 final_packet=ip_packet/tcp_packet1153 test6_packets.append(final_packet)1154 # TEST 9 (T4)1155 test6_ids.append("NMAP_OS_PROBE_TCP_9")1156 test6_descriptions.append("TCP/ACK/OpenPort/NmapProbe9")1157 ip_packet=build_default_ipv6(target)1158 tcp_packet=build_default_tcp()1159 tcp_packet.dport=open_port_g1160 tcp_packet.sport=get_source_port_number()1161 tcp_packet.seq=tcpSeqBase1162 tcp_packet.ack=tcpAck1163 tcp_packet.urgptr=01164 tcp_packet.flags='A'1165 tcp_packet.options=[('WScale', 10), ('NOP', ''), ('MSS', 265), ('Timestamp', (0xFFFFFFFF,0L)), ('SAckOK', '')]1166 tcp_packet.window=10241167 final_packet=ip_packet/tcp_packet1168 test6_packets.append(final_packet)1169 # TEST 10 (T5)1170 test6_ids.append("NMAP_OS_PROBE_TCP_10")1171 test6_descriptions.append("TCP/SYN/ClosedPort/NmapProbe10")1172 ip_packet=build_default_ipv6(target)1173 tcp_packet=build_default_tcp()1174 tcp_packet.dport=closed_port_g1175 tcp_packet.sport=get_source_port_number()1176 tcp_packet.seq=tcpSeqBase1177 tcp_packet.ack=tcpAck1178 tcp_packet.urgptr=01179 tcp_packet.flags='S'1180 tcp_packet.options=[('WScale', 10), ('NOP', ''), ('MSS', 265), ('Timestamp', (0xFFFFFFFF,0L)), ('SAckOK', '')]1181 tcp_packet.window=313371182 final_packet=ip_packet/tcp_packet1183 test6_packets.append(final_packet)1184 # TEST 11 (T6)1185 test6_ids.append("NMAP_OS_PROBE_TCP_11")1186 test6_descriptions.append("TCP/ACK/ClosedPort/NmapProbe11")1187 ip_packet=build_default_ipv6(target)1188 tcp_packet=build_default_tcp()1189 tcp_packet.dport=closed_port_g1190 tcp_packet.sport=get_source_port_number()1191 tcp_packet.seq=tcpSeqBase1192 tcp_packet.ack=tcpAck1193 tcp_packet.urgptr=01194 tcp_packet.flags='A'1195 tcp_packet.options=[('WScale', 10), ('NOP', ''), ('MSS', 265), ('Timestamp', (0xFFFFFFFF,0L)), ('SAckOK', '')]1196 tcp_packet.window=327681197 final_packet=ip_packet/tcp_packet1198 test6_packets.append(final_packet)1199 # TEST 12 (T7)1200 test6_ids.append("NMAP_OS_PROBE_TCP_12")1201 test6_descriptions.append("TCP/FIN|PSH|URG/ClosedPort/NmapProbe12")1202 ip_packet=build_default_ipv6(target)1203 tcp_packet=build_default_tcp()1204 tcp_packet.dport=closed_port_g1205 tcp_packet.sport=get_source_port_number()1206 tcp_packet.seq=tcpSeqBase1207 tcp_packet.ack=tcpAck1208 tcp_packet.urgptr=01209 tcp_packet.flags='FPU'1210 tcp_packet.options=[('WScale', 15), ('NOP', ''), ('MSS', 265), ('Timestamp', (0xFFFFFFFF,0L)), ('SAckOK', '')]1211 tcp_packet.window=655351212 final_packet=ip_packet/tcp_packet1213 test6_packets.append(final_packet)1214 # TEST 13 (IE 1)1215 test6_ids.append("NMAP_OS_PROBE_ICMP_1")1216 test6_descriptions.append("ICMP/EchoRequest/TClass=0/NmapProbe13")1217 ip_packet=build_default_ipv6(target)1218 ip_packet.tclass=01219 icmp_packet=build_default_icmpv6()1220 icmp_packet.code=91221 icmp_packet.seq=2951222 icmp_packet.id=0xABCD1223 icmp_packet.data='\x00'*1201224 final_packet=ip_packet/icmp_packet1225 test6_packets.append(final_packet)1226 # TEST 14 (IE 2)1227 test6_ids.append("NMAP_OS_PROBE_ICMP_2")1228 test6_descriptions.append("ICMP/EchoRequest/TClass=4/NmapProbe14")1229 ip_packet=build_default_ipv6(target)1230 ip_packet.tclass=41231 icmp_packet=build_default_icmpv6()1232 icmp_packet.code=91233 icmp_packet.seq=295+11234 icmp_packet.id=0xABCD+11235 icmp_packet.data='\x00'*1501236 final_packet=ip_packet/icmp_packet1237 test6_packets.append(final_packet)1238 # TEST 15 (U1)1239 test6_ids.append("NMAP_OS_PROBE_UDP")1240 test6_descriptions.append("ICMP/EchoRequest/TClass=4/NmapProbe14")1241 ip_packet=build_default_ipv6(target)1242 udp_packet=build_default_udp()1243 udp_packet.dport=closed_port_g1244 udp_packet.sport=455351245 payload='\x43'*3001246 final_packet=ip_packet/udp_packet/payload1247 test6_packets.append(final_packet)1248 #########################1249 # ICMPv6-ORIENTED TESTS #1250 #########################1251 # TEST 161252 test6_ids.append("ICMPEcho_0")1253 test6_descriptions.append("ICMP/EchoReq/PL=0")1254 ip_packet=build_default_ipv6(target)1255 icmp_packet=build_default_icmpv6()1256 icmp_packet.seq=get_icmp_seq_number()1257 final_packet=ip_packet/icmp_packet1258 test6_packets.append(final_packet)1259 # TEST 171260 test6_ids.append("ICMPEcho_1")1261 test6_descriptions.append("ICMP/EchoReq/PL=32")1262 ip_packet=build_default_ipv6(target)1263 icmp_packet=build_default_icmpv6()1264 icmp_packet.seq=get_icmp_seq_number()1265 icmp_packet.data=ASCII_PAYLOAD_321266 final_packet=ip_packet/icmp_packet1267 test6_packets.append(final_packet)1268 # TEST 181269 test6_ids.append("ICMPEcho_2")1270 test6_descriptions.append("ICMP/EchoReq/PL=1280-40-8=1232")1271 ip_packet=build_default_ipv6(target)1272 icmp_packet=build_default_icmpv6()1273 icmp_packet.seq=get_icmp_seq_number()1274 icmp_packet.data="A"*12321275 final_packet=ip_packet/icmp_packet1276 test6_packets.append(final_packet)1277 # TEST 191278 test6_ids.append("ICMPEcho_3")1279 test6_descriptions.append("ICMP/EchoReq/PL=1280-40-8+1=1233")1280 ip_packet=build_default_ipv6(target)1281 icmp_packet=build_default_icmpv6()1282 icmp_packet.seq=get_icmp_seq_number()1283 icmp_packet.data="B"*12331284 final_packet=ip_packet/icmp_packet1285 test6_packets.append(final_packet)1286 # TEST 201287 test6_ids.append("ICMPEcho_4")1288 test6_descriptions.append("ICMP/EchoReq/PL=32/BadSum")1289 ip_packet=build_default_ipv6(target)1290 icmp_packet=build_default_icmpv6()1291 icmp_packet.seq=get_icmp_seq_number()1292 icmp_packet.data=ASCII_PAYLOAD_321293 icmp_packet.cksum=0xABCD1294 final_packet=ip_packet/icmp_packet1295 test6_packets.append(final_packet)1296 # TEST 211297 test6_ids.append("ICMPNSol_0")1298 test6_descriptions.append("ICMP/NSol/Dst=target/Addr=target")1299 ip_packet=build_default_ipv6(target)1300 ip_packet.hlim=2551301 icmp_packet=ICMPv6ND_NS()1302 icmp_packet.code=01303 icmp_packet.tgt=target;1304 final_packet=ip_packet/icmp_packet1305 test6_packets.append(final_packet)1306 # TEST 221307 test6_ids.append("ICMPNSol_1")1308 test6_descriptions.append("ICMP/NSol/Dst=target/Addr=target/ICMPCode=0x01")1309 ip_packet=build_default_ipv6(target)1310 ip_packet.hlim=2551311 icmp_packet=ICMPv6ND_NS()1312 icmp_packet.code=0x011313 icmp_packet.tgt=target;1314 final_packet=ip_packet/icmp_packet1315 test6_packets.append(final_packet)1316 # TEST 231317 test6_ids.append("ICMPNSol_2")1318 test6_descriptions.append("ICMP/NSol/Dst=target/Addr=target/ICMPCode=0xAB")1319 ip_packet=build_default_ipv6(target)1320 ip_packet.hlim=2551321 icmp_packet=ICMPv6ND_NS()1322 icmp_packet.code=0xAB1323 icmp_packet.tgt=target;1324 final_packet=ip_packet/icmp_packet1325 test6_packets.append(final_packet)1326 # TEST 241327 test6_ids.append("ICMPNSol_3")1328 test6_descriptions.append("ICMP/NSol/Dst=target/Addr=::0")1329 ip_packet=build_default_ipv6(target)1330 ip_packet.hlim=2551331 icmp_packet=ICMPv6ND_NS()1332 icmp_packet.code=01333 icmp_packet.tgt="::0"1334 final_packet=ip_packet/icmp_packet1335 test6_packets.append(final_packet)1336 # TEST 251337 test6_ids.append("ICMPNSol_4")1338 test6_descriptions.append("ICMP/NSol/Dst=target/Addr=::0/ICMPCode=0xCD")1339 ip_packet=build_default_ipv6(target)1340 ip_packet.hlim=2551341 icmp_packet=ICMPv6ND_NS()1342 icmp_packet.code=0xCD1343 icmp_packet.tgt="::0"1344 final_packet=ip_packet/icmp_packet1345 test6_packets.append(final_packet)1346 # TEST 261347 test6_ids.append("ICMPNSol_5")1348 test6_descriptions.append("ICMP/NSol/Dst=target/Addr=target/ICMPv6 Opts (LLAddr=0)")1349 ip_packet=build_default_ipv6(target)1350 ip_packet.hlim=2551351 icmp_packet=ICMPv6ND_NS()1352 icmp_packet.code=01353 icmp_packet.tgt=target1354 icmp_options=ICMPv6NDOptSrcLLAddr()1355 icmp_options.lladdr='00:00:00:00:00:00'1356 final_packet=ip_packet/icmp_packet/icmp_options1357 test6_packets.append(final_packet)1358 # TEST 271359 test6_ids.append("ICMPNSol_6")1360 test6_descriptions.append("ICMP/NSol/Dst=target/Addr=target/ICMPv6 Opts (LLAddr='AA:BB:CC:DD:EE:FF')")1361 ip_packet=build_default_ipv6(target)1362 ip_packet.hlim=2551363 icmp_packet=ICMPv6ND_NS()1364 icmp_packet.code=01365 icmp_packet.tgt=target1366 icmp_options=ICMPv6NDOptSrcLLAddr()1367 icmp_options.lladdr='AA:BB:CC:DD:EE:FF'1368 final_packet=ip_packet/icmp_packet/icmp_options1369 test6_packets.append(final_packet)1370 # TEST 281371 test6_ids.append("ICMPNSol_7")1372 test6_descriptions.append("ICMP/NSol/Dst=target/Addr=target/Bogus ICMPv6 Opt for NSol (mtu=1280)")1373 ip_packet=build_default_ipv6(target)1374 ip_packet.hlim=2551375 icmp_packet=ICMPv6ND_NS()1376 icmp_packet.code=01377 icmp_packet.tgt=target1378 icmp_options=ICMPv6NDOptMTU()1379 icmp_options.mtu=12801380 final_packet=ip_packet/icmp_packet/icmp_options1381 test6_packets.append(final_packet)1382 # TEST 291383 test6_ids.append("ICMPNSol_8")1384 test6_descriptions.append("ICMP/NSol/Dst=target/Addr=target/Bogus ICMPv6 Opt for NSol (mtu=0)")1385 ip_packet=build_default_ipv6(target)1386 ip_packet.hlim=2551387 icmp_packet=ICMPv6ND_NS()1388 icmp_packet.code=01389 icmp_packet.tgt=target1390 icmp_options=ICMPv6NDOptMTU()1391 icmp_options.mtu=01392 final_packet=ip_packet/icmp_packet/icmp_options1393 test6_packets.append(final_packet)1394 # TEST 301395 test6_ids.append("ICMPNSol_9")1396 test6_descriptions.append("ICMP/NSol/Dst=target/Addr=target/ICMPv6NDOptSrcLLAddr(addr=1a:2b:3c:4d:5e:6f) + ICMPv6NDOptMTU(mtu=1450)")1397 ip_packet=build_default_ipv6(target)1398 ip_packet.hlim=2551399 icmp_packet=ICMPv6ND_NS()1400 icmp_packet.code=0xCD1401 icmp_packet.tgt=target1402 icmp_option_1=ICMPv6NDOptSrcLLAddr()1403 icmp_option_1.lladdr='1A:2B:3C:4D:5E:6F'1404 icmp_option_2=ICMPv6NDOptMTU()1405 icmp_option_2.mtu=14501406 icmp_options=icmp_option_1/icmp_option_21407 final_packet=ip_packet/icmp_packet/icmp_options1408 test6_packets.append(final_packet)1409 # TEST 311410 test6_ids.append("ICMPHAADReq_0")1411 test6_descriptions.append("ICMP/HAAD Request/Dst=target/Code=Id=Res=0")1412 ip_packet=build_default_ipv6(target)1413 icmp_packet=ICMPv6HAADRequest()1414 icmp_packet.code=01415 icmp_packet.id=01416 icmp_packet.res=01417 final_packet=ip_packet/icmp_packet1418 test6_packets.append(final_packet)1419 # TEST 321420 test6_ids.append("ICMPHAADReq_1")1421 test6_descriptions.append("ICMP/HAAD Request/Dst=target/Code=0xFA/Id=Res=0")1422 ip_packet=build_default_ipv6(target)1423 icmp_packet=ICMPv6HAADRequest()1424 icmp_packet.code=0xFA1425 icmp_packet.id=01426 icmp_packet.res=01427 final_packet=ip_packet/icmp_packet1428 test6_packets.append(final_packet)1429 # TEST 331430 test6_ids.append("ICMPHAADReq_2")1431 test6_descriptions.append("ICMP/HAAD Request/Dst=target/Code=0/Id=0xABCD/Res=0x1234")1432 ip_packet=build_default_ipv6(target)1433 icmp_packet=ICMPv6HAADRequest()1434 icmp_packet.code=01435 icmp_packet.id=0xABCD1436 icmp_packet.res=0x12341437 final_packet=ip_packet/icmp_packet1438 test6_packets.append(final_packet)1439 # TEST 341440 test6_ids.append("ICMPRSol_0")1441 test6_descriptions.append("ICMP/RSol/Dst=target/ICMPCode=0x00/Reserved=0")1442 ip_packet=build_default_ipv6(target)1443 ip_packet.hlim=2551444 icmp_packet=ICMPv6ND_RS()1445 icmp_packet.code=01446 icmp_packet.res=01447 final_packet=ip_packet/icmp_packet1448 test6_packets.append(final_packet)1449 # TEST 351450 test6_ids.append("ICMPRSol_1")1451 test6_descriptions.append("ICMP/RSol/Dst=target/ICMPCode=0xAA/Reserved=0")1452 ip_packet=build_default_ipv6(target)1453 ip_packet.hlim=2551454 icmp_packet=ICMPv6ND_RS()1455 icmp_packet.code=0xAA1456 icmp_packet.res=01457 final_packet=ip_packet/icmp_packet1458 test6_packets.append(final_packet)1459 # TEST 361460 test6_ids.append("ICMPRSol_2")1461 test6_descriptions.append("ICMP/RSol/Dst=target/ICMPCode=0x00/Reserved=0xAB0000CD")1462 ip_packet=build_default_ipv6(target)1463 ip_packet.hlim=2551464 icmp_packet=ICMPv6ND_RS()1465 icmp_packet.code=01466 icmp_packet.res=0xAB0000CD1467 final_packet=ip_packet/icmp_packet1468 test6_packets.append(final_packet)1469 # TEST 371470 test6_ids.append("ICMPRSol_3")1471 test6_descriptions.append("ICMP/RSol/Dst=target/ICMPCode=0x01/Reserved=0x00000001")1472 ip_packet=build_default_ipv6(target)1473 ip_packet.hlim=2551474 icmp_packet=ICMPv6ND_RS()1475 icmp_packet.code=0x011476 icmp_packet.res=0x000000011477 final_packet=ip_packet/icmp_packet1478 test6_packets.append(final_packet)1479 # TEST 381480 test6_ids.append("ICMPRSol_4")1481 test6_descriptions.append("ICMP/RSol/Dst=target/ICMP_Option:LLAddr=0")1482 ip_packet=build_default_ipv6(target)1483 ip_packet.hlim=2551484 icmp_packet=ICMPv6ND_RS()1485 icmp_packet.code=01486 icmp_packet.res=01487 icmp_options=ICMPv6NDOptSrcLLAddr()1488 icmp_options.lladdr='00:00:00:00:00:00'1489 final_packet=ip_packet/icmp_packet/icmp_options1490 test6_packets.append(final_packet)1491 # TEST 391492 test6_ids.append("ICMPRSol_5")1493 test6_descriptions.append("ICMP/RSol/Dst=target/ICMP_Option:LLAddr=00:11:22:33:44:55")1494 ip_packet=build_default_ipv6(target)1495 ip_packet.hlim=2551496 icmp_packet=ICMPv6ND_RS()1497 icmp_packet.code=01498 icmp_packet.res=01499 icmp_options=ICMPv6NDOptSrcLLAddr()1500 icmp_options.lladdr='00:11:22:33:44:55'1501 final_packet=ip_packet/icmp_packet/icmp_options1502 test6_packets.append(final_packet)1503 # TEST 401504 test6_ids.append("ICMPRSol_6")1505 test6_descriptions.append("ICMP/RSol/Dst=target/Invalid ICMP_Option for RSol (mtu=1280")1506 