GitHunt
SA

saidsef/scapy-containerised

Containerised Scapy environment with a Terminal for interactive packet analysis, network automation, and visualisation. For Docker and Kubernetes deployments

dockerkubernetes-terminalkubernetes-ttynetfilternetworknetwork-analysisnetwork-securitynetwork-virtualizationpacket-capturepacket-geoippacket-snifferpcapscapysecurity-auditsecurity-toolstcpdump

Scapy Containerised

This gives you a shell inside container/namespace via TTYD, and you can use Scapy to analyse network traffic.

Scapy is a powerful Python-based interactive packet manipulation program and library.

Scapy enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.

Scapy is usable either as a shell or as a library. For further details, please head over to Getting started with Scapy, which is part of the documentation.

Prerequisite

  • Container runtime (needs to run privileged mode)
  • Some Python Knowledge
  • Have read Scapy docs

Installation

Follow these steps to build:

git clone https://github.com/saidsef/scapy-containerised
docker build -t saidsef/scapy-containerised:latest .
docker run -d --net=host --privileged -v /path/to/geoip2:/data docker.io/saidsef/scapy-containerised:latest

GeoIP data sets can be download from P3TERX

conf.geoip_city = "/data/GeoLite.mmdb"
conf.temp_files = "/tmp"

trace = traceroute_map(["saidsef.co.uk"], verbose=0)
trace.world_trace()

Than visit:

http://localhost:8080

In the browser termonal type:

python -m scapy.__init__

To start Scapy in interactive mode.

Deployment

To expose host interface to container enable hostNetwork: true in deployment.yml file. Consider security implications

Make certain the PORT isn't already bound to another service - if you choose to run the service on a different PORT make sure you update the relevant fields.

HELM

helm repo add scapy https://saidsef.github.io/scapy-containerised/
helm repo update
helm upgrade --install scapy scapy/scapy --namespace scapy --create-namespace

Kubectl

kubectl apply -k ./deployment

To view, bind Kubernetes service port loaclly:

kubectl port-forward --namespace scapy svc/scapy 8080:8080

Than visit:

http://localhost:8080

Sniff Packets

To list available layers:

help(scapy.layers)

Sniff function specification documentation

print sniff.__doc__
load_layer("http")
get_if_list()
sniff(iface="eth0", prn=lambda x: x.show(), lfilter=lambda x: HTTP in x, count=100)

https://scapy.readthedocs.io/en/latest/api/scapy.layers.html
To load layers tls you might need to downgrade cryptography <= v38

The routes are stores in conf.route. You can use it to display the routes, or get specific routing:

conf.route

Plot unsing Matplotlib

For some special features, Scapy will need some dependencies to be installed.

p=sniff(iface="any", count=50)
p.plot(lambda x:len(x))

https://scapy.readthedocs.io/en/latest/installation.html#optional-dependencies

PDF Dump using pxy

p=IP()/ICMP()
p.pdfdump("test.pdf", target="> /tmp")

Source

Our latest and greatest source of scapy-containerised can be found on GitHub. Fork us!

Contributing

We would ❤️ you to contribute by making a pull request.

Please read the official Contribution Guide for more information on how you can contribute.

Languages

Dockerfile49.3%Go Template33.8%Python16.9%

Contributors

DESASN85
MIT License
Created January 13, 2020
Updated February 26, 2026