IP id finder
I have been intrigued by nmap’s feature to scan a target using an idle zombie pc which has an incremental ip id. I have also been intrigued by scapy. Finally I have also been intrigued by metasploit. At first I combined nmap and metasploit and the end result was, that I was not able to get the IPIDSEQ module to work. So I turned to scapy and tried porting the metasploit module to python. It was fun and I finally employed python for something besides playing with it to learn.
I’ve also finally learned why it’s nice to prepend your output with “[*]“, since I’ve been lazy with the verbose output I have just used the one from scapy to know if my script should output or shouldn’t output verbose messages. This means that the output gets cluttered. So by prepending “[*]” you can just grep the results to have a clear view of what the script is doing without the scapy stuff in between it.
Finally scapy is a real nice toy. I had to implement 0.0 code to support cidr notation. So when you for example want to scan a /24 range you can just go like: “microsoft.com/24″. isn’t that neat? Hope you enjoy it and find a way to use it. For me it was more fun to write it and learn a lot along the way, then the actual goal I wrote it for. oh btw the non-verbose output looks like:
[*] 74.125.45.100 = Randomized
oh a second btw I recommend putting the timeout/waittime on 5 or something like that.
This entry was posted on July 11, 2009 at 00:04 and is filed under security with tags cidr, idle scan, ip, ip id, ipid scanner, metasploit, nmap, python, scapy. You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.