ip_packet=build_default_ipv6(target)1507 ip_packet.hlim=2551508 icmp_packet=ICMPv6ND_RS()1509 icmp_packet.code=01510 icmp_packet.res=01511 icmp_options=ICMPv6NDOptMTU()1512 icmp_options.mtu=12801513 final_packet=ip_packet/icmp_packet/icmp_options1514 test6_packets.append(final_packet)1515 # TEST 411516 test6_ids.append("ICMPRSol_7")1517 test6_descriptions.append("ICMP/RSol/Dst=target/Invalid ICMP_Option for RSol (mtu=0)")1518 ip_packet=build_default_ipv6(target)1519 ip_packet.hlim=2551520 icmp_packet=ICMPv6ND_RS()1521 icmp_packet.code=01522 icmp_packet.res=01523 icmp_options=ICMPv6NDOptMTU()1524 icmp_options.mtu=01525 final_packet=ip_packet/icmp_packet/icmp_options1526 test6_packets.append(final_packet)1527 # TEST 421528 test6_ids.append("ICMP_NI_Query_0")1529 test6_descriptions.append("ICMP/NI Query NOOP/Dst=target/IMCP Code=1, Payload='.' (root) in DNS format")1530 ip_packet=build_default_ipv6(target)1531 icmp_packet=ICMPv6NIQueryNOOP()1532 icmp_packet.code=1 # RFC: On transmission, the ICMPv6 Code in a NOOP Query must be set to 11533 icmp_packet.qtype=0 # Qtype=NOOP1534 icmp_packet.flags=01535 icmp_packet.nonce='\x01\x02\x03\x04\x05\x06\x07\x08'1536 icmp_packet.unused=01537 icmp_packet.data='\x00'1538 final_packet=ip_packet/icmp_packet1539 test6_packets.append(final_packet)1540 # TEST 431541 test6_ids.append("ICMP_NI_Query_1")1542 test6_descriptions.append("ICMP/NI Query NOOP/Dst=target/IMCP Code=1, Payload=localhost (in DNS format)")1543 ip_packet=build_default_ipv6(target)1544 icmp_packet=ICMPv6NIQueryNOOP()1545 icmp_packet.code=1 # RFC: On transmission, the ICMPv6 Code in a NOOP Query must be set to 11546 icmp_packet.qtype=0 # Qtype=NOOP1547 icmp_packet.flags=01548 icmp_packet.nonce='x02\x03\x04\x05\x06\x07\x08\x09'1549 icmp_packet.unused=01550 icmp_packet.data="\x09localhost\x00"1551 final_packet=ip_packet/icmp_packet1552 test6_packets.append(final_packet)1553 # TEST 441554 test6_ids.append("ICMP_NI_Query_2")1555 test6_descriptions.append("ICMP/NI Query NOOP/Dst=target/IMCP Code=1, Payload=Bogus DNS formatted name (label length>63)")1556 ip_packet=build_default_ipv6(target)1557 icmp_packet=ICMPv6NIQueryNOOP()1558 icmp_packet.code=1 # RFC: On transmission, the ICMPv6 Code in a NOOP Query must be set to 11559 icmp_packet.qtype=0 # Qtype=NOOP1560 icmp_packet.flags=01561 icmp_packet.nonce='\x03\x04\x05\x06\x07\x08\x09\x0A'1562 icmp_packet.unused=01563 icmp_packet.data="\x40"+"0123456789012345678901234567890123456789012345678901234567890123"+"\x00"1564 final_packet=ip_packet/icmp_packet1565 test6_packets.append(final_packet)1566 # TEST 451567 test6_ids.append("ICMP_NI_Query_3")1568 test6_descriptions.append("ICMP/NI Query NOOP/Dst=target/IMCP Code=1, Payload=Bogus DNS formatted name (Characters missing)")1569 ip_packet=build_default_ipv6(target)1570 icmp_packet=ICMPv6NIQueryNOOP()1571 icmp_packet.code=1 # RFC: On transmission, the ICMPv6 Code in a NOOP Query must be set to 11572 icmp_packet.qtype=0 # Qtype=NOOP1573 icmp_packet.flags=01574 icmp_packet.nonce='\x04\x05\x06\x07\x08\x09\x0A\x0B'1575 icmp_packet.unused=01576 icmp_packet.data="\x3F"+"01234567890"+"\x00" # Wireshark reports "Malformed ICMPv6"1577 final_packet=ip_packet/icmp_packet1578 test6_packets.append(final_packet)1579 # TEST 461580 test6_ids.append("ICMP_NI_Query_4")1581 test6_descriptions.append("ICMP/NI Query NOOP/Dst=target/IMCP Code=0, Subject Addr=::0")1582 ip_packet=build_default_ipv6(target)1583 icmp_packet=ICMPv6NIQueryNOOP()1584 icmp_packet.code=0 # This is forbidden by RFC 46201585 icmp_packet.qtype=0 # Qtype=NOOP1586 icmp_packet.flags=01587 icmp_packet.nonce='\x05\x06\x07\x08\x09\x0A\x0B\x0C'1588 icmp_packet.unused=01589 icmp_packet.data='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'1590 final_packet=ip_packet/icmp_packet1591 test6_packets.append(final_packet)1592 # TEST 471593 test6_ids.append("ICMP_NI_Query_5")1594 test6_descriptions.append("ICMP/NI Query NOOP/Dst=target/IMCP Code=0, Subject Addr=target's")1595 ip_packet=build_default_ipv6(target)1596 icmp_packet=ICMPv6NIQueryNOOP()1597 icmp_packet.code=0 # IPv6 Address. Using this in NOOP is forbidden by RFC 46201598 icmp_packet.qtype=0 # Qtype=NOOP1599 icmp_packet.flags=01600 icmp_packet.nonce='\x06\x07\x08\x09\x0A\x0B\x0C\x0D'1601 icmp_packet.unused=01602 icmp_packet.data=target1603 final_packet=ip_packet/icmp_packet1604 test6_packets.append(final_packet)1605 # TEST 481606 test6_ids.append("ICMP_NI_Query_6")1607 test6_descriptions.append("ICMP/NI Query NOOP/Dst=target/IMCP Code=0xAB (unknown), Payload=0x00")1608 ip_packet=build_default_ipv6(target)1609 icmp_packet=ICMPv6NIQueryNOOP()1610 icmp_packet.code=0xAB # This one is also forbidden by RFC 46201611 icmp_packet.qtype=0 # Qtype=NOOP1612 icmp_packet.flags=01613 icmp_packet.nonce='\x07\x08\x09\x0A\x0B\x0C\x0D\x0E'1614 icmp_packet.unused=01615 icmp_packet.data='\x00'1616 final_packet=ip_packet/icmp_packet1617 test6_packets.append(final_packet)1618 # TEST 491619 test6_ids.append("ICMP_NI_Query_7")1620 test6_descriptions.append("ICMP/NI Query Unused/Dst=target/IMCP Code=1, Payload=localhost")1621 ip_packet=build_default_ipv6(target)1622 icmp_packet=ICMPv6NIQueryNOOP()1623 icmp_packet.code=1 # DNS name1624 icmp_packet.qtype=1 # Qtype=Unused1625 icmp_packet.flags=01626 icmp_packet.nonce='\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F'1627 icmp_packet.unused=01628 icmp_packet.data="\x09localhost\x00"1629 final_packet=ip_packet/icmp_packet1630 test6_packets.append(final_packet)1631 # TEST 501632 test6_ids.append("ICMP_NI_Query_8")1633 test6_descriptions.append("ICMP/NI Query Unused/Dst=target/IMCP Code=0, Payload=target's addr")1634 ip_packet=build_default_ipv6(target)1635 icmp_packet=ICMPv6NIQueryNOOP()1636 icmp_packet.code=0 # IPv6 Address1637 icmp_packet.qtype=1 # Qtype=Unused1638 icmp_packet.flags=01639 icmp_packet.nonce='\x09\x0A\x0B\x0C\x0D\x0E\x0F\x00'1640 icmp_packet.unused=01641 icmp_packet.data=target1642 final_packet=ip_packet/icmp_packet1643 test6_packets.append(final_packet)1644 # TEST 511645 test6_ids.append("ICMP_NI_Query_9")1646 test6_descriptions.append("ICMP/NI Query Node Name/Dst=target/IMCP Code=1, Name=localhost")1647 ip_packet=build_default_ipv6(target)1648 icmp_packet=ICMPv6NIQueryName()1649 icmp_packet.code=1 # DNS Name1650 icmp_packet.qtype=2 # Qtype=Query Name1651 icmp_packet.flags=01652 icmp_packet.nonce='\x0A\x0B\x0C\x0D\x0E\x0F\x00\x01'1653 icmp_packet.unused=01654 icmp_packet.data="\x09localhost\x00"1655 final_packet=ip_packet/icmp_packet1656 test6_packets.append(final_packet)1657 # TEST 521658 test6_ids.append("ICMP_NI_Query_10")1659 test6_descriptions.append("ICMP/NI Query Node Name/Dst=target/IMCP Code=0, Addr=target's")1660 ip_packet=build_default_ipv6(target)1661 icmp_packet=ICMPv6NIQueryName()1662 icmp_packet.code=0 # IPv6 Addr1663 icmp_packet.qtype=2 # Qtype=Query Name1664 icmp_packet.flags=01665 icmp_packet.nonce='\x0C\x0D\x0E\x0F\x00\x01\x02\x03'1666 icmp_packet.unused=01667 icmp_packet.data=target1668 final_packet=ip_packet/icmp_packet1669 test6_packets.append(final_packet)1670 # TEST 531671 test6_ids.append("ICMP_NI_Query_11")1672 test6_descriptions.append("ICMP/NI Query Node Addresses IPv6/Dst=target/IMCP Code=0, Addr=target's, Flags=All addresses")1673 ip_packet=build_default_ipv6(target)1674 icmp_packet=ICMPv6NIQueryIPv6()1675 icmp_packet.code=0 # IPv6 Addr1676 icmp_packet.qtype=3 # Qtype=Node Addresses (IPv6)1677 icmp_packet.flags='ACLSG'1678 icmp_packet.nonce='\x0D\x0E\x0F\x00\x01\x02\x03\x04'1679 icmp_packet.unused=01680 icmp_packet.data=target1681 final_packet=ip_packet/icmp_packet1682 test6_packets.append(final_packet)1683 # TEST 541684 test6_ids.append("ICMP_NI_Query_12")1685 test6_descriptions.append("ICMP/NI Query Node Addresses IPv6/Dst=target/IMCP Code=0, Addr=target's, Flags=None")1686 ip_packet=build_default_ipv6(target)1687 icmp_packet=ICMPv6NIQueryIPv6()1688 icmp_packet.code=0 # IPv6 Addr1689 icmp_packet.qtype=3 # Qtype=Node Addresses (IPv6)1690 icmp_packet.flags=01691 icmp_packet.nonce='\x0E\x0F\x00\x01\x02\x03\x04\x05'1692 icmp_packet.unused=01693 icmp_packet.data=target1694 final_packet=ip_packet/icmp_packet1695 test6_packets.append(final_packet)1696 # TEST 551697 test6_ids.append("ICMP_NI_Query_13")1698 test6_descriptions.append("ICMP/NI Query Node Addresses IPv6/Dst=target/IMCP Code=0, Name=localhost, Flags=All")1699 ip_packet=build_default_ipv6(target)1700 icmp_packet=ICMPv6NIQueryIPv6()1701 icmp_packet.code=1 # DNS Name1702 icmp_packet.qtype=3 # Qtype=Node Addresses (IPv6)1703 icmp_packet.flags='ACLSG'1704 icmp_packet.nonce='\x0F\x00\x01\x02\x03\x04\x05\x06'1705 icmp_packet.unused=01706 icmp_packet.data="\x09localhost\x00"1707 final_packet=ip_packet/icmp_packet1708 test6_packets.append(final_packet)1709 # TEST 561710 test6_ids.append("ICMP_NI_Query_14")1711 test6_descriptions.append("ICMP/NI Query Node Addresses IPv4/Dst=target/IMCP Code=0, Name=localhost, Flags='A'")1712 ip_packet=build_default_ipv6(target)1713 icmp_packet=ICMPv6NIQueryIPv4()1714 icmp_packet.code=1 # DNS Name1715 icmp_packet.qtype=4 # Qtype=IPv4 Addresses1716 icmp_packet.flags='A'1717 icmp_packet.nonce='\x00\x01\x02\x03\x04\x05\x06\x07'1718 icmp_packet.unused=01719 icmp_packet.data="\x09localhost\x00"1720 final_packet=ip_packet/icmp_packet1721 test6_packets.append(final_packet)1722 # TEST 571723 test6_ids.append("ICMP_NI_Query_15")1724 test6_descriptions.append("ICMP/NI Query Node Addresses IPv4/Dst=target/IMCP Code=0, Addr=target's, Flags='A'")1725 ip_packet=build_default_ipv6(target)1726 icmp_packet=ICMPv6NIQueryIPv4()1727 icmp_packet.code=0 # IPv6 Addr1728 icmp_packet.qtype=4 # Qtype=IPv4 Addresses1729 icmp_packet.flags='A'1730 icmp_packet.nonce='\x01\x02\x03\x04\x05\x06\x07\x0A'1731 icmp_packet.unused=01732 icmp_packet.data=target1733 final_packet=ip_packet/icmp_packet1734 test6_packets.append(final_packet)1735 # TEST 581736 test6_ids.append("ICMP_NI_Query_16")1737 test6_descriptions.append("ICMP/NI Query Bogus Op code/Dst=target/IMCP Code=0, Addr=target's")1738 ip_packet=build_default_ipv6(target)1739 icmp_packet=ICMPv6NIQueryNOOP()1740 icmp_packet.code=0 # IPv6 Addr1741 icmp_packet.qtype=0xCAFE # Qtype=Bogus1742 icmp_packet.flags='A'1743 icmp_packet.nonce='\x01\x02\x03\x04\x05\x06\x07\x0B'1744 icmp_packet.unused=01745 icmp_packet.data=target1746 final_packet=ip_packet/icmp_packet1747 test6_packets.append(final_packet)1748 # TEST 591749 test6_ids.append("ICMP_NI_Query_17")1750 test6_descriptions.append("ICMP/NI Query Bogus Op code/Dst=target/IMCP Code=Bogus")1751 ip_packet=build_default_ipv6(target)1752 icmp_packet=ICMPv6NIQueryNOOP()1753 icmp_packet.code=0xFB # Bogus1754 icmp_packet.qtype=0xCAFE # Qtype=Bogus1755 icmp_packet.flags='A'1756 icmp_packet.nonce='\x01\x02\x03\x04\x05\x06\x07\x0C'1757 icmp_packet.unused=01758 icmp_packet.data=target1759 final_packet=ip_packet/icmp_packet1760 test6_packets.append(final_packet)1761 ################################1762 # IPv6 EXTENSION HEADERS TESTS #1763 ################################1764 # TEST 601765 test6_ids.append("ICMP_ExtHdrs_0")1766 test6_descriptions.append("IPv6/ExtHdr DestOpts {Opts Empty} /TCP SYN")1767 ip_packet=build_default_ipv6(target)1768 ext_hdr=IPv6ExtHdrDestOpt()1769 tcp_packet=build_default_tcp()1770 tcp_packet.dport=open_port_g1771 tcp_packet.sport=get_source_port_number()1772 tcp_packet.flags='S'1773 final_packet=ip_packet/ext_hdr/tcp_packet1774 test6_packets.append(final_packet)1775 # TEST 611776 test6_ids.append("ICMP_ExtHdrs_1")1777 test6_descriptions.append("IPv6/ExtHdr DestOpts {Opts Empty} / No next Header")1778 ip_packet=build_default_ipv6(target)1779 ext_hdr=IPv6ExtHdrDestOpt()1780 ext_hdr.nh=59 # No Next HEader1781 final_packet=ip_packet/ext_hdr1782 test6_packets.append(final_packet)1783 # TEST 621784 test6_ids.append("ICMP_ExtHdrs_2")1785 test6_descriptions.append("IPv6/ExtHdr DestOpts {Opts Empty} / NextHeader=TCP but no TCP packet present")1786 ip_packet=build_default_ipv6(target)1787 ext_hdr=IPv6ExtHdrDestOpt()1788 ext_hdr.nh=6 # TCP1789 final_packet=ip_packet/ext_hdr1790 test6_packets.append(final_packet)1791 # TEST 631792 test6_ids.append("ICMP_ExtHdrs_3")1793 test6_descriptions.append("IPv6/ExtHdr DestOpts {Option HAO (addr=target's)} / NextHeader=TCP SYN")1794 ip_packet=build_default_ipv6(target)1795 opt=HAO()1796 opt.hoa=target1797 ext_hdr=IPv6ExtHdrDestOpt(options=[opt])1798 ext_hdr.nh=6 # TCP1799 tcp_packet=build_default_tcp()1800 tcp_packet.dport=open_port_g1801 tcp_packet.sport=get_source_port_number()1802 tcp_packet.flags='S'1803 final_packet=ip_packet/ext_hdr/tcp_packet1804 test6_packets.append(final_packet)1805 # TEST 641806 test6_ids.append("ICMP_ExtHdrs_4")1807 test6_descriptions.append("IPv6/ExtHdr DestOpts {Unrecognized option 0x80} / NextHeader=TCP SYN")1808 ip_packet=build_default_ipv6(target)1809 ip_packet.nh=60 # Dest Opts1810 opt='\x06' # Next Header=TCP1811 opt=opt+'\x01' # Header extension length=1 group of 8 octets (the first 8 are included)1812 opt=opt+'\x01\x04\x00\x00\x00\x00' # Padding option (4 NULL bytes of padding)1813 opt=opt+'\x80\x06\xAB\xCD\xAB\xCD\xAB\xCD' # Unknown option whose first two bits are1814 # "10" so the receiver sends an ICMP error msg.1815 tcp_packet=build_default_tcp()1816 tcp_packet.dport=open_port_g1817 tcp_packet.sport=get_source_port_number()1818 tcp_packet.flags='S'1819 # NOTE: Scapy does not generate a valid TCP sum for this test, but it1820 # shouldn't matter because the packet should be discarded at the network1821 # layer (due to the unknown option).1822 final_packet=ip_packet/opt/tcp_packet1823 test6_packets.append(final_packet)1824 # TEST 651825 test6_ids.append("ICMP_ExtHdrs_5")1826 test6_descriptions.append("IPv6/ExtHdr Hop-by-Hop {Option Router Alert (MLD)} / NextHeader=TCP SYN")1827 ip_packet=build_default_ipv6(target)1828 opt=RouterAlert()1829 opt.value=0 # Datagram contains a Multicast Listener Discovery Message1830 ext_hdr=IPv6ExtHdrHopByHop(options=[opt])1831 ext_hdr.nh=6 # TCP1832 tcp_packet=build_default_tcp()1833 tcp_packet.dport=open_port_g1834 tcp_packet.sport=get_source_port_number()1835 tcp_packet.flags='S'1836 final_packet=ip_packet/ext_hdr/tcp_packet1837 test6_packets.append(final_packet)1838 # TEST 661839 test6_ids.append("ICMP_ExtHdrs_6")1840 test6_descriptions.append("IPv6/ExtHdr Hop-by-Hop {Option Router Alert (MLD)} / NextHeader=ICMPv6 MLD Query")1841 ip_packet=build_default_ipv6(target)1842 opt=RouterAlert()1843 opt.value=0 # Datagram contains a Multicast Listener Discovery Message1844 ext_hdr=IPv6ExtHdrHopByHop(options=[opt])1845 ext_hdr.nh=58 # ICMPv61846 icmp_packet=ICMPv6MLQuery()1847 #icmp_packet.mladdr= How can I set this?1848 final_packet=ip_packet/ext_hdr/icmp_packet1849 test6_packets.append(final_packet)1850 # TEST 671851 test6_ids.append("ICMP_ExtHdrs_7")1852 test6_descriptions.append("IPv6/ExtHdr Hop-by-Hop {Option Router Alert (RSVP)} / NextHeader=TCP SYN")1853 ip_packet=build_default_ipv6(target)1854 opt=RouterAlert()1855 opt.value=1 # Datagram contains RSVP message.1856 ext_hdr=IPv6ExtHdrHopByHop(options=[opt])1857 ext_hdr.nh=6 # TCP1858 tcp_packet=build_default_tcp()1859 tcp_packet.dport=open_port_g1860 tcp_packet.sport=get_source_port_number()1861 tcp_packet.flags='S'1862 final_packet=ip_packet/ext_hdr/tcp_packet1863 test6_packets.append(final_packet)1864 # TEST 681865 test6_ids.append("ICMP_ExtHdrs_8")1866 test6_descriptions.append("IPv6/ExtHdr Hop-by-Hop {Option Router Alert (RSVP)} / NextHeader=RSVP PATH message")1867 ip_packet=build_default_ipv6(target)1868 opt=RouterAlert()1869 opt.value=1 # Datagram contains RSVP message.1870 ext_hdr=IPv6ExtHdrHopByHop(options=[opt])1871 ext_hdr.nh=46 # RSVP1872 # This payload was taken from:1873 # http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=rsvp-PATH-RESV.pcap1874 # It contains hard coded values that don't apply to our target, but at1875 # least is a valid payload.1876 payload='\x10\x01\x0a\x55\xfe\x00\x00\x88\x00\x0c\x01\x01\x0a\x01\x0c\x01'+\1877 '\x11\x00\x40\x04\x00\x0c\x03\x01\x0a\x01\x0c\x02\x08\x00\x04\x03'+\1878 '\x00\x08\x05\x01\x00\x00\x75\x30\x00\x0c\x0b\x01\x0a\x01\x18\x04'+\1879 '\x00\x00\x40\x04\x00\x24\x0c\x02\x00\x00\x00\x07\x01\x00\x00\x06'+\1880 '\x7f\x00\x00\x05\x45\xbb\x80\x00\x45\xbb\x80\x00\x45\xbb\x80\x00'+\1881 '\x00\x00\x00\x00\x7f\xff\xff\xff\x00\x30\x0d\x02\x00\x00\x00\x0a'+\1882 '\x01\x00\x00\x08\x04\x00\x00\x01\x00\x00\x00\x02\x06\x00\x00\x01'+\1883 '\x49\x98\x96\x80\x08\x00\x00\x01\x00\x00\x00\x00\x0a\x00\x00\x01'+\1884 '\x00\x00\x05\xdc\x05\x00\x00\x00'1885 final_packet=ip_packet/ext_hdr/payload1886 test6_packets.append(final_packet)1887 # TEST 691888 test6_ids.append("ICMP_ExtHdrs_9")1889 test6_descriptions.append("IPv6/ExtHdr Hop-by-Hop {Option Router Alert (Active Networks)} / NextHeader=TCP SYN")1890 ip_packet=build_default_ipv6(target)1891 opt=RouterAlert()1892 opt.value=2 # Datagram contains an Active Networks message.1893 ext_hdr=IPv6ExtHdrHopByHop(options=[opt])1894 ext_hdr.nh=6 # TCP1895 tcp_packet=build_default_tcp()1896 tcp_packet.dport=open_port_g1897 tcp_packet.sport=get_source_port_number()1898 tcp_packet.flags='S'1899 final_packet=ip_packet/ext_hdr/tcp_packet1900 test6_packets.append(final_packet)1901 # TEST 701902 test6_ids.append("ICMP_ExtHdrs_10")1903 test6_descriptions.append("IPv6 Next Header=Routing Hdr but no header present.")1904 ip_packet=build_default_ipv6(target)1905 ip_packet.nh=43 # 0=Hop by Hop extension header1906 final_packet=ip_packet1907 test6_packets.append(final_packet)1908 # TEST 711909 test6_ids.append("ICMP_ExtHdrs_11")1910 test6_descriptions.append("IPv6 Next Header=Hop-by-Hop but no header present.")1911 ip_packet=build_default_ipv6(target)1912 ip_packet.nh=0 # 0=Hop by Hop extension header1913 final_packet=ip_packet1914 test6_packets.append(final_packet)1915 # TEST 721916 test6_ids.append("ICMP_ExtHdrs_12")1917 test6_descriptions.append("IPv6/ExtHdr Hop-by-Hop Wrong length")1918 ip_packet=build_default_ipv6(target)1919 opt=RouterAlert()1920 opt.value=2 # Datagram contains an Active Networks message.1921 ext_hdr=IPv6ExtHdrHopByHop(options=[opt])1922 ext_hdr.nh=6 # TCP1923 ext_hdr.len=32 # (264 bytes)1924 tcp_packet=build_default_tcp()1925 tcp_packet.dport=open_port_g1926 tcp_packet.sport=get_source_port_number()1927 tcp_packet.flags='S'1928 final_packet=ip_packet/ext_hdr/tcp_packet1929 test6_packets.append(final_packet)1930 # TEST 731931 test6_ids.append("ICMP_ExtHdrs_13")1932 test6_descriptions.append("IPv6/ExtHdr Hop-by-Hop Wrong length (datagram contains 4 bytes more than it says)")1933 ip_packet=build_default_ipv6(target)1934 ip_packet.plen=81935 opt=RouterAlert()1936 opt.value=2 # Datagram contains an Active Networks message.1937 ext_hdr=IPv6ExtHdrHopByHop(options=[opt])1938 ext_hdr.nh=59 # No Next Header1939 final_packet=ip_packet/ext_hdr/'\xDE\xAD\xBE\xEF'1940 test6_packets.append(final_packet)1941 # TEST 741942 test6_ids.append("ICMP_ExtHdrs_14")1943 test6_descriptions.append("IPv6/ExtHdr Hop-by-Hop Wrong length (datagram contains 400 bytes more than it says)")1944 ip_packet=build_default_ipv6(target)1945 ip_packet.plen=81946 opt=RouterAlert()1947 opt.value=2 # Datagram contains an Active Networks message.1948 ext_hdr=IPv6ExtHdrHopByHop(options=[opt])1949 ext_hdr.nh=59 # No Next Header1950 final_packet=ip_packet/ext_hdr/('\xDD\xAA\xBE\xEF'*100)1951 test6_packets.append(final_packet)1952 # TEST 751953 test6_ids.append("ICMP_ExtHdrs_15")1954 test6_descriptions.append("IPv6/ExtHdr Hop-by-Hop Wrong length (datagram contains 4 bytes less than it says)")1955 ip_packet=build_default_ipv6(target)1956 ip_packet.plen=161957 opt=RouterAlert()1958 opt.value=2 # Datagram contains an Active Networks message.1959 ext_hdr=IPv6ExtHdrHopByHop(options=[opt])1960 ext_hdr.nh=59 # No Next Header1961 final_packet=ip_packet/ext_hdr/'\xFE\xED\xCA\xFE'1962 test6_packets.append(final_packet)1963 # TEST 761964 test6_ids.append("ICMP_ExtHdrs_16")1965 test6_descriptions.append("IPv6/ExtHdr Hop-by-Hop Wrong length (datagram contains 400 bytes less than it says)")1966 ip_packet=build_default_ipv6(target)1967 ip_packet.plen=4121968 opt=RouterAlert()1969 opt.value=2 # Datagram contains an Active Networks message.1970 ext_hdr=IPv6ExtHdrHopByHop(options=[opt])1971 ext_hdr.nh=59 # No Next Header1972 final_packet=ip_packet/ext_hdr/'\xFE\xED\xCD\xFD'1973 test6_packets.append(final_packet)1974 # TEST 771975 test6_ids.append("ICMP_ExtHdrs_17")1976 test6_descriptions.append("IPv6/ExtHdr Hop-by-Hop with 6 PAD1/ICMPv6 Echo Request/Payload=150B")1977 ip_packet=build_default_ipv6(target)1978 ip_packet.nh=0 # Hop by hop1979 ext_hdr='\x3A\x00\x00\x00\x00\x00\x00\x00' # NH=ICMPv6 followed by six PAD11980 icmp_packet=build_default_icmpv6()1981 icmp_packet.seq=get_icmp_seq_number()1982 icmp_packet.data="\xBA"*1501983 final_packet=ip_packet/ext_hdr/icmp_packet1984 test6_packets.append(final_packet)1985 # TEST 781986 test6_ids.append("ICMP_ExtHdrs_18")1987 test6_descriptions.append("IPv6/Two hop-by-hop extension headers/ICMPv6 Echo Request/Payload=150B")1988 ip_packet=build_default_ipv6(target)1989 ip_packet.nh=0 # Hop by hop1990 ext_hdr='\x00\x00\x00\x00\x00\x00\x00\x00' # NH=HopByHop followed by six PAD11991 ext_hdr2='\x3A\x00\x00\x00\x00\x00\x00\x00' # NH=ICMPv6 followed by six PAD11992 icmp_packet=build_default_icmpv6()1993 icmp_packet.seq=get_icmp_seq_number()1994 icmp_packet.data="\xBB"*1501995 final_packet=ip_packet/ext_hdr/ext_hdr2/icmp_packet1996 test6_packets.append(final_packet)1997 # TEST 791998 test6_ids.append("ICMP_ExtHdrs_19")1999 test6_descriptions.append("IPv6/128 hop-by-hop extension headers/ICMPv6 Echo Request/Payload=150B")2000 ip_packet=build_default_ipv6(target)2001 ip_packet.nh=0 # Hop by hop2002 extension_hdr=''2003 ext_hdr_1='\x00\x00\x00\x00\x00\x00\x00\x00' # NH=HopByHop followed by six PAD12004 for i in range(0, 127) :2005 extension_hdr=extension_hdr+ext_hdr_12006 ext_hdr_2='\x3A\x00\x00\x00\x00\x00\x00\x00' # NH=ICMPv6 followed by six PAD12007 extension_hdr=extension_hdr+ext_hdr_22008 icmp_packet=build_default_icmpv6()2009 icmp_packet.seq=get_icmp_seq_number()2010 icmp_packet.data="\xBC"*1502011 final_packet=ip_packet/extension_hdr/icmp_packet2012 test6_packets.append(final_packet)2013 # TEST 802014 test6_ids.append("ICMP_ExtHdrs_20")2015 test6_descriptions.append("IPv6/ExtHdr Destination with 6 PAD1/ICMPv6 Echo Request/Payload=150B")2016 ip_packet=build_default_ipv6(target)2017 ip_packet.nh=0x3c # Destination Options2018 ext_hdr='\x3A\x00\x00\x00\x00\x00\x00\x00' # NH=ICMPv6 followed by six PAD12019 icmp_packet=build_default_icmpv6()2020 icmp_packet.seq=get_icmp_seq_number()2021 icmp_packet.data="\xBD"*1502022 final_packet=ip_packet/ext_hdr/icmp_packet2023 test6_packets.append(final_packet)2024 # TEST 812025 test6_ids.append("ICMP_ExtHdrs_21")2026 test6_descriptions.append("IPv6/Two Destination extension headers/ICMPv6 Echo Request/Payload=150B")2027 ip_packet=build_default_ipv6(target)2028 ip_packet.nh=0x3c # Destination Options2029 ext_hdr='\x3C\x00\x00\x00\x00\x00\x00\x00' # NH=DestOps followed by six PAD12030 ext_hdr2='\x3A\x00\x00\x00\x00\x00\x00\x00' # NH=ICMPv6 followed by six PAD12031 icmp_packet=build_default_icmpv6()2032 icmp_packet.seq=get_icmp_seq_number()2033 icmp_packet.data="\xBE"*1502034 final_packet=ip_packet/ext_hdr/ext_hdr2/icmp_packet2035 test6_packets.append(final_packet)2036 # TEST 822037 test6_ids.append("ICMP_ExtHdrs_22")2038 test6_descriptions.append("IPv6/128 Destination extension headers/ICMPv6 Echo Request/Payload=150B")2039 ip_packet=build_default_ipv6(target)2040 ip_packet.nh=0x3c # Destination Options2041 extension_hdr=''2042 ext_hdr_1='\x3C\x00\x00\x00\x00\x00\x00\x00' # NH=DestOps followed by six PAD12043 for i in range(0, 127) :2044 extension_hdr=extension_hdr+ext_hdr_12045 ext_hdr_2='\x3A\x00\x00\x00\x00\x00\x00\x00' # NH=ICMPv6 followed by six PAD12046 extension_hdr=extension_hdr+ext_hdr_22047 icmp_packet=build_default_icmpv6()2048 icmp_packet.seq=get_icmp_seq_number()2049 icmp_packet.data="\xBF"*1502050 final_packet=ip_packet/extension_hdr/icmp_packet2051 test6_packets.append(final_packet)2052 # TEST 832053 test6_ids.append("ICMP_ExtHdrs_23")2054 test6_descriptions.append("IPv6/Fragmented ICMPv6 Echo Request/Payload=1500B, First Datagram PLEN=1440. (Two packets sent!)")2055 ip_packet=build_default_ipv6(target)2056 frag_hdr=IPv6ExtHdrFragment()2057 icmp_packet=build_default_icmpv6()2058 icmp_packet.seq=get_icmp_seq_number()2059 icmp_packet.data="\xC0"*15002060 final_packet=ip_packet/frag_hdr/icmp_packet2061 finals=fragment6(final_packet, fragSize=1480)2062 test6_packets.append(finals)2063 # TEST 842064 test6_ids.append("ICMP_ExtHdrs_24")2065 test6_descriptions.append("IPv6/Fragmented ICMPv6 Echo Request/Payload=1500B, First Datagram PLEN=520. (Three packets sent)")2066 ip_packet=build_default_ipv6(target)2067 frag_hdr=IPv6ExtHdrFragment()2068 icmp_packet=build_default_icmpv6()2069 icmp_packet.seq=get_icmp_seq_number()2070 icmp_packet.data="\xAA"*504 + "\xBB"*512 + "\xCC"*4842071 final_packet=ip_packet/frag_hdr/icmp_packet2072 finals=fragment6(final_packet, fragSize=560)2073 test6_packets.append(finals)2074 # The two following tests produce a deprecation warning. This will prevent2075 # the warnings from being printed.2076 warnings.filterwarnings("ignore", category=DeprecationWarning)2077 # TEST 852078 test6_ids.append("ICMP_ExtHdrs_25")2079 test6_descriptions.append("IPv6/Fragmented ICMPv6 Echo Request/Payload=65535B, PLEN=1440. (46 packets sent)")2080 ip_packet=build_default_ipv6(target)2081 frag_hdr=IPv6ExtHdrFragment()2082 icmp_packet=build_default_icmpv6()2083 icmp_packet.seq=get_icmp_seq_number()2084 icmp_packet.data="\xDD"*65000 # This used to equal 65535 but since it fails in Python>=2.7, it was changed to 650012085 final_packet=ip_packet/frag_hdr/icmp_packet2086 finals=fragment6(final_packet, fragSize=1480)2087 test6_packets.append(finals)2088 # TEST 862089 test6_ids.append("ICMP_ExtHdrs_26")2090 test6_descriptions.append("IPv6/Fragmented ICMPv6 Echo Request/Payload=65800B (>65535), PLEN=1440. (46 packets sent)")2091 ip_packet=build_default_ipv6(target)2092 frag_hdr=IPv6ExtHdrFragment()2093 icmp_packet=build_default_icmpv6()2094 icmp_packet.seq=get_icmp_seq_number()2095 icmp_packet.data="\xEE"*65001 # This used to equal 65800 but since it fails in Python>=2.7, it was changed to 650012096 final_packet=ip_packet/frag_hdr/icmp_packet2097 finals=fragment6(final_packet, fragSize=1480)2098 test6_packets.append(finals)2099 # Clear the warning filter list, so the rest of warnings (if they exist)2100 # get printed out.2101 warnings.resetwarnings()2102 # TEST 872103 