I am trying to use scapy to sniff out wireless access points, but whenever I run the script nothing is printed and I get a Segmentation Fault: 11
I am using Python 3.4 and am running OSX
Here is my code(Its fairly common - used from tutorials on other sites):
import sys
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
ap_list = []
d = {'counter' : 0}
def PacketHandler(pkt):
if pkt.haslayer(Dot11):
if pkt.type == 0 and pkt.subtype == 8:
d['counter'] += 1
if d['counter']>500:
sys.exit()
if pkt.addr2 not in ap_list:
ap_list.append(pkt.addr2)
print("AP MAC: %s with SSID: %s" %(pkt.addr2, pkt.info))
sniff(iface = "en0", prn = PacketHandler)
To sniff scapy requires to run as sudo.
Related
For a project that uses the Raspberry Pi 4, with a special shield as Modbus master I've succesfully written to a register, but I'm having trouble reading from a register. I'm using the Simply Modbus Slave program to test and can see that the request seems to go over well, but I haven't been able to print any data on my Raspberry Pi.
Currently I'm suspecting that the command I use from modbus-tk (cst.READ_INPUT_REGISTERS) send the Read Input Registers command, but doesn't actually receive the response.
I'm therefore seeking help to capture these values, or alternatively save everything received from the slave and find the values among this data.
Also, it could be nice to perhaps print everything sent and received so I can see what's happening in the communication.
This is the current code that I'm using:
## To install dependencies:
## sudo pip3 install modbus-tk
##################################################################################################
import serial
import fcntl
import os
import struct
import termios
import array
import time
#import modbus lib
import modbus_tk
import modbus_tk.defines as cst
import modbus_tk.modbus as modbus
#import modbus_tk.modbus_rtu as modbus_rtu
from modbus_tk import modbus_rtu
# RS485 ioctls define
TIOCGRS485 = 0x542E
TIOCSRS485 = 0x542F
SER_RS485_ENABLED = 0b00000001
SER_RS485_RTS_ON_SEND = 0b00000010
SER_RS485_RTS_AFTER_SEND = 0b00000100
SER_RS485_RX_DURING_TX = 0b00010000
# rs 485 port
ser1 = serial.Serial("/dev/ttySC0",19200)
#ser1 = serial.Serial("/dev/ttySC0",9600)
ser2 = serial.Serial("/dev/ttySC1",9600)
def rs485_enable():
buf = array.array('i', [0] * 8) # flags, delaytx, delayrx, padding
#enable 485 chanel 1
fcntl.ioctl(ser1, TIOCGRS485, buf)
buf[0] |= SER_RS485_ENABLED|SER_RS485_RTS_AFTER_SEND
buf[1] = 0
buf[2] = 0
fcntl.ioctl(ser1, TIOCSRS485, buf)
#enable 485 chanel 2
fcntl.ioctl(ser2, TIOCGRS485, buf)
buf[0] |= SER_RS485_ENABLED|SER_RS485_RTS_AFTER_SEND
buf[1] = 0
buf[2] = 0
fcntl.ioctl(ser2, TIOCSRS485, buf)
#end of rs485_enable():
if __name__ == '__main__':
logger = modbus_tk.utils.create_logger("console")
rs485_enable()
#set modbus master
master = modbus_rtu.RtuMaster(
serial.Serial(port= '/dev/ttySC0',
baudrate=9600,
bytesize=8,
parity='N',
stopbits=1,
xonxoff=0)
)
master.set_timeout(5.0)
master.set_verbose(True)
logger.info("connected")
read = logger.info(master.execute(1, cst.READ_INPUT_REGISTERS, 4, 1))
print(read)
My code is an edited version of my shield's demo code (rtumaster.py) found here (Software/Test Codes/MODBUS).
Thank you in advance
When I try to get Rssi information from my around wireless network with Scapy , I'm getting some error. Also , I am using ALFA-036NH , my monitor mode is open and OS is Kali Linux. I used below codes :
from scapy.all import *
from datetime import datetime
import os
import signal
import sys
def PacketHandler(pkt) :
if pkt.haslayer(Dot11) :
if pkt.type == 0 and pkt.subtype == 8 :
if pkt.haslayer(Dot11Beacon) or pkt.haslayer(Dot11ProbeResp):
try:
extra = pkt.notdecoded
rssi = -(256 - ord(extra[-4:-3]))
except:
rssi = -100
print "WiFi signal strength:", rssi
sniff(iface="wlan0mon", prn = PacketHandler)
However, all of networks giving -100 dbm. Thanks for your interest.
Please retry using the latest scapy github version (or 2.4.1+). It has improved support for RSSI, which is now available (if present), via the dBm_AntSignal field.
pkt.dBm_AntSignal
You don’t need the function you provided.
PS: where did you find such code ? Did you do it yourself? Thanks
I have a motherboard with a kinda of jamma connector, model is axiomtek GMB121.
They provide library for GPIO for windows as dll. The win32 application example works fine.
I'm trying to comunicate with this ddl using python.
