One of my favorite tools for fine-grained interactions with target systems during penetration testing is the mighty Scapy. While other tools are indispensable for scanning large numbers of machines, Scapy is like a fine-grained scalpel for manipulating a single target in a myriad of cool ways. With all kinds of features, Scapy just rocks.
In fact, a few years ago, I tweeted thusly:
I just said, “Working w/ Scapy is like being a 10 yo girl who gets a pony, & finding out it is a pegasus unicorn pony that farts rainbows.”
— edskoudis (@edskoudis) November 8, 2011
To that end, just a couple weeks ago, we released a Scapy cheat sheet, covering the items we use Scapy for in the SANS Security 560 course on Network Pen Testing and Ethical Hacking, plus some additional tips and tricks. Enjoy!
If you like this kinda thing, plus a whole bunch of other practical, hands-on pen testing techniques (including recon, scanning, exploitation, post exploitation, and more), please do check out the SANS Security 560 course. I’ve recently added great new stuff on recon-ng, Anti-Virus evasion, PowerShell for post-exploitation, and much more!
Hope to see you there!
SANS Instructor & Pen Test Curriculum Lead
Founder, Counter Hack
Pen Test Cheat Sheets:
Upcoming SANS Special Event – 2018 Holiday Hack Challenge
SANS Holiday Hack Challenge – KringleCon 2018
- Free SANS Online Capture-the-Flag Challenge
- Our annual gift to the entire Information Security Industry
- Designed for novice to advanced InfoSec professionals
- Fun for the whole family!!
- Build and hone your skills in a fun and festive roleplaying like video game, by the makers of SANS NetWars
- Learn more: www.kringlecon.com
- Play previous versions from free 24/7/365: www.holidayhackchallenge.com
- “On to level 4 of the #holidayhackchallenge. Thanks again @edskoudis / @SANSPenTest team.” – @mikehodges
- “#SANSHolidayHack Confession – I have never used python or scapy before. I got started with both today because of this game! Yay!” – @tww2b
- “Happiness is watching my 12 yo meet @edskoudis at the end of #SANSHolidayHack quest. Now the gnomes #ProudHackerPapa” – @dnlongen