test6_ids.append("ICMP_ExtHdrs_27")2104 test6_descriptions.append("IPv6/Fragmented packet that overlaps from the start. Both fragments are ICMP Echo Requests but differ on their payload")2105 ip_packet_1=build_default_ipv6(target)2106 frag_hdr_1=IPv6ExtHdrFragment()2107 frag_hdr_1.m=12108 frag_hdr_1.offset=02109 frag_hdr_1.id=0x123456782110 icmp_packet_1=build_default_icmpv6()2111 icmp_packet_1.seq=get_icmp_seq_number()2112 icmp_packet_1.data="\xFF"*1282113 final_packet_1=ip_packet_1/frag_hdr_1/icmp_packet_12114 ip_packet_2=build_default_ipv6(target)2115 frag_hdr_2=IPv6ExtHdrFragment()2116 frag_hdr_2.m=02117 frag_hdr_2.offset=02118 frag_hdr_2.id=0x123456782119 icmp_packet_2=build_default_icmpv6()2120 icmp_packet_2.seq=get_icmp_seq_number()2121 icmp_packet_2.data="\x01"*1282122 final_packet_2=ip_packet_2/frag_hdr_2/icmp_packet_22123 finals=[final_packet_1, final_packet_2]2124 test6_packets.append(finals)2125 # TEST 882126 test6_ids.append("ICMP_ExtHdrs_28")2127 test6_descriptions.append("IPv6/Fragmented packet that overlaps from byte #8. ICMP EchoReq overwritten. Payload cksum collision.")2128 ip_packet_1=build_default_ipv6(target)2129 frag_hdr_1=IPv6ExtHdrFragment()2130 frag_hdr_1.m=12131 frag_hdr_1.offset=02132 frag_hdr_1.id=0x345678122133 frag_hdr_1.nh=58 # ICMPv62134 icmp_packet_1=build_default_icmpv6()2135 icmp_packet_1.seq=get_icmp_seq_number()2136 icmp_packet_1.data="\x00\x00\xFF\xFF"*102137 final_packet_1=ip_packet_1/frag_hdr_1/icmp_packet_12138 ip_packet_2=build_default_ipv6(target)2139 frag_hdr_2=IPv6ExtHdrFragment()2140 frag_hdr_2.m=02141 frag_hdr_2.offset=1 # 1=8 octets2142 frag_hdr_2.id=0x345678122143 frag_hdr_2.nh=58 # ICMPv62144 payload="\xFF\xFF\x00\x00"*10 # Checksum collision (sabe cksum as "\x00\x00\xFF\xFF"*10 )2145 final_packet_2=ip_packet_2/frag_hdr_2/payload2146 finals_t88=[final_packet_1, final_packet_2]2147 test6_packets.append(finals_t88)2148 # TEST 892149 test6_ids.append("ICMP_ExtHdrs_29")2150 test6_descriptions.append("IPv6/Fragmented packet that overlaps from byte #8. ICMP EchoReq overwritten. Payload cksum collision. (send last first)")2151 finals_t89=[final_packet_2, final_packet_1]2152 test6_packets.append(finals_t89)2153 # TEST 902154 test6_ids.append("ICMP_ExtHdrs_30")2155 test6_descriptions.append("IPv6/Hop-by-hop/DestOpts/Routing/ICMPv6 Echo request")2156 ip_packet=build_default_ipv6(target)2157 ext_1=IPv6ExtHdrHopByHop()2158 ext_2=IPv6ExtHdrDestOpt()2159 ext_3=IPv6ExtHdrRouting()2160 icmp_packet=build_default_icmpv6()2161 icmp_packet.seq=get_icmp_seq_number()2162 icmp_packet.data="\x02"*162163 final_packet=ip_packet/ext_1/ext_2/ext_3/icmp_packet2164 test6_packets.append(final_packet)2165 # TEST 912166 test6_ids.append("ICMP_ExtHdrs_31")2167 test6_descriptions.append("IPv6/Hop-by-hop/Routing/DestOpts/ICMPv6 Echo request (Headers ordered incorrectly, I)")2168 ip_packet=build_default_ipv6(target)2169 ext_1=IPv6ExtHdrHopByHop()2170 ext_2=IPv6ExtHdrDestOpt()2171 ext_3=IPv6ExtHdrRouting()2172 icmp_packet=build_default_icmpv6()2173 icmp_packet.seq=get_icmp_seq_number()2174 icmp_packet.data="\x03"*162175 final_packet=ip_packet/ext_1/ext_3/ext_2/icmp_packet2176 test6_packets.append(final_packet)2177 # TEST 922178 test6_ids.append("ICMP_ExtHdrs_32")2179 test6_descriptions.append("IPv6/DestOpts/Routing/Hop-by-hop/ICMPv6 Echo request (Headers ordered incorrectly, II)")2180 ip_packet=build_default_ipv6(target)2181 ext_1=IPv6ExtHdrHopByHop()2182 ext_2=IPv6ExtHdrDestOpt()2183 ext_3=IPv6ExtHdrRouting()2184 icmp_packet=build_default_icmpv6()2185 icmp_packet.seq=get_icmp_seq_number()2186 icmp_packet.data="\x04"*162187 final_packet=ip_packet/ext_2/ext_3/ext_1/icmp_packet2188 test6_packets.append(final_packet)2189 # TEST 932190 test6_ids.append("ICMP_ExtHdrs_33")2191 test6_descriptions.append("IPv6/Routing/Hop-by-hop/DestOpts/ICMPv6 Echo request (Headers ordered incorrectly, III)")2192 ip_packet=build_default_ipv6(target)2193 ext_1=IPv6ExtHdrHopByHop()2194 ext_2=IPv6ExtHdrDestOpt()2195 ext_3=IPv6ExtHdrRouting()2196 icmp_packet=build_default_icmpv6()2197 icmp_packet.seq=get_icmp_seq_number()2198 icmp_packet.data="\x05"*162199 final_packet=ip_packet/ext_3/ext_1/ext_2/icmp_packet2200 test6_packets.append(final_packet)2201 # TEST 942202 test6_ids.append("ICMP_ExtHdrs_34")2203 test6_descriptions.append("IPv6/Hop-by-hop/DestOpts/Routing/DestOpts/ICMPv6 Echo request (Two DestOpts, allowed by RFC)")2204 ip_packet=build_default_ipv6(target)2205 ext_1=IPv6ExtHdrHopByHop()2206 ext_2=IPv6ExtHdrDestOpt()2207 ext_3=IPv6ExtHdrRouting()2208 ext_4=IPv6ExtHdrDestOpt()2209 icmp_packet=build_default_icmpv6()2210 icmp_packet.seq=get_icmp_seq_number()2211 icmp_packet.data="\x06"*162212 final_packet=ip_packet/ext_1/ext_2/ext_3/ext_4/icmp_packet2213 test6_packets.append(final_packet)2214 # TEST 952215 test6_ids.append("ICMP_ExtHdrs_35")2216 test6_descriptions.append("IPv6/Hop-by-hop/DestOpts/Routing/DestOpts/ICMPv6 Echo request (>2 DestOpts, NOT allowed by RFC)")2217 ip_packet=build_default_ipv6(target)2218 ext_1=IPv6ExtHdrHopByHop()2219 ext_2=IPv6ExtHdrDestOpt()2220 ext_3=IPv6ExtHdrRouting()2221 ext_4=IPv6ExtHdrDestOpt()2222 ext_5=IPv6ExtHdrDestOpt()2223 icmp_packet=build_default_icmpv6()2224 icmp_packet.seq=get_icmp_seq_number()2225 icmp_packet.data="\x07"*162226 final_packet=ip_packet/ext_1/ext_2/ext_3/ext_4/ext_5/icmp_packet2227 test6_packets.append(final_packet)2228 # TEST 962229 test6_ids.append("ICMP_ExtHdrs_36")2230 test6_descriptions.append("IPv6/Hop-by-hop with OPT=Jumbo Payload. IPv6 PLEN=0, Jumbolen=0)")2231 ip_packet=build_default_ipv6(target)2232 opt=Jumbo()2233 opt.jumboplen=02234 ext_1=IPv6ExtHdrHopByHop(options=[opt])2235 icmp_packet=build_default_icmpv6()2236 icmp_packet.seq=get_icmp_seq_number()2237 icmp_packet.data="\x08"*162238 final_packet=ip_packet/ext_1/icmp_packet2239 final_packet.plen=02240 test6_packets.append(final_packet)2241 # TEST 972242 test6_ids.append("ICMP_ExtHdrs_37")2243 test6_descriptions.append("IPv6/Hop-by-hop with OPT=Jumbo Payload. IPv6 PLEN=0 Jumbolen=32)")2244 ip_packet=build_default_ipv6(target)2245 opt=Jumbo()2246 opt.jumboplen=322247 ext_1=IPv6ExtHdrHopByHop(options=[opt])2248 icmp_packet=build_default_icmpv6()2249 icmp_packet.seq=get_icmp_seq_number()2250 icmp_packet.data="\x09"*162251 final_packet=ip_packet/ext_1/icmp_packet2252 final_packet.plen=02253 test6_packets.append(final_packet)2254 # TEST 982255 test6_ids.append("ICMP_ExtHdrs_38")2256 test6_descriptions.append("IPv6/Hop-by-hop with OPT=Jumbo Payload. IPv6 PLEN=0 Jumbolen=65535)")2257 ip_packet=build_default_ipv6(target)2258 opt=Jumbo()2259 opt.jumboplen=655352260 ext_1=IPv6ExtHdrHopByHop(options=[opt])2261 icmp_packet=build_default_icmpv6()2262 icmp_packet.seq=get_icmp_seq_number()2263 icmp_packet.data="\x0A"*162264 final_packet=ip_packet/ext_1/icmp_packet2265 final_packet.plen=02266 test6_packets.append(final_packet)2267 # TEST 992268 test6_ids.append("ICMP_ExtHdrs_39")2269 test6_descriptions.append("IPv6/Hop-by-hop with OPT=Jumbo Payload. IPv6 PLEN=0 Jumbolen=100000)")2270 ip_packet=build_default_ipv6(target)2271 opt=Jumbo()2272 opt.jumboplen=1000002273 ext_1=IPv6ExtHdrHopByHop(options=[opt])2274 icmp_packet=build_default_icmpv6()2275 icmp_packet.seq=get_icmp_seq_number()2276 icmp_packet.data="\x0B"*162277 final_packet=ip_packet/ext_1/icmp_packet2278 final_packet.plen=02279 test6_packets.append(final_packet)2280 # TEST 1002281 test6_ids.append("ICMP_ExtHdrs_40")2282 test6_descriptions.append("IPv6/Hop-by-hop with Two OPT=Jumbo Payload. IPv6 PLEN=O")2283 ip_packet=build_default_ipv6(target)2284 opt=Jumbo()2285 opt.jumboplen=02286 opt2=Jumbo()2287 opt2.jumboplen=655362288 ext_1=IPv6ExtHdrHopByHop(options=[opt,opt2])2289 icmp_packet=build_default_icmpv6()2290 icmp_packet.seq=get_icmp_seq_number()2291 icmp_packet.data="\x0C"*162292 final_packet=ip_packet/ext_1/icmp_packet2293 final_packet.plen=02294 test6_packets.append(final_packet)2295 # TEST 1012296 test6_ids.append("ICMP_ExtHdrs_41")2297 test6_descriptions.append("IPv6/Hop-by-hop with 128 OPT=Jumbo Payload. IPv6 PLEN=O")2298 ip_packet=build_default_ipv6(target)2299 opt=Jumbo()2300 opt.jumboplen=655362301 opt2=[]2302 for i in range(0, 128) :2303 opt2=opt2+[opt]2304 ext_1=IPv6ExtHdrHopByHop(options=opt2)2305 icmp_packet=build_default_icmpv6()2306 icmp_packet.seq=get_icmp_seq_number()2307 icmp_packet.data="\x0D"*162308 final_packet=ip_packet/ext_1/icmp_packet2309 final_packet.plen=02310 test6_packets.append(final_packet)2311 # TEST 1022312 test6_ids.append("ICMP_ExtHdrs_42")2313 # RFC 2675: The Jumbo Payload option must not be used in a packet that carries a Fragment header.2314 test6_descriptions.append("IPv6/Hop-by-hop with OPT=Jumbo Payload/Fragment Header (two packets sent)")2315 ip_packet=build_default_ipv6(target)2316 opt=Jumbo()2317 opt.jumboplen=655362318 ext_1=IPv6ExtHdrHopByHop(options=[opt])2319 ext_2=IPv6ExtHdrFragment()2320 ext_2.id=0x387412722321 ext_2.m=1 # More fragments=Yes2322 icmp_packet=build_default_icmpv6()2323 icmp_packet.seq=get_icmp_seq_number()2324 icmp_packet.data="\x0E"*696 +"\x0F"*3282325 final_packet=ip_packet/ext_1/ext_2/icmp_packet2326 finals=fragment6(final_packet, fragSize=760)2327 test6_packets.append(finals)2328 # TEST 1032329 test6_ids.append("ICMP_ExtHdrs_43")2330 # From RFC 2675:2331 # error: IPv6 Payload Length = 0 and2332 # IPv6 Next Header = Hop-by-Hop Options and2333 # Jumbo Payload option not present2334 #2335 # Code: 02336 # Pointer: high-order octet of the IPv6 Payload Length2337 test6_descriptions.append("IPv6 with PLEN=0/Hop-by-hop withotu Jumbo Payload")2338 ip_packet=build_default_ipv6(target)2339 ext_1=IPv6ExtHdrHopByHop()2340 icmp_packet=build_default_icmpv6()2341 icmp_packet.seq=get_icmp_seq_number()2342 icmp_packet.data="\x10"*162343 final_packet=ip_packet/ext_1/icmp_packet2344 final_packet.plen=02345 test6_packets.append(final_packet)2346 # TEST 1042347 test6_ids.append("ICMP_ExtHdrs_44")2348 # From RFC 2675:2349 # error: IPv6 Payload Length != 0 and2350 # Jumbo Payload option present2351 #2352 # Code: 02353 # Pointer: Option Type field of the Jumbo Payload option2354 test6_descriptions.append("IPv6 with PLEN!=0/Hop-by-hop with Jumbo Payload")2355 ip_packet=build_default_ipv6(target)2356 opt=Jumbo()2357 opt.jumboplen=923192358 ext_1=IPv6ExtHdrHopByHop(options=[opt])2359 icmp_packet=build_default_icmpv6()2360 icmp_packet.seq=get_icmp_seq_number()2361 icmp_packet.data="\x11"*162362 final_packet=ip_packet/ext_1/icmp_packet2363 test6_packets.append(final_packet)2364 # TEST 1052365 test6_ids.append("ICMP_ExtHdrs_45")2366 test6_descriptions.append("IPv6 with PLEN!=0/Hop-by-hop with OPT=Tunnel Encapsulation Limit (l=0)")2367 ip_packet=build_default_ipv6(target)2368 opt=PadN() # Use PadN as a template2369 opt.otype=0x04 # Tunnel Encapsulation Limit (RFC 2473)2370 opt.optlen=12371 opt.optdata='\x00' # limit=02372 ext_1=IPv6ExtHdrHopByHop(options=[opt])2373 icmp_packet=build_default_icmpv6()2374 icmp_packet.seq=get_icmp_seq_number()2375 icmp_packet.data="\x12"*162376 final_packet=ip_packet/ext_1/icmp_packet2377 test6_packets.append(final_packet)2378 # TEST 1062379 test6_ids.append("ICMP_ExtHdrs_46")2380 test6_descriptions.append("IPv6 with PLEN!=0/Hop-by-hop with OPT=Tunnel Encapsulation Limit (l=1)")2381 ip_packet=build_default_ipv6(target)2382 opt=PadN() # Use PadN as a template2383 opt.otype=0x04 # Tunnel Encapsulation Limit2384 opt.optlen=12385 opt.optdata='\x01' # limit=12386 ext_1=IPv6ExtHdrHopByHop(options=[opt])2387 icmp_packet=build_default_icmpv6()2388 icmp_packet.seq=get_icmp_seq_number()2389 icmp_packet.data="\x13"*162390 final_packet=ip_packet/ext_1/icmp_packet2391 test6_packets.append(final_packet)2392 # TEST 1072393 test6_ids.append("ICMP_ExtHdrs_47")2394 test6_descriptions.append("IPv6/Hop-by-Hop with OPT=Quick-Start with RR=0 /TCP SYN)")2395 ip_packet=build_default_ipv6(target)2396 # 0 1 2 32397 # 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 12398 # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2399 # | Option | Length=8 | Func. | Rate | QS TTL |2400 # | | | 0000 |Request| |2401 # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2402 # | QS Nonce | R |2403 # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+2404 opt=PadN() # Use PadN as a template2405 opt.otype=0x26 # Quick-Start (RFC 4782)2406 opt.optlen=62407 opt.optdata='\x00\xE6\xF0\xF0\xB0\x00' # Func=0000 (rate request), RReq=0 (0 Kbps), QTTL=230 (xE6), QNonce=0xF0F0B000 Reserved=002408 ext=IPv6ExtHdrHopByHop(options=[opt])2409 tcp_packet=build_default_tcp()2410 tcp_packet.dport=open_port_g2411 tcp_packet.sport=get_source_port_number()2412 tcp_packet.flags='S'2413 final_packet=ip_packet/ext/tcp_packet2414 test6_packets.append(final_packet)2415 # TEST 1082416 test6_ids.append("ICMP_ExtHdrs_48")2417 test6_descriptions.append("IPv6/Hop-by-Hop with OPT=Quick-Start with RR=15 /TCP SYN)")2418 ip_packet=build_default_ipv6(target)2419 opt=PadN() # Use PadN as a template2420 opt.otype=0x26 # Quick-Start (RFC 4782)2421 opt.optlen=62422 opt.optdata='\x0F\xE6\xF1\xF1\xB0\x00' # Func=0000 (rate request), RReq=F (1,310,720 Kbps), QTTL=230 (xE6), QNonce=0xF1F1B000 Reserved=002423 ext=IPv6ExtHdrHopByHop(options=[opt])2424 tcp_packet=build_default_tcp()2425 tcp_packet.dport=open_port_g2426 tcp_packet.sport=get_source_port_number()2427 