I wrote so far, coping from the C code example and converting in python:
from ctypes import *
ERR_Success = 0
ERR_Error = -1
ERR_NotExist = -2
ERR_Opened = -3
ERR_NotOpened = -4
debounce=1
mydll = windll.LoadLibrary("C:\\Users\\test\\Documents\\TestPy\\AGP1_MFC64.dll")
iRet=mydll.AXGMB_Nvram_Open()
if (iRet != ERR_Success and iRet != ERR_Opened):
print "error"
iRet = mydll.AXGMB_DIO_SetDebounceTime(debounce)
if (iRet == ERR_Success):
print "AXGMB_DIO_SetDebounceTime Function success"
else:
print "AXGMB_DIO_SetDebounceTime Function failure"
mydll.AXGMB_DIO_Close()
But what I got is:
iRet=mydll.AXGMB_Nvram_Open()
WindowsError: [Error -532459699] Windows Error 0xE0434F4D
And I don't know how to proceed, any advice?
I got the following code:
import bluetooth
def apparaat():
nearby_devices = bluetooth.discover_devices(lookup_names = True, flush_cache = True, duration = 15)
for address in nearby_devices:
print("Gevonden apparaten: " + str(address))
print("Gevonden apparaten: " + str(nearby_devices))
apparaat()
When I run the script the out put is:
Gevonden apparaten: []
When I scan for bluetooth devices on my raspberry PI it returns a couple. What im a missing here?
Can you try to run this code? I found that someone ported this bluetooth package from python 2.7 to 3.x and it might have introduced some bugs when printing unicode strings.
import bluetooth
x = bluetooth.discover_devices()
n = bluetooth.lookup_name(x[0])
print(n)
(source: https://groups.google.com/forum/#!topic/pybluez/Kq-ViMBo6es)
Is it possible for this code to be modified to include Bluetooth Low Energy devices as well? https://code.google.com/p/pybluez/source/browse/trunk/examples/advanced/inquiry-with-rssi.py?r=1
I can find devices like my phone and other bluetooth 4.0 devices, but not any BLE. If this cannot be modified, is it possible to run the hcitool lescan and pull the data from hci dump within python? I can use the tools to see the devices I am looking for and it gives an RSSI in hcidump, which is what my end goal is. To get a MAC address and RSSI from the BLE device.
Thanks!
As I said in the comment, that library won't work with BLE.
Here's some example code to do a simple BLE scan:
import sys
import os
import struct
from ctypes import (CDLL, get_errno)
from ctypes.util import find_library
from socket import (
socket,
AF_BLUETOOTH,
SOCK_RAW,
BTPROTO_HCI,
SOL_HCI,
HCI_FILTER,
)
if not os.geteuid() == 0:
sys.exit("script only works as root")
btlib = find_library("bluetooth")
if not btlib:
raise Exception(
"Can't find required bluetooth libraries"
" (need to install bluez)"
)
bluez = CDLL(btlib, use_errno=True)
dev_id = bluez.hci_get_route(None)
sock = socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI)
sock.bind((dev_id,))
err = bluez.hci_le_set_scan_parameters(sock.fileno(), 0, 0x10, 0x10, 0, 0, 1000);
if err < 0:
raise Exception("Set scan parameters failed")
# occurs when scanning is still enabled from previous call
# allows LE advertising events
hci_filter = struct.pack(
"<IQH",
0x00000010,
0x4000000000000000,
0
)
sock.setsockopt(SOL_HCI, HCI_FILTER, hci_filter)
err = bluez.hci_le_set_scan_enable(
sock.fileno(),
1, # 1 - turn on; 0 - turn off
0, # 0-filtering disabled, 1-filter out duplicates
1000 # timeout
)
if err < 0:
errnum = get_errno()
raise Exception("{} {}".format(
errno.errorcode[errnum],
os.strerror(errnum)
))
while True:
data = sock.recv(1024)
# print bluetooth address from LE Advert. packet
print(':'.join("{0:02x}".format(x) for x in data[12:6:-1]))
I had to piece all of that together by looking at the hcitool and gatttool source code that comes with Bluez. The code is completely dependent on libbluetooth-dev so you'll have to make sure you have that installed first.
A better way would be to use dbus to make calls to bluetoothd, but I haven't had a chance to research that yet. Also, the dbus interface is limited in what you can do with a BLE connection after you make one.
EDIT:
Martin Tramšak pointed out that in Python 2 you need to change the last line to print(':'.join("{0:02x}".format(ord(x)) for x in data[12:6:-1]))
You could also try pygattlib. It can be used to discover devices, and (currently) there is a basic support for reading/writing characteristics. No RSSI for now.
You could discover using the following snippet:
from gattlib import DiscoveryService
service = DiscoveryService("hci0")
devices = service.discover(2)
DiscoveryService accepts the name of the device, and the method discover accepts a timeout (in seconds) for waiting responses. devices is a dictionary, with BL address as keys, and names as values.
pygattlib is packaged for Debian (or Ubuntu), and also available as a pip package.