tcp_packet.flags='S'2428 final_packet=ip_packet/ext/tcp_packet2429 test6_packets.append(final_packet)2430 # TEST 1092431 test6_ids.append("ICMP_ExtHdrs_49")2432 test6_descriptions.append("IPv6/Hop-by-Hop with OPT=Quick-Start Report/TCP SYN)")2433 ip_packet=build_default_ipv6(target)2434 opt=PadN() # Use PadN as a template2435 opt.otype=0x26 # Quick-Start (RFC 4782)2436 opt.optlen=62437 opt.optdata='\x82\x00\xF2\xF2\xB0\x00' # Func=1000 (rate report), RRep=2 (160 Kbps), Unused=0, QNonce=0xF2F2B000 Reserved=002438 ext=IPv6ExtHdrHopByHop(options=[opt])2439 tcp_packet=build_default_tcp()2440 tcp_packet.dport=open_port_g2441 tcp_packet.sport=get_source_port_number()2442 tcp_packet.flags='S'2443 final_packet=ip_packet/ext/tcp_packet2444 test6_packets.append(final_packet)2445 # TEST 1102446 test6_ids.append("ICMP_ExtHdrs_50")2447 test6_descriptions.append("IPv6/Hop-by-Hop with OPT=CALIPSO/TCP SYN)")2448 ip_packet=build_default_ipv6(target)2449 # ------------------------------2450 # | Option Type | Option Length|2451 # +-------------+---------------+-------------+--------------+2452 # | CALIPSO Domain of Interpretation |2453 # +-------------+---------------+-------------+--------------+2454 # | Cmpt Length | Sens Level | Checksum (CRC-16) |2455 # +-------------+---------------+-------------+--------------+2456 # | Compartment Bitmap (Optional; variable length) |2457 # +-------------+---------------+-------------+--------------+2458 opt=PadN() # Use PadN as a template2459 opt.otype=0x07 # CALIPSO (RFC 5570)2460 opt.optlen=82461 opt.optdata='\xA0\xA1\xA2\xA3\x00\xFE\x00\x00' # DOI=0x, Clen=0, SLevel=0xFE, Csum=0x0000, CBmap=N/A2462 ext=IPv6ExtHdrHopByHop(options=[opt])2463 tcp_packet=build_default_tcp()2464 tcp_packet.dport=open_port_g2465 tcp_packet.sport=get_source_port_number()2466 tcp_packet.flags='S'2467 final_packet=ip_packet/ext/tcp_packet2468 test6_packets.append(final_packet)2469 #######################2470 # MISCELLANEOUS TESTS #2471 #######################2472 # TEST 1112473 test6_ids.append("ICMP_Misc_1")2474 test6_descriptions.append("ICMP Inverse Neighbor Discovery Solicitation (to target's unicast addr)")2475 ip_packet=build_default_ipv6(target)2476 ip_packet.hlim=2552477 icmp_packet=ICMPv6ND_INDSol() # RFC 31222478 opt_1=ICMPv6NDOptSrcLLAddr() # Source link layer address2479 opt_2=ICMPv6NDOptDstLLAddr() # Target link layer address2480 final_packet=ip_packet/icmp_packet/opt_1/opt_22481 test6_packets.append(final_packet)2482 # TEST 1122483 test6_ids.append("ICMP_Misc_2")2484 test6_descriptions.append("ICMP Inverse Neighbor Discovery Solicitation (to target's unicast addr) Both Options missing")2485 ip_packet=build_default_ipv6(target)2486 ip_packet.hlim=2552487 icmp_packet=ICMPv6ND_INDSol() # RFC 31222488 final_packet=ip_packet/icmp_packet2489 test6_packets.append(final_packet)2490 # TEST 1132491 test6_ids.append("ICMP_Misc_3")2492 test6_descriptions.append("ICMP Inverse Neighbor Discovery Solicitation (to target's unicast addr) 1 Option missing")2493 ip_packet=build_default_ipv6(target)2494 ip_packet.hlim=2552495 icmp_packet=ICMPv6ND_INDSol() # RFC 31222496 opt=ICMPv6NDOptDstLLAddr() # Target link layer address2497 final_packet=ip_packet/icmp_packet/opt2498 test6_packets.append(final_packet)2499 # TEST 1142500 test6_ids.append("ICMP_Misc_4")2501 test6_descriptions.append("ICMP Mobile Prefix Solicitation")2502 ip_packet=build_default_ipv6(target)2503 icmp_packet=ICMPv6MPSol() # RFC 31222504 icmp_packet.id=0x34742505 opt=HAO() # Home Address Option2506 opt.hoa=target2507 ext_hdr=IPv6ExtHdrDestOpt(options=[opt])2508 final_packet=ip_packet/ext_hdr/icmp_packet2509 test6_packets.append(final_packet)2510 # TEST 1152511 test6_ids.append("ICMP_Misc_5")2512 test6_descriptions.append("ICMP Mobile Prefix Solicitation with no HAO present")2513 ip_packet=build_default_ipv6(target)2514 icmp_packet=ICMPv6MPSol() # RFC 31222515 icmp_packet.id=0x33452516 final_packet=ip_packet/icmp_packet2517 test6_packets.append(final_packet)2518 # TEST 1162519 test6_ids.append("ICMP_Misc_6")2520 test6_descriptions.append("ICMP Mobile Prefix Solicitation with ICMP Code!=0")2521 ip_packet=build_default_ipv6(target)2522 icmp_packet=ICMPv6MPSol() # RFC 31222523 icmp_packet.id=0x33522524 icmp_packet.code=332525 opt=HAO() # Home Address Option2526 opt.hoa=target2527 ext_hdr=IPv6ExtHdrDestOpt(options=[opt])2528 final_packet=ip_packet/ext_hdr/icmp_packet2529 test6_packets.append(final_packet)2530 # TEST 1172531 test6_ids.append("ICMP_Misc_7")2532 test6_descriptions.append("ICMP Certificate Path Solicitation (Retrieve all certs)")2533 ip_packet=build_default_ipv6(target)2534 icmp_packet=ICMPv6MPSol() # Use ICMP MPrefix Sol as a template2535 icmp_packet.type=148 # Certification Path Solicitation Message (RFC 3971)2536 icmp_packet.id=0x16322537 icmp_packet.code=02538 icmp_packet.res=65535 # Component=65535 (all certs)2539 final_packet=ip_packet/icmp_packet2540 test6_packets.append(final_packet)2541 # TEST 1182542 test6_ids.append("ICMP_Misc_8")2543 test6_descriptions.append("ICMP Certificate Path Solicitation (Retrieve cert #65530)")2544 ip_packet=build_default_ipv6(target)2545 icmp_packet=ICMPv6MPSol() # Use ICMP MPrefix Sol as a template2546 icmp_packet.type=148 # Certification Path Solicitation Message (RFC 3971)2547 icmp_packet.id=0x16322548 icmp_packet.code=02549 icmp_packet.res=65530 # Component=65530 (Cert No. 65530)2550 final_packet=ip_packet/icmp_packet2551 test6_packets.append(final_packet)2552 # TEST 1192553 test6_ids.append("ICMP_Misc_9")2554 test6_descriptions.append("ICMP Certificate Path Solicitation with ID=0")2555 ip_packet=build_default_ipv6(target)2556 icmp_packet=ICMPv6MPSol() # Use ICMP MPrefix Sol as a template2557 icmp_packet.type=148 # Certification Path Solicitation Message (RFC 3971)2558 icmp_packet.id=0 # From RFC 3971: the Identifier field MUST NOT be zero2559 icmp_packet.code=02560 icmp_packet.res=65535 # Component=65535 (all certs)2561 final_packet=ip_packet/icmp_packet2562 test6_packets.append(final_packet)2563 # TEST 1202564 test6_ids.append("ICMP_Misc_10")2565 test6_descriptions.append("ICMP/EchoReq/BadSum(sum=0x4444)")2566 ip_packet=build_default_ipv6(target)2567 icmp_packet=build_default_icmpv6()2568 icmp_packet.seq=get_icmp_seq_number()2569 icmp_packet.cksum=0x44442570 final_packet=ip_packet/icmp_packet2571 test6_packets.append(final_packet)2572 # TEST 1212573 test6_ids.append("ICMP_Misc_11")2574 test6_descriptions.append("ICMP/EchoReq/BadSum(sum=0)")2575 ip_packet=build_default_ipv6(target)2576 icmp_packet=build_default_icmpv6()2577 icmp_packet.seq=get_icmp_seq_number()2578 icmp_packet.cksum=0x00002579 final_packet=ip_packet/icmp_packet2580 test6_packets.append(final_packet)2581 # TEST 1222582 test6_ids.append("ICMP_Misc_12")2583 test6_descriptions.append("IPv6/DestOpts extension header with a PadN that does not contain 0x00 bytes")2584 ip_packet=build_default_ipv6(target)2585 ip_packet.nh=0x3c # Destination Options2586 ext_hdr='\x3A\x00\x01\x04\x44\x33\x22\x11' # NH=ICMPv6 followed by PADN(4 non-zero bytes)2587 icmp_packet=build_default_icmpv6()2588 icmp_packet.seq=get_icmp_seq_number()2589 icmp_packet.data="\x14"*1502590 final_packet=ip_packet/ext_hdr/icmp_packet2591 test6_packets.append(final_packet)2592 # TEST 1232593 test6_ids.append("ICMP_Misc_13")2594 test6_descriptions.append("IPv6/Hop-by-Hop extension header with a PadN that does not contain 0x00 bytes")2595 ip_packet=build_default_ipv6(target)2596 ip_packet.nh=0x00 # Hop-by-hop extension header2597 ext_hdr='\x3A\x00\x01\x04\x55\x66\x77\x88' # NH=ICMPv6 followed by PADN(4 non-zero bytes)2598 icmp_packet=build_default_icmpv6()2599 icmp_packet.seq=get_icmp_seq_number()2600 icmp_packet.data="\x15"*1502601 final_packet=ip_packet/ext_hdr/icmp_packet2602 test6_packets.append(final_packet)2603 # TEST 1242604 test6_ids.append("ICMP_Misc_14")2605 test6_descriptions.append("IPv6 with Plen=0/ICMP Echo")2606 ip_packet=build_default_ipv6(target)2607 icmp_packet=build_default_icmpv6()2608 icmp_packet.seq=get_icmp_seq_number()2609 icmp_packet.data="\x16"*322610 final_packet=ip_packet/icmp_packet2611 final_packet.plen=02612 test6_packets.append(final_packet)2613 # TEST 1252614 test6_ids.append("ICMP_Misc_15")2615 test6_descriptions.append("IPv6/Hop-By-Hop with a lot of PadN and an unknown option at the end/ICMP Echo")2616 ip_packet=build_default_ipv6(target)2617 ip_packet.nh=0x00 # Hop-by-hop extension header2618 ext='\x3A' # Next header=ICMPv62619 ext=ext+'\x80' # Len2620 for i in range(0, 128):2621 ext=ext+'\x01\x06\x00\x00\x00\x00\x00\x00'2622 ext=ext+'\x80\x04\x00\x00\x00\x00' # Unknown option that starts with 10b2623 icmp_packet=build_default_icmpv6()2624 icmp_packet.seq=get_icmp_seq_number()2625 icmp_packet.data="\x17"*322626 final_packet=ip_packet/ext/icmp_packet2627 test6_packets.append(final_packet)2628 # TEST 1262629 test6_ids.append("ICMP_Misc_16")2630 test6_descriptions.append("IPv6 in IPv6/ICMP Echo")2631 ip_packet=build_default_ipv6(target)2632 ip_packet2=build_default_ipv6(target)2633 icmp_packet=build_default_icmpv6()2634 icmp_packet.seq=get_icmp_seq_number()2635 icmp_packet.data="\x18"*322636 final_packet=ip_packet/ip_packet2/icmp_packet2637 test6_packets.append(final_packet)2638 # TEST 1272639 test6_ids.append("ICMP_Misc_17")2640 test6_descriptions.append("IPv4 in IPv6/ICMPv4 Echo")2641 ip_packet=build_default_ipv6(target)2642 ip_packet.nh=4 # IPv42643 ip_packet2=IP()2644 ip_packet2.src="127.0.0.1"2645 ip_packet2.dst="127.0.0.1"2646 icmp_packet=ICMP()2647 icmp_packet.id=0x44332648 icmp_packet.seq=get_icmp_seq_number()2649 final_packet=ip_packet/ip_packet2/icmp_packet2650 test6_packets.append(final_packet)2651 # TEST 1282652 test6_ids.append("ICMP_Misc_18")2653 test6_descriptions.append("IPv6/NextHeader=Unknown")2654 ip_packet=build_default_ipv6(target)2655 ip_packet.nh=255 # IANA Reserverd protocol value2656 payload="\x3b" + "\x11"*312657 final_packet=ip_packet/payload2658 test6_packets.append(final_packet)2659 # TEST 1292660 test6_ids.append("ICMP_Misc_19")2661 test6_descriptions.append("IPv6/NextHeader=Shim6")2662 ip_packet=build_default_ipv6(target)2663 ip_packet.nh=140 # Shim62664 payload="\x3b\x00\x81" + "\x00"*62665 final_packet=ip_packet/payload2666 test6_packets.append(final_packet)2667 # TEST 1302668 test6_ids.append("ICMP_Misc_20")2669 test6_descriptions.append("IPv6/MobileIPv6 (Binding Refresh Request)")2670 ip_packet=build_default_ipv6(target)2671 payload=MIP6MH_BRR()2672 final_packet=ip_packet/payload2673 test6_packets.append(final_packet)2674 # TEST 1312675 test6_ids.append("ICMP_Misc_21")2676 test6_descriptions.append("IPv6/MobileIPv6 (Home Test Init)")2677 ip_packet=build_default_ipv6(target)2678 payload=MIP6MH_HoTI()2679 final_packet=ip_packet/payload2680 test6_packets.append(final_packet)2681 # TEST 1322682 test6_ids.append("ICMP_Misc_22")2683 test6_descriptions.append("IPv6/MobileIPv6 (Care-of Test Init)")2684 ip_packet=build_default_ipv6(target)2685 payload=MIP6MH_CoTI()2686 final_packet=ip_packet/payload2687 test6_packets.append(final_packet)2688 # TEST 1332689 test6_ids.append("ICMP_Misc_23")2690 test6_descriptions.append("IPv6/MobileIPv6 (Home Test Init) with NH!=59")2691 ip_packet=build_default_ipv6(target)2692 mobile6=MIP6MH_HoTI()2693 # From RFC=3775: The Payload Proto field MUST be IPPROTO_NONE (59 decimal).2694 # Otherwise, the node MUST discard the message and SHOULD send ICMP2695 # Parameter Problem, Code 02696 mobile6.nh=58 # NH=ICMPv62697 icmp_packet=build_default_icmpv6()2698 final_packet=ip_packet/mobile6/icmp_packet2699 test6_packets.append(final_packet)2700 # TEST 1342701 test6_ids.append("ICMP_Misc_24")2702 test6_descriptions.append("IPv6/MobileIPv6 (Home Test Init) with wrong length")2703 ip_packet=build_default_ipv6(target)2704 mobile6=MIP6MH_HoTI()2705 # From RFC=3775: the Header Len field in the Mobility Header MUST NOT be less2706 # than the length specified for this particular type of message in2707 mobile6.len=02708 final_packet=ip_packet/mobile62709 test6_packets.append(final_packet)2710 # TEST 1352711 test6_ids.append("ICMP_Misc_25")2712 test6_descriptions.append("IPv6/MobileIPv6 (Home Test Init) with wrong length in opts")2713 ip_packet=build_default_ipv6(target)2714 mobile6=MIP6MH_HoTI()2715 # From RFC=3775: the Header Len field in the Mobility Header MUST NOT be less2716 # than the length specified for this particular type of message in2717 mobile6.len=1282718 final_packet=ip_packet/mobile6/ ('\xDE'*1000)2719 test6_packets.append(final_packet)2720 # TEST 1362721 test6_ids.append("ICMP_Misc_26")2722 test6_descriptions.append("IPv6 with Flow Label=0/ICMP Echo")2723 ip_packet=build_default_ipv6(target)2724 ip_packet.fl=02725 icmp_packet=build_default_icmpv6()2726 icmp_packet.seq=get_icmp_seq_number()2727 icmp_packet.data="\x19"*322728 final_packet=ip_packet/icmp_packet2729 test6_packets.append(final_packet)2730 # TEST 1372731 test6_ids.append("ICMP_Misc_27")2732 test6_descriptions.append("IPv6 with Flow Label=0xFFFFF/ICMP Echo")2733 ip_packet=build_default_ipv6(target)2734 ip_packet.fl=0xFFFFF2735 icmp_packet=build_default_icmpv6()2736 icmp_packet.seq=get_icmp_seq_number()2737 icmp_packet.data="\x1A"*322738 final_packet=ip_packet/icmp_packet2739 test6_packets.append(final_packet)2740 # TEST 1382741 test6_ids.append("ICMP_Misc_28")2742 test6_descriptions.append("IPv6 with Flow Label=0/TCP SYN")2743 ip_packet=build_default_ipv6(target)2744 ip_packet.fl=02745 tcp_packet=build_default_tcp()2746 tcp_packet.dport=open_port_g2747 tcp_packet.sport=get_source_port_number()2748 tcp_packet.flags='S'2749 final_packet=ip_packet/tcp_packet2750 test6_packets.append(final_packet)2751 # TEST 1392752 test6_ids.append("ICMP_Misc_29")2753 test6_descriptions.append("IPv6 with Flow Label=0xFFFFF/TCP SYN")2754 ip_packet=build_default_ipv6(target)2755 ip_packet.fl=0xFFFFF2756 tcp_packet=build_default_tcp()2757 tcp_packet.dport=open_port_g2758 tcp_packet.sport=get_source_port_number()2759 tcp_packet.flags='S'2760 final_packet=ip_packet/tcp_packet2761 test6_packets.append(final_packet)2762 # TEST 1402763 test6_ids.append("ICMP_Misc_30")2764 test6_descriptions.append("IPv6 with Flow Label=0/UDP to closed port")2765 ip_packet=build_default_ipv6(target)2766 ip_packet.fl=02767 udp_packet=build_default_udp()2768 udp_packet.dport=closed_port_g2769 udp_packet.sport=get_source_port_number()2770 payload="\x1B"*442771 final_packet=ip_packet/udp_packet/payload2772 test6_packets.append(final_packet)2773 # TEST 1412774 test6_ids.append("ICMP_Misc_31")2775 test6_descriptions.append("IPv6 with Flow Label=0xFFFFF/UDP to closed port")2776 ip_packet=build_default_ipv6(target)2777 ip_packet.fl=0xFFFFF2778 udp_packet=build_default_udp()2779 udp_packet.dport=closed_port_g2780 udp_packet.sport=get_source_port_number()2781 payload="\x1C"*442782 final_packet=ip_packet/udp_packet/payload2783 test6_packets.append(final_packet)2784 # TEST 1422785 test6_ids.append("ICMP_Misc_32")2786 test6_descriptions.append("IPv6 with Traffic Class=0xFF/ICMP Echo")2787 ip_packet=build_default_ipv6(target)2788 ip_packet.tc=0xFF2789 icmp_packet=build_default_icmpv6()2790 icmp_packet.seq=get_icmp_seq_number()2791 icmp_packet.data="\x1D"*322792 final_packet=ip_packet/icmp_packet2793 test6_packets.append(final_packet)2794 # TEST 1432795 test6_ids.append("ICMP_Misc_33")2796 test6_descriptions.append("IPv6 with Traffic Class=0xFF/TCP SYN")2797 ip_packet=build_default_ipv6(target)2798 ip_packet.tc=0xFF2799 tcp_packet=build_default_tcp()2800 tcp_packet.dport=open_port_g2801 tcp_packet.sport=get_source_port_number()2802 tcp_packet.flags='S'2803 final_packet=ip_packet/tcp_packet2804 test6_packets.append(final_packet)2805 # TEST 1442806 test6_ids.append("ICMP_Misc_34")2807 test6_descriptions.append("IPv6 with Traffic Class=0xFF/UDP to closed port")2808 ip_packet=build_default_ipv6(target)2809 ip_packet.tc=0xFF2810 udp_packet=build_default_udp()2811 udp_packet.dport=closed_port_g2812 udp_packet.sport=get_source_port_number()2813 payload="\x1E"*442814 final_packet=ip_packet/udp_packet/payload2815 test6_packets.append(final_packet)2816 # TEST 1452817 test6_ids.append("ICMP_Misc_35")2818 test6_descriptions.append("IPv6/First fragment with a payload that is not multiple of 8")2819 # From RFC 2460:2820 # "If the length of a fragment, as derived from the fragment packet's2821 # Payload Length field, is not a multiple of 8 octets and the M flag2822 # of that fragment is 1, then that fragment must be discarded and an2823 # ICMP Parameter Problem, Code 0, message should be sent to the2824 # source of the fragment, pointing to the Payload Length field of2825 # the fragment packet."2826 #2827 # NOTE: The absence of a reply to this test is significant and should2828 # be considered. @todo TODO2829 ip_packet=build_default_ipv6(target)2830 frag_hdr=IPv6ExtHdrFragment()2831 frag_hdr.m=1 # More fragments=Yes2832 frag_hdr.id=0xdc3a7b352833 tcp_packet=build_default_tcp()2834 tcp_packet.dport=open_port_g2835 tcp_packet.sport=get_source_port_number()2836 tcp_packet.flags='PA'2837 tcp_packet.ack=0x3a347bcd2838 tcp_packet.seq=0x7bcd3a342839 payload="Connection: Keep-Alive\r\nProxy-Connection: Keep-Alive\r\nContent-Length: 2131431\r\n"2840 final_packet=ip_packet/frag_hdr/tcp_packet/payload2841 test6_packets.append(final_packet)2842 # TEST 1462843 test6_ids.append("ICMP_Misc_36")2844 test6_descriptions.append("IPv6/Some fragment (not first, not last) with a payload that is not multiple of 8")2845 # NOTE: The absence of a reply to this test is significant and should2846 # be considered. @todo TODO2847 ip_packet=build_default_ipv6(target)2848 frag_hdr=IPv6ExtHdrFragment()2849 frag_hdr.m=1 # More fragments=Yes2850 frag_hdr.offset=8032851 frag_hdr.id=0xd23a7b232852 tcp_packet=build_default_tcp()2853 tcp_packet.dport=open_port_g2854 tcp_packet.sport=get_source_port_number()2855 tcp_packet.flags='PA'2856 tcp_packet.ack=0x3a312cd22857 tcp_packet.seq=0x3ecd3a342858 payload="Connection: Keep-Alive\r\nProxy-Connection: Keep-Alive\r\nContent-Length: 4431611\r\n"2859 final_packet=ip_packet/frag_hdr/tcp_packet/payload2860 test6_packets.append(final_packet)2861 # TEST 1472862 test6_ids.append("ICMP_Misc_37")2863 test6_descriptions.append("ICMP/NSol/Dst=target/Addr=target/Flag R=1")2864 ip_packet=build_default_ipv6(target)2865 ip_packet.hlim=2552866 icmp_packet=ICMPv6ND_NS()2867 icmp_packet.R=12868 icmp_packet.code=02869 icmp_packet.tgt=target;2870 final_packet=ip_packet/icmp_packet2871 test6_packets.append(final_packet)2872 # TEST 1482873 test6_ids.append("ICMP_Misc_38")2874 test6_descriptions.append("ICMP/NSol/Dst=target/Addr=target/Flag S=1")2875 ip_packet=build_default_ipv6(target)2876 ip_packet.hlim=2552877 icmp_packet=ICMPv6ND_NS()2878 icmp_packet.S=12879 icmp_packet.code=02880 icmp_packet.tgt=target;2881 final_packet=ip_packet/icmp_packet2882 test6_packets.append(final_packet)2883 # TEST 1492884 test6_ids.append("ICMP_Misc_39")2885 test6_descriptions.append("ICMP/NSol/Dst=target/Addr=target/Flag O=1")2886 ip_packet=build_default_ipv6(target)2887 ip_packet.hlim=2552888 icmp_packet=ICMPv6ND_NS()2889 icmp_packet.O=12890 icmp_packet.code=02891 icmp_packet.tgt=target;2892 final_packet=ip_packet/icmp_packet2893 test6_packets.append(final_packet)2894 # TEST 1502895 test6_ids.append("ICMP_Misc_40")2896 test6_descriptions.append("ICMP/NSol/Dst=target/Addr=target/All flags set(RSO)")2897 ip_packet=build_default_ipv6(target)2898 ip_packet.hlim=2552899 icmp_packet=ICMPv6ND_NS()2900 icmp_packet.R=12901 icmp_packet.S=12902 icmp_packet.O=12903 icmp_packet.code=02904 icmp_packet.tgt=target;2905 final_packet=ip_packet/icmp_packet2906 test6_packets.append(final_packet)2907 # TEST 1512908 test6_ids.append("TCP_Misc_1")2909 test6_descriptions.append("IPv6/TCP SYN with User Timeout Option=1min)")2910 ip_packet=build_default_ipv6(target)2911 tcp_packet=build_default_tcp()2912 tcp_packet.dport=open_port_g2913 tcp_packet.sport=get_source_port_number()2914 tcp_packet.flags='S'2915 tcp_packet.options=[(0x1c, '\x80\x01')] # TCP UTO with timeout=1min2916 final_packet=ip_packet/tcp_packet2917 test6_packets.append(final_packet)2918 # TEST 1522919 test6_ids.append("TCP_Misc_2")2920 test6_descriptions.append("IPv6/TCP SYN with User Timeout Option=0sec)")2921 ip_packet=build_default_ipv6(target)2922 tcp_packet=build_default_tcp()2923 tcp_packet.dport=open_port_g2924 tcp_packet.sport=get_source_port_number()2925 tcp_packet.flags='S'2926 tcp_packet.options=[(0x1c, '\x00\x00')] # Timeout=0secs2927 final_packet=ip_packet/tcp_packet2928 test6_packets.append(final_packet)2929 # TEST 1532930 test6_ids.append("TCP_Misc_3")2931 test6_descriptions.append("IPv6/TCP SYN Authentication option)")2932 ip_packet=build_default_ipv6(target)2933 tcp_packet=build_default_tcp()2934 tcp_packet.dport=open_port_g2935 tcp_packet.sport=get_source_port_number()2936 tcp_packet.flags='S'2937 tcp_packet.options=[(0x1d, '\x01\x01\x0F\x0E\x0D\x0C\x0B\x0A\x09\x08\x07\x06\x05\x04\x03\x02\x01\x00')]2938 final_packet=ip_packet/tcp_packet2939 test6_packets.append(final_packet)2940 # TEST 1542941 test6_ids.append("TCP_Misc_4")2942 test6_descriptions.append("IPv6/TCP SYN with the Space Communications Protocol Capabilities Option)")2943 ip_packet=build_default_ipv6(target)2944 tcp_packet=build_default_tcp()2945 tcp_packet.dport=open_port_g2946 tcp_packet.sport=get_source_port_number()2947 tcp_packet.flags='S'2948 # The option tells this to the receiver:2949 # Sender willing to operate connection in BETS mode.2950 # OK to send short form of SNACK Option.2951 # OK to send long form of SNACK Option.2952 # OK to compress TCP header2953 # Network-layer timestamps not available2954 #2955 # For more info, check "SPACE COMMUNICATIONS PROTOCOL SPECIFICATION (SCPS), CCSDS 714.0-B-2"2956 tcp_packet.options=[(0x14, '\xF0\x01')]2957 final_packet=ip_packet/tcp_packet2958 test6_packets.append(final_packet)2959def set_up_ipv4_tests(target):2960 # TEST 02961 test4_ids.append("NMAP_OS_PROBE_TCP_0")2962 test4_descriptions.append("TCP/SYN/OpenPort/NmapProbe0")2963 ip_packet=build_default_ipv4(target)2964 ip_packet.tos=02965 ip_packet.flags=02966 ip_packet.frag=02967 ip_packet.ttl=432968 ip_packet.id=0xdabf2969 tcp_packet=build_default_tcp()2970 tcp_packet.dport=open_port_g2971 tcp_packet.sport=get_source_port_number()2972 tcp_packet.seq=tcpSeqBase+02973 tcp_packet.ack=tcpAck2974 tcp_packet.flags='S'2975 tcp_packet.options=[('WScale', 10), ('NOP', None), ('MSS',1460), ('Timestamp', (0xFFFFFFFF,0L)), ('SAckOK', '')]2976 tcp_packet.window=12977 final_packet=ip_packet/tcp_packet2978 test4_packets.append(final_packet)2979 # TEST 12980 test4_ids.append("NMAP_OS_PROBE_TCP_1")2981 test4_descriptions.append("TCP/SYN/OpenPort/NmapProbe1")2982 ip_packet=build_default_ipv4(target)2983 ip_packet.tos=02984 ip_packet.flags=02985 ip_packet.frag=02986 ip_packet.ttl=582987 ip_packet.id=0x2bd32988 tcp_packet=build_default_tcp()2989 tcp_packet.dport=open_port_g2990 tcp_packet.sport=get_source_port_number()2991 tcp_packet.seq=tcpSeqBase+12992 tcp_packet.ack=tcpAck2993 tcp_packet.flags='S'2994 tcp_packet.options=[('MSS', 1400), ('WScale', 0), ('SAckOK', ''), ('Timestamp', (0xFFFFFFFF,0L)), ('EOL', '')]2995 tcp_packet.window=632996 final_packet=ip_packet/tcp_packet2997 test4_packets.append(final_packet)2998 # TEST 22999 test4_ids.append("NMAP_OS_PROBE_TCP_2")3000 test4_descriptions.append("TCP/SYN/OpenPort/NmapProbe2")3001 ip_packet=build_default_ipv4(target)3002 ip_packet.tos=03003 ip_packet.flags=03004 ip_packet.frag=03005 ip_packet.ttl=543006 ip_packet.id=0x27773007 tcp_packet=build_default_tcp()3008 tcp_packet.dport=open_port_g3009 tcp_packet.sport=get_source_port_number()3010 tcp_packet.seq=tcpSeqBase+23011 tcp_packet.ack=tcpAck3012 tcp_packet.flags='S'3013 tcp_packet.options=[('Timestamp', (0xFFFFFFFF,0L)), ('NOP', ''), ('NOP', ''), ('WScale', 5), ('NOP', ''), ('MSS', 640)]3014 tcp_packet.window=43015 final_packet=ip_packet/tcp_packet3016 test4_packets.append(final_packet)3017 # TEST 33018 test4_ids.append("NMAP_OS_PROBE_TCP_3")3019 test4_descriptions.append("TCP/SYN/OpenPort/NmapProbe3")3020 ip_packet=build_default_ipv4(target)3021 ip_packet.tos=03022 ip_packet.flags=03023 ip_packet.frag=03024 ip_packet.ttl=573025 ip_packet.id=0xed5f3026 tcp_packet=build_default_tcp()3027 tcp_packet.dport=open_port_g3028 tcp_packet.sport=get_source_port_number()3029 tcp_packet.seq=tcpSeqBase+33030 tcp_packet.ack=tcpAck3031 tcp_packet.flags='S'3032 tcp_packet.options=[('SAckOK', ''), ('Timestamp', (0xFFFFFFFF,0L)), ('WScale', 10), ('EOL', '')]3033 tcp_packet.window=43034 final_packet=ip_packet/tcp_packet3035 test4_packets.append(final_packet)3036 # TEST 43037 test4_ids.append("NMAP_OS_PROBE_TCP_4")3038 test4_descriptions.append("TCP/SYN/OpenPort/NmapProbe4")3039 ip_packet=build_default_ipv4(target)3040 ip_packet.tos=03041 ip_packet.flags=03042 ip_packet.frag=03043 ip_packet.ttl=423044 ip_packet.id=0xda833045 tcp_packet=build_default_tcp()3046 tcp_packet.dport=open_port_g3047 tcp_packet.sport=get_source_port_number()3048 tcp_packet.seq=tcpSeqBase+43049 tcp_packet.ack=tcpAck3050 tcp_packet.flags='S'3051 tcp_packet.options=[('MSS', 536), ('SAckOK', ''), ('Timestamp', (0xFFFFFFFF,0L)), ('WScale', 10), ('EOL', '')]3052 tcp_packet.window=163053 final_packet=ip_packet/tcp_packet3054 test4_packets.append(final_packet)3055 # TEST 53056 test4_ids.append("NMAP_OS_PROBE_TCP_5")3057 test4_descriptions.append("TCP/SYN/OpenPort/NmapProbe5")3058 ip_packet=build_default_ipv4(target)3059 ip_packet.tos=03060 ip_packet.flags=03061 ip_packet.frag=03062 ip_packet.ttl=403063 ip_packet.id=0x3fa83064 tcp_packet=build_default_tcp()3065 tcp_packet.dport=open_port_g3066 tcp_packet.sport=get_source_port_number()3067 tcp_packet.seq=tcpSeqBase+53068 tcp_packet.ack=tcpAck3069 tcp_packet.flags='S'3070 tcp_packet.options=[('MSS', 265), ('SAckOK', ''), ('Timestamp', (0xFFFFFFFF,0L))]3071 tcp_packet.window=5123072 final_packet=ip_packet/tcp_packet3073 test4_packets.append(final_packet)3074 # TEST 6 ECN3075 test4_ids.append("NMAP_OS_PROBE_TCP_6")3076 test4_descriptions.append("TCP/CWR|ECN|SYN/OpenPort/NmapProbe6")3077 ip_packet=build_default_ipv4(target)3078 ip_packet.tos=03079 ip_packet.flags=03080 ip_packet.frag=03081 ip_packet.ttl=423082 ip_packet.id=0xa5f83083 tcp_packet=build_default_tcp()3084 tcp_packet.dport=open_port_g3085 tcp_packet.sport=get_source_port_number()3086 tcp_packet.seq=tcpSeqBase3087 tcp_packet.ack=03088 tcp_packet.urgptr=0xF7F53089 tcp_packet.flags='CES'3090 tcp_packet.options=[('WScale', 10), ('NOP', ''), ('MSS', 1460), ('SAckOK', ''), ('NOP', ''), ('NOP', '')]3091 tcp_packet.window=33092 final_packet=ip_packet/tcp_packet3093 test4_packets.append(final_packet)3094 # TEST 7 (T2)3095 test4_ids.append("NMAP_OS_PROBE_TCP_7")3096 test4_descriptions.append("TCP/NullFlags/OpenPort/NmapProbe7")3097 ip_packet=build_default_ipv4(target)3098 ip_packet.tos=03099 ip_packet.flags=0x02 # Don't Fragment=13100 ip_packet.frag=03101 ip_packet.ttl=593102 ip_packet.id=0x10443103 tcp_packet=build_default_tcp()3104 tcp_packet.dport=open_port_g3105 tcp_packet.sport=get_source_port_number()3106 tcp_packet.seq=tcpSeqBase3107 tcp_packet.ack=tcpAck3108 tcp_packet.urgptr=03109 tcp_packet.flags=''3110 tcp_packet.options=[('WScale', 10), ('NOP', ''), ('MSS', 265), ('Timestamp', (0xFFFFFFFF,0L)), ('SAckOK', '')]3111 tcp_packet.window=1283112 final_packet=ip_packet/tcp_packet3113 test4_packets.append(final_packet)3114 # TEST 8 (T3)3115 test4_ids.append("NMAP_OS_PROBE_TCP_8")3116 test4_descriptions.append("TCP/SYN|FIN|URG|PSH/OpenPort/NmapProbe8")3117 ip_packet=build_default_ipv4(target)3118 ip_packet.tos=03119 ip_packet.flags=03120 ip_packet.frag=03121 ip_packet.ttl=463122 ip_packet.id=0xfc923123 tcp_packet=build_default_tcp()3124 tcp_packet.dport=open_port_g3125 tcp_packet.sport=get_source_port_number()3126 tcp_packet.seq=tcpSeqBase3127 tcp_packet.ack=tcpAck3128 tcp_packet.urgptr=03129 tcp_packet.flags='SFUP'3130 tcp_packet.options=[('WScale', 10), ('NOP', ''), ('MSS', 265), ('Timestamp', (0xFFFFFFFF,0L)), ('SAckOK', '')]3131 tcp_packet.window=2563132 final_packet=ip_packet/tcp_packet3133 test4_packets.append(final_packet)3134 # TEST 9 (T4)3135 test4_ids.append("NMAP_OS_PROBE_TCP_9")3136 test4_descriptions.append("TCP/ACK/OpenPort/NmapProbe9")3137 ip_packet=build_default_ipv4(target)3138 ip_packet.tos=03139 ip_packet.flags=0x02 # Don't Fragment=13140 ip_packet.frag=03141 ip_packet.ttl=463142 ip_packet.id=0x33ef3143 tcp_packet=build_default_tcp()3144 tcp_packet.dport=open_port_g3145 tcp_packet.sport=get_source_port_number()3146 tcp_packet.seq=tcpSeqBase3147 tcp_packet.ack=tcpAck3148 tcp_packet.urgptr=03149 tcp_packet.flags='A'3150 tcp_packet.options=[('WScale', 10), ('NOP', ''), ('MSS', 265), ('Timestamp', (0xFFFFFFFF,0L)), ('SAckOK', '')]3151 tcp_packet.window=10243152 final_packet=ip_packet/tcp_packet3153 test4_packets.append(final_packet)3154 # TEST 10 (T5)3155 test4_ids.append("NMAP_OS_PROBE_TCP_10")3156 test4_descriptions.append("TCP/SYN/ClosedPort/NmapProbe10")3157 ip_packet=build_default_ipv4(target)3158 ip_packet.tos=03159 ip_packet.flags=03160 ip_packet.frag=03161 ip_packet.ttl=453162 ip_packet.id=0xc2633163 tcp_packet=build_default_tcp()3164 tcp_packet.dport=closed_port_g3165 tcp_packet.sport=get_source_port_number()3166 tcp_packet.seq=tcpSeqBase3167 tcp_packet.ack=tcpAck3168 tcp_packet.urgptr=03169 tcp_packet.flags='S'3170 tcp_packet.options=[('WScale', 10), ('NOP', ''), ('MSS', 265), ('Timestamp', (0xFFFFFFFF,0L)), ('SAckOK', '')]3171 tcp_packet.window=313373172 final_packet=ip_packet/tcp_packet3173 test4_packets.append(final_packet)3174 # TEST 11 (T6)3175 test4_ids.append("NMAP_OS_PROBE_TCP_11")3176 test4_descriptions.append("TCP/ACK/ClosedPort/NmapProbe11")3177 ip_packet=build_default_ipv4(target)3178 ip_packet.tos=03179 ip_packet.flags=0x02 # Don't Fragment=13180 ip_packet.frag=03181 ip_packet.ttl=573182 ip_packet.id=0xbf423183 tcp_packet=build_default_tcp()3184 tcp_packet.dport=closed_port_g3185 tcp_packet.sport=get_source_port_number()3186 tcp_packet.seq=tcpSeqBase3187 tcp_packet.ack=tcpAck3188 tcp_packet.urgptr=03189 tcp_packet.flags='A'3190 tcp_packet.options=[('WScale', 10), ('NOP', ''), ('MSS', 265), ('Timestamp', (0xFFFFFFFF,0L)), ('SAckOK', '')]3191 tcp_packet.window=327683192 final_packet=ip_packet/tcp_packet3193 test4_packets.append(final_packet)3194 # TEST 12 (T7)3195 test4_ids.append("NMAP_OS_PROBE_TCP_12")3196 test4_descriptions.append("TCP/FIN|PSH|URG/ClosedPort/NmapProbe12")3197 ip_packet=build_default_ipv4(target)3198 ip_packet.tos=03199 ip_packet.flags=03200 ip_packet.frag=03201 ip_packet.ttl=473202 ip_packet.id=0xf0ba3203 tcp_packet=build_default_tcp()3204 tcp_packet.dport=closed_port_g3205 tcp_packet.sport=get_source_port_number()3206 tcp_packet.seq=tcpSeqBase3207 tcp_packet.ack=tcpAck3208 tcp_packet.urgptr=03209 tcp_packet.flags='FPU'3210 tcp_packet.options=[('WScale', 15), ('NOP', ''), ('MSS', 265), ('Timestamp', (0xFFFFFFFF,0L)), ('SAckOK', '')]3211 tcp_packet.window=655353212 final_packet=ip_packet/tcp_packet3213 test4_packets.append(final_packet)3214 # TEST 13 (IE 1)3215 test4_ids.append("NMAP_OS_PROBE_ICMP_1")3216 test4_descriptions.append("ICMP/EchoRequest/TOS=0/NmapProbe13")3217 ip_packet=build_default_ipv4(target)3218 ip_packet.tos=03219 ip_packet.flags=0x02 # Don't Fragment=13220 ip_packet.frag=03221 ip_packet.ttl=423222 ip_packet.id=0xa6663223 icmp_packet=build_default_icmpv4()3224 icmp_packet.code=93225 icmp_packet.seq=2953226 icmp_packet.id=0xABCD3227 icmp_packet.data='\x00'*1203228 final_packet=ip_packet/icmp_packet3229 test4_packets.append(final_packet)3230 # TEST 14 (IE 2)3231 test4_ids.append("NMAP_OS_PROBE_ICMP_2")3232 test4_descriptions.append("ICMP/EchoRequest/TOS=4/NmapProbe14")3233 ip_packet=build_default_ipv4(target)3234 ip_packet.tos=0x043235 ip_packet.flags=03236 ip_packet.frag=03237 ip_packet.ttl=393238 ip_packet.id=0xb7853239 icmp_packet=build_default_icmpv4()3240 icmp_packet.code=93241 icmp_packet.seq=295+13242 icmp_packet.id=0xABCD+13243 icmp_packet.data='\x00'*1503244 final_packet=ip_packet/icmp_packet3245 test4_packets.append(final_packet)3246 # TEST 15 (U1)3247 test4_ids.append("NMAP_OS_PROBE_UDP")3248 test4_descriptions.append("ICMP/EchoRequest/TClass=4/NmapProbe14")3249 ip_packet=build_default_ipv4(target)3250 ip_packet.tos=03251 ip_packet.flags=03252 ip_packet.frag=03253 ip_packet.ttl=583254 ip_packet.id=0x10423255 udp_packet=build_default_udp()3256 udp_packet.dport=closed_port_g3257 udp_packet.sport=455353258 payload='\x43'*3003259 final_packet=ip_packet/udp_packet/payload3260 test4_packets.append(final_packet)3261def run_all_tests(target6, target4, from_test, to_test):3262 # Run the tests3263 if target6!=None :3264 for i in range(from_test, min( len(test6_ids), to_test) ) :3265 res=run_test(i, test6_ids[i], test6_descriptions[i], test6_packets[i], 6)3266 test6_replies.append(res)3267 time.sleep(inter_test_delay_g) # Wait for a bit before the next test3268 if target4!=None:3269 if from_test>=0 and from_test<=len(test4_ids) :3270 for i in range(from_test, min( len(test4_ids), to_test)) :3271 res=run_test(i, test4_ids[i], test4_descriptions[i], test4_packets[i], 4)3272 test4_replies.append(res)3273 time.sleep(inter_test_delay_g) # Wait for a bit before the next test3274def run_timing_dependant_tests() :3275 global inter_packet_delay_g3276 # Select the appropriate packets3277 packets4=test4_packets[0:6]3278 packets6=test6_packets[0:6]3279 # Set the interpacket delay to 100ms3280 ipdbak=inter_packet_delay_g3281 inter_packet_delay_g=0.1 # 100ms3282 if target_host6_g!=None :3283 run_test_multiple(1000, "IPv6_NmapProbes_100ms", "Time dependant IPv6 probes", packets6, 6)3284 if target_host4_g!=None :3285 run_test_multiple(2000, "IPv4_NmapProbes_100ms", "Time dependant IPv4 probes", packets4, 4)3286 # Restore original inter packet delay3287 inter_packet_delay_g=ipdbak3288# This function builds a boolean vector from the test6_replies list, which contains3289# an IPv6 object if a response was received or the None object otherwise. The3290# result vector is stored in the global result_vector6 list.3291def build_result_vector6():3292 for i in range(0, len(test6_replies)) :3293 if test6_replies[i]==None :3294 result_vector6.append(0)3295 else :3296 result_vector6.append(1)3297# This function builds a boolean vector from the test4_replies list, which contains3298# an IPv4 object if a response was received or the None object otherwise. The3299# result vector is stored in the global result_vector6 list.3300def build_result_vector4():3301 for i in range(0, len(test4_replies)) :3302 if test4_replies[i]==None :3303 result_vector4.append(0)3304 else :3305 result_vector4.append(1)3306def del_scapy_routes():3307 for i in range(0, len(conf.route6.routes) ):3308 conf.route6.routes.pop()3309def get_interface_src_ipv6(interface_name):3310 for i in range(0, len(conf.route6.routes) ):3311 if conf.route6.routes[i][3] == interface_name :3312 if type(conf.route6.routes[i][4])==list :3313 return conf.route6.routes[i][4][0]3314 else :3315 return conf.route6.routes[i][4]3316 return None3317def get_target_mac_address(target, interface):3318 try:3319 target_tmp = inet_pton(AF_INET6, target)3320 except socket.error:3321 print "inet_pton() failed on get_target_mac_address() - sigh."3322 3323 byte_13 = hex(unpack('B', target_tmp[13])[0])[2:]3324 byte_14 = hex(unpack('B', target_tmp[14])[0])[2:]3325 byte_15 = hex(unpack('B', target_tmp[15])[0])[2:]3326 3327 # RFC-2464, 7. Address Mapping -- Multicast3328 eth_dst_address = '33:33:ff:' + byte_13 + ':' + byte_14 + ':' + byte_153329 eth_hdr = Ether(dst = eth_dst_address)3330 3331 # RFC-4861, 4.3. Neighbor Solicitation Message Format3332 # RFC-4291, 2.7.1. Pre-Defined Multicast Addresses - Solicited-Node Address: FF02:0:0:0:0:1:FFXX:XXXX3333 ipv6_dst_address = 'ff02::1:ff' + byte_13 + ':' + byte_14 + byte_153334 ip_hdr = IPv6(dst = ipv6_dst_address)3335 icmp_hdr = ICMPv6ND_NS(tgt=target)3336 my_mac_address = get_if_hwaddr(interface)3337 icmp_ns_src_lladdr = ICMPv6NDOptSrcLLAddr(lladdr = my_mac_address)3338 final_packet=eth_hdr/ip_hdr/icmp_hdr/icmp_ns_src_lladdr3339 ans, unans=srp(final_packet, iface=interface, verbose=0, timeout=capture_timeout_g, retry=packet_retries_g)3340 if ans:3341 if len(ans[0]) > 1 :3342 if type(ans[0][1][0])==scapy.layers.l2.Ether :3343 if type(ans[0][1][0].payload) == scapy.layers.inet6.IPv6 :3344 if type(ans[0][1][0].payload.payload)==scapy.layers.inet6.ICMPv6ND_NA :3345 return ans[0][1][0].src3346 return None3347def start_clock():3348 global start_time_g3349 start_time_g = time.time()3350def get_time_elapsed():3351 now = time.time()3352 return now-start_time_g3353# Command line argument parsing3354def argparser():3355 global first_test_g, last_test_g, capture_timeout_g, packet_retries_g, interface_g, debug_g, inter_test_delay_g, send_eth_g, target_host6_g, target_host4_g, target_os_details_g, interactive_mode_g, open_port_g, closed_port_g, target_mac_addr_g, do_connectivity_test_g3356 opts, args = getopt.gnu_getopt(sys.argv[1:], "h", ["help", "ot=", "ct=", "from=", "to=", "timeout=", "retries=", "test=", "interface=", "debug", "delay=", "send-eth", "send-ip", "addr4=", "noports", "interactive", "gwmac=", "force"])3357 for o, a in opts:3358 if o == "--ot":3359 open_port_g = int(a)3360 elif o == "--ct":3361 closed_port_g = int(a)3362 elif o == "-h" or o == "--help":3363 print_usage()3364 sys.exit()3365 elif o == "--from":3366 first_test_g=int(a)3367 elif o == "--to":3368 last_test_g=int(a)3369 elif o == "--test":3370 first_test_g=int(a)3371 last_test_g=int(a)3372 elif o == "--timeout":3373 capture_timeout_g=int(a)3374 elif o == "--retries":3375 packet_retries_g=int(a)3376 elif o == "--interface" :3377 interface_g=str(a)3378 elif o == "--debug" :3379 debug_g=True3380 elif o == "--delay" :3381 inter_test_delay_g=int(a)3382 elif o == "--send-eth" :3383 send_eth_g=True3384 elif o == "--send-ip" :3385 send_eth_g=False3386 elif o == "--addr4":3387 target_host4_g=str(a)3388 elif o == "--noports":3389 open_port_g=DEFAULT_OPEN_PORT_IN_TARGET3390 closed_port_g=DEFAULT_CLOSED_PORT_IN_TARGET3391 elif o == "--interactive":3392 interactive_mode_g=True3393 elif o == "--gwmac":3394 target_mac_addr_g=str(a)3395 elif o == "--force":3396 do_connectivity_test_g=False3397 else :3398 exit(1)3399 # PARAMETER VALIDATION3400 # Check we have enough args3401 if len(sys.argv)<2 :3402 print_usage()3403 exit(1)3404 # Now check if we are root3405 if not os.geteuid() == 0 :3406 sys.exit('ERROR: You must be root to run this program')3407 # Check if interactive mode was requested3408 if interactive_mode_g==True:3409 interactive_mode()3410 else :3411 target_host6_g=args[0] # Store target host3412 # Check that we have the necessary port numbers3413 if open_port_g==None :3414 return "ERROR: You need to supply a target's open port or use --noports explicitly"3415 if closed_port_g==None :3416 closed_port_g=DEFAULT_CLOSED_PORT_IN_TARGET3417 # If user did not specify --send-eth or --send-ip, make a choice3418 if send_eth_g==None :3419 # If target is link local, send at the ethernet level3420 if target_host6_g.lower().startswith("fe80") :3421 send_eth_g=True3422 elif target_host6_g == "::1" or target_host6_g=='localhost' :3423 send_eth_g=False3424 conf.L3socket=L3RawSocket63425 elif interface_g!=None :3426 send_eth_g=True3427 else :3428 send_eth_g=False3429 # Check that we have an interface name if we need one3430 if send_eth_g==True and interface_g==None :3431 return "ERROR: Interface name needed."3432 elif send_eth_g==True and interface_g!=None:3433 del_scapy_routes()3434 mytarget=target_host6_g+"/128"3435 conf.route6.add(dst=mytarget, gw=mytarget, dev=interface_g)3436 elif send_eth_g==False and interface_g==None :3437 interface_g=conf.iface3438 return None3439def interactive_mode():3440 global interface_g, send_eth_g, target_host6_g, target_host4_g, target_os_details_g, open_port_g, closed_port_g3441 print "[+] First of all, we need you to provide some details:"3442 # Request target's IPv6 Address3443 target_host6_g=ask_interactive_target_addr6()3444 if target_host6_g.startswith("fe80::") :3445 interface_g=ask_interactive_interface()3446 send_eth_g=True3447 else :3448 send_eth_g=False3449 # Request target's IPv4 address3450 ip4=ask_interactive_target_addr4()3451 if ip4!=None :3452 target_host4_g=ip43453 # Request open and closed ports3454 open_port_g=ask_interactive_openport()3455 closed_port_g=ask_interactive_closedport()3456def ask_interactive_target_addr6():3457 while True:3458 addr=raw_input(" |_ Target's IPv6 address: ")3459 if addr!=None and len(addr)>0 :3460 break3461 return addr3462def ask_interactive_target_addr4():3463 addr=raw_input(" |_ Target's IP (version 4) address [Press ENTER to skip IPv4]: ")3464 if addr==None or len(addr)==0 :3465 return None3466 else :3467 return addr3468def ask_interactive_interface():3469 while True:3470 print " |_ Supplied IPv6 address is link-local. Please specify which"3471 iface=raw_input(" network interface should be used: ")3472 if iface!=None and len(iface)>0 :3473 break3474 return iface3475def ask_interactive_openport():3476 while True:3477 port=raw_input(" |_ OPEN port in target [Press ENTER to default to "+str(DEFAULT_OPEN_PORT_IN_TARGET)+"]: ")3478 if port==None or len(port)==0 :3479 return DEFAULT_OPEN_PORT_IN_TARGET3480 elif port.isdigit() :3481 return int(port)3482def ask_interactive_closedport():3483 while True:3484 port=raw_input(" |_ CLOSED port in target [Press ENTER to default to "+str(DEFAULT_CLOSED_PORT_IN_TARGET)+"]: ")3485 if port==None or len(port)==0 :3486 return DEFAULT_CLOSED_PORT_IN_TARGET3487 elif port.isdigit() :3488 return int(port)3489def ask_interactive_osdetails():3490 os= ( ("Linux", ("CentOs", "Debian", "Fedora", "Gentoo", "Mandriva", "Mint", "Redhat", "Slackware", "Suse", "Ubuntu", "Other") ),3491 ("BSD", ("DragonFlyBSD", "FreeBSD", "NetBSD", "OpenBSD", "PC-BSD", "Other") ),3492 ("Windows",("Windows XP", "Windows Vista", "Windows 7", "2003 Server", "2008 Server", "Other") ),3493 ("MacOS X",("Puma", "Jaguar", "Panther", "Tiger", "Leopard", "Snow Leopard", "Lion", "Other") ),3494 ("Solaris",("Sun Solaris", "OpenSolaris", "OpenIndiana", "SchilliX", "Other") ),3495 ("Other", ("Router", "Firewall", "Switch", "Proxy", "Other") )3496 )3497 while True :3498 # Request OS type3499 print "==================TARGET OS TYPES =================="3500 for i in range(0, len(os)):3501 print " " + str(i) + ") " + os[i][0]3502 while True:3503 os_type=raw_input("[+] Please enter the target's OS type: ")3504 if len(os_type)<=0 or os_type.isdigit()==False:3505 os_type=-13506 else :3507 os_type=int(os_type)3508 if os_type>=0 and os_type<len(os) :3509 break3510 # Request OS sub-type3511 print "================TARGET OS SUB-TYPES ================"3512 for i in range(0, len(os[os_type][1])):3513 print " " + str(i) + ") " + os[os_type][1][i]3514 while True:3515 os_subtype=raw_input("[+] Please enter the target's OS sub type: ")3516 if len(os_subtype)<=0 or os_subtype.isdigit()==False:3517 os_subtype=-13518 else :3519 os_subtype=int(os_subtype)3520 if os_subtype>=0 and os_subtype<len(os[os_type][1]) :3521 break3522 print "=================TARGET OS VERSION ================="3523 if os[os_type][1][os_subtype]=="Other" :3524 if os[os_type][0] == "Other" :3525 os_version=raw_input("[+] Please enter Vendor, OS name and OS version (Eg: Cisco Catalyst 4500 12.2SG): ")3526 else :3527 os_version=raw_input("[+] Please enter OS sub-type and OS version (eg: IOS 12.2SB): ")3528 else :3529 if os[os_type][0] == "Windows" :3530 os_version=raw_input("[+] Please enter Windows version (Eg: SP2, Enterprise...): ")3531 elif os[os_type][0] == "Linux" :3532 os_version=raw_input("[+] Please enter kernel's version (Eg: 2.6.32): ")3533 elif os[os_type][0] == "BSD" :3534 os_version=raw_input("[+] Please enter BSD's version (Eg: 8.1): ")3535 elif os[os_type][0] == "Solaris" :3536 os_version=raw_input("[+] Please enter Solaris' version (Eg: 2009.06): ")3537 elif os[os_type][0] == "MacOS X" :3538 os_version=raw_input("[+] Please enter the output of 'uname -a': ")3539 else:3540 os_version=raw_input("[+] Please enter any version information about the target OS: ")3541 print "[+] You have entered the following information:"3542 print " |_ OS Type: " + os[os_type][0]3543 print " |_ OS Subtype: " + os[os_type][1][os_subtype]3544 print " |_ OS Version: " + os_version3545 final=raw_input("[+] [+] Is the information correct? [Y/n]: ")3546 if final!="N" and final!="n" :3547 break3548 result=(os[os_type][0], os[os_type][1][os_subtype], os_version)3549 return result3550def write_results_file():3551 output_file = open(output_file_name_g, "w")3552 # Write initial header3553 header=get_results_file_header()3554 for line in header :3555 output_file.write(line)3556 output_file.write("\r\n")3557 # Write OS details request if we dont have OS info3558 if target_os_details_g==None:3559 req=get_results_file_osrequest()3560 for line in req :3561 output_file.write(line)3562 output_file.write("\r\n")3563 # Write the actual results3564 for line in output_data:3565 output_file.write(line)3566 output_file.write("\r\n")3567 output_file.close()3568# Dummy signal handler to prevent Python from displaying a bunch of stack info3569# when users press CTRL-C3570def signal_handler(signal, frame):3571 print "\nQUITTING!"3572 sys.exit(0)3573def test_connectivity():3574 result6=False3575 result4=True3576 print "[+] PERFORMING CONNECTIVITY TEST... "3577 if target_host6_g!=None :3578 # Test we have IPv6 connectivity: send TCP SYN and check for responses3579 ip_packet1=build_default_ipv6(target_host6_g)3580 ip_packet2=build_default_ipv6(target_host6_g)3581 tcp_packet=build_default_tcp()3582 tcp_packet.dport=open_port_g3583 tcp_packet.sport=234563584 tcp_packet.seq=2173423585 tcp_packet.ack=03586 tcp_packet.flags='S'3587 icmp_packet=ICMPv6EchoRequest()3588 final_packets=[ip_packet1/tcp_packet, ip_packet2/icmp_packet]3589 # Send the packet and listen for responses3590 sys.stdout.write("[+] IPv6 conectivity: ")3591 sys.stdout.flush()3592 if send_eth_g == True:3593 response6=send_and_receive_eth(final_packets, verbosity=0)3594 else:3595 response6=send_and_receive(final_packets, verbosity=0)3596 if response6 :3597 print "YES"3598 result6=True3599 else :3600 print "NO"3601 result6=False3602 if target_host4_g!=None :3603 # Special case: localhost needs some adjustments3604 if send_eth_g==False and (target_host4_g=='127.0.0.1' or target_host4_g=='localhost') :3605 tmp=conf.L3socket3606 conf.L3socket = L3RawSocket3607 3608 # Test we have IPv4 connectivity: send TCP SYN and check for responses3609 ip_packet1=build_default_ipv4(target_host4_g)3610 ip_packet2=build_default_ipv4(target_host4_g)3611 tcp_packet=build_default_tcp()3612 tcp_packet.dport=open_port_g3613 tcp_packet.sport=234563614 tcp_packet.seq=2173423615 tcp_packet.ack=03616 tcp_packet.flags='S'3617 icmp_packet=ICMP(type=8)3618 final_packets=[ip_packet1/tcp_packet, ip_packet2/icmp_packet]3619 # Send the packet and listen for responses3620 sys.stdout.write("[+] IPv4 conectivity: ")3621 sys.stdout.flush()3622 if send_eth_g == True:3623 response4=send_and_receive_eth(final_packets, verbosity=0)3624 else:3625 response4=send_and_receive(final_packets, verbosity=0)3626 if response4 :3627 print "YES"3628 result4=True3629 else :3630 print "NO"3631 result4=False3632 # Restore original L3 socket3633 if send_eth_g==False and (target_host4_g=='127.0.0.1' or target_host4_g=='localhost') :3634 conf.L3socket=tmp3635 # If we got responses -> we have connectivity -> test passed3636 if (result6==True and result4==True) :3637 return True3638 # One or both (IPv4 an IPv6) tests failed -> test not passed3639 else :3640 print_debug_info()3641 if result6==True and result4==False :3642 print "ERROR: It seems that you don't have IPv4 connectivity with the target. "3643 elif result6==False and result4==True :3644 print "ERROR: It seems that you don't have IPv6 connectivity with the target. "3645 else :3646 print "ERROR: It seems that you don't have IPv6 and IPv4 connectivity with the target. "3647 print "Please check the information displayed above for any configuration"3648 print "error. You may want to force the script to send packets at the "3649 if(send_eth_g==True) :3650 print "IP level (instead of the Ethernet level), passing --send-ip"3651 else :3652 print "Ethernet level (instead of the IP level), passing --send-eth"3653 print "If you are sure your configuration is correct and you wish to"3654 print "skip this connectivity test, please run the script again passing"3655 print "the parameter --force"3656 return False3657def main():3658 global target_os_details_g, target_mac_addr_g, source_ipv6_addr_g3659 # Start clock3660 start_clock()3661 # Parse command line parameters3662 res=argparser()3663 if res != None :3664 print res3665 exit(1)3666 # Print welcome banner3667 print_welcome_banner()3668 # If we are sending at the ethernet level, get some details3669 if send_eth_g==True and target_mac_addr_g==None:3670 print "[+] Resolving target's MAC address"3671 # Obtain target's MAC address3672 mac=get_target_mac_address(target_host6_g, interface_g)3673 if mac == None:3674 print "ERROR: Could not resolve target's MAC address"3675 exit(1)3676 else :3677 target_mac_addr_g=mac3678 print "[+] "+ target_host6_g + " is at " + target_mac_addr_g3679 if send_eth_g==True:3680 # Obtain source IPv6 address3681 ipaddr=get_interface_src_ipv6(interface_g)3682 if ipaddr== None:3683 print "ERROR: Could not determine IPv6 address of interface " + str(interface_g)3684 exit(1)3685 else :3686 source_ipv6_addr_g=ipaddr3687 # Prepare all test packets3688 if target_host6_g!=None :3689 set_up_ipv6_tests(target_host6_g)3690 if target_host6_g!=None :3691 set_up_ipv4_tests(target_host4_g)3692 # First of all, perform a connectivity test, to see if we are all set up3693 # for the OS probes.3694 if do_connectivity_test_g==True :3695 if test_connectivity()==False :3696 exit(1)3697 # Run main the tests3698 run_all_tests(target_host6_g, target_host4_g, first_test_g, last_test_g+1)3699 # Run time dependant tests only when all others are requested3700 if first_test_g==0 and last_test_g> len(test6_ids) :3701 run_timing_dependant_tests() # Nmap OS probes that are sent 100ms apart3702 # Build result vectors3703 build_result_vector6()3704 build_result_vector4()3705 # Request target's OS details3706 if interactive_mode_g==True :3707 target_os_details_g=ask_interactive_osdetails()3708 # If debug mode is enabled, print some debugging info3709 if debug_g==True :3710 print_debug_info()3711 # Print test results3712 print_test_results()3713 # Ok, now that we are done, create an output file to store relevant info.3714 write_results_file()3715# ENTRY EXECUTION POINT3716signal.signal(signal.SIGINT, signal_handler)...
test__socket_dns6.py
Source:test__socket_dns6.py
1#!/usr/bin/python2# -*- coding: utf-8 -*-3from __future__ import print_function, absolute_import, division4import gevent.testing as greentest5import socket6from gevent.tests.test__socket_dns import TestCase, add7from gevent.testing.sysinfo import RESOLVER_NOT_SYSTEM8from gevent.testing.sysinfo import RESOLVER_DNSPYTHON9if not greentest.RUNNING_ON_CI and not RESOLVER_DNSPYTHON:10 # We can't control the DNS servers we use there11 # for the system. This works best with the google DNS servers12 # The getnameinfo test can fail on CI.13 # Previously only Test6_ds failed, but as of Jan 2018, Test614 # and Test6_google begin to fail:15 # First differing element 0:16 # 'vm2.test-ipv6.com'17 # 'ip119.gigo.com'18 # - ('vm2.test-ipv6.com', [], ['2001:470:1:18::125'])19 # ? --------- ^^ ^^20 # + ('ip119.gigo.com', [], ['2001:470:1:18::119'])21 # ? ^^^^^^^^ ^^22 class Test6(TestCase):23 # host that only has AAAA record24 host = 'aaaa.test-ipv6.com'25 def test_empty(self):26 self._test('getaddrinfo', self.host, 'http')27 def test_inet(self):28 self._test('getaddrinfo', self.host, None, socket.AF_INET)29 def test_inet6(self):30 self._test('getaddrinfo', self.host, None, socket.AF_INET6)31 def test_unspec(self):32 self._test('getaddrinfo', self.host, None, socket.AF_UNSPEC)33 class Test6_google(Test6):34 host = 'ipv6.google.com'35 def _normalize_result_getnameinfo(self, result):36 if greentest.RUNNING_ON_CI and RESOLVER_NOT_SYSTEM:37 # Disabled, there are multiple possibilities38 # and we can get different ones, rarely.39 return ()40 return result41 add(Test6, Test6.host)42 add(Test6_google, Test6_google.host)43 class Test6_ds(Test6):44 # host that has both A and AAAA records45 host = 'ds.test-ipv6.com'46 def _normalize_result_gethostbyaddr(self, result):47 # This test is effectively disabled. There are multiple address48 # that resolve and which ones you get depend on the settings49 # of the system and ares. They don't match exactly.50 return ()51 _normalize_result_gethostbyname = _normalize_result_gethostbyaddr52 add(Test6_ds, Test6_ds.host)53if __name__ == '__main__':...
Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.
You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.
Get 100 minutes of automation test minutes FREE!!