libnet / nemesis Goto Github PK

View Code? Open in Web Editor NEW

483.0 20.0 68.0 797 KB

A command-line network packet crafting and injection utility

Home Page: https://troglobit.com/projects/nemesis/

License: BSD 3-Clause "New" or "Revised" License

Makefile 1.26% Shell 0.02% C 97.93% M4 0.79%

packet-generator packet-crafting packet-injection nemesis

nemesis's Introduction

N E M E S I S - Crafting & Injection

The Nemesis Project is designed to be a command line based, portable human IP stack for UNIX-like and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts.

The latest release is always available from GitHub at

https://github.com/libnet/nemesis/releases

Key Features

ARP/RARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP protocol support
Layer 2 or Layer 3 injection on UNIX-like systems
Layer 2 injection (only) on Windows systems
Packet payload from file
IP and TCP options from file
Tested on OpenBSD, Linux, Solaris, Mac OS X and Windows 2000

Each supported protocol uses its own protocol "injector" which is accompanied by a man page explaining its functionality.

Consult the ChangeLog for release details, and the documentation for each protocol injector for in-depth descriptions of the available functionality.

Examples

Inject malformed ICMP redirect

  sudo nemesis icmp -S 10.10.10.3 -D 10.10.10.1 -G 10.10.10.3 -i 5

DHCP Discover (must use sudo and -d to send with source IP 0.0.0.0):
```
  sudo nemesis dhcp -d eth0
```

IGMP v2 join for group 239.186.39.5

  sudo nemesis igmp -v -p 22 -S 192.168.1.20 -g 239.186.39.5 -D 239.186.39.5

IGMP v2 query, max resp. time 10 sec, with Router Alert IP option

  echo -ne '\x94\x04\x00\x00' >RA
  sudo nemesis igmp -v -p 0x11 -c 100 -D 224.0.0.1 -O RA

  echo -ne '\x94\x04\x00\x00' | sudo nemesis igmp -v -p 0x11 -c 100 -D 224.0.0.1 -O -

IGMP v3 query, with Router Alert IP option

  echo -ne '\x03\x64\x00\x00' > v3
  sudo nemesis igmp -p 0x11 -c 100 -i 0.0.0.0 -P v3 -D 224.0.0.1 -O RA

Random TCP packet
```
  sudo nemesis tcp
```

DoS and DDoS testing

  sudo nemesis tcp -v -S 192.168.1.1 -D 192.168.2.2 -fSA -y 22 -P foo
  sudo nemesis udp -v -S 10.11.12.13 -D 10.1.1.2 -x 11111 -y 53 -P bindpkt
  sudo nemesis icmp redirect -S 10.10.10.3 -D 10.10.10.1 -G 10.10.10.3 -qR
  sudo nemesis arp -v -d eth0 -H 0:1:2:3:4:5 -S 10.11.30.5 -D 10.10.15.1

Build & Install

Nemesis is built around libnet. Windows platform builds require libpcap as well. Nemesis <= 1.4 was built around libnet 1.0 and Nemesis >= 1.5 require libnet 1.1, or later.

Debian/Ubuntu

curl -sS https://deb.troglobit.com/pubkey.gpg | sudo apt-key add -
echo "deb [arch=amd64] https://deb.troglobit.com/debian stable main" | sudo tee /etc/apt/sources.list.d/troglobit.list
sudo apt-get update && sudo apt-get install nemesis

Building from Source

On Debian and Ubuntu derived GNU/Linux systems:

sudo apt install libnet1-dev

This installs the libnet headers and library in a standard location which the configure script easily can find. Should your libnet1 installation be in a non-standard location you can provide the paths like this:

configure LDFLAGS=-L/path/to/lib CPPFLAGS=-I/path/to/header

The GNU Configure & Build system use /usr/local as the default install prefix. Usually this is sufficient, the below example installs to /usr instead:

tar xf nemesis-1.7.tar.xz
cd nemesis-1.7/
./configure --prefix=/usr
make -j5
sudo make install-strip

Installing on Windows

nemesis.exe can be installed anywhere on a Windows system. The caveat is that LibnetNT.dll must exist either in the same directory as nemesis.exe or in any of the directories listed in the %PATH% variable. On Windows 2000 this would be %SystemRoot%\System32

Note: the windows build has not been tried or tested in over a decade. YYMV

Building from GIT

If you want to contribute, or simply want to try out the latest but still unreleased features, then you need to know a few things about the GNU Configure & Build system:

configure.ac and a per-directory Makefile.am are key files
configure and Makefile.in are generated from autogen.sh, they are not stored in GIT but automatically generated for the release tarballs
Makefile is generated by configure script

To build from GIT you first need to clone the repository and run the autogen.sh script. This requires automake and autoconf to be installed on your system.

git clone https://github.com/libnet/nemesis.git
cd nemesis/
./autogen.sh
./configure && make

GIT sources are a moving target and are not recommended for production systems, unless you know what you are doing!

Origin & References

1999: Nemesis was created by Mark Grimes
2001: Jeff Nathan took over maintainership
2018: Project resurrected by Joachim Nilsson

The project is currently maintained at GitHub with the intention to serve as a focal point for new development. If you have patches and/or ideas, please submit them using the issue tracker or as pull requests.

nemesis's People

Contributors

Stargazers

Watchers

nemesis's Issues

bug while trying display interfaces

Error executing command
c:\GNU>nemesis.exe icmp -Z
PacketGetAdapterNames: The data area passed to a system call is too small. (122): No error

Nemesis will only work with libnet version 1.1.6...

Should probably say "Nemesis will only work with libnet version 1.1.6 and higher" in case a user is building from libnet trunk here on GitHub 👍

Also --enable-pcapoutput is not available as an option when running ./configure --help

Also "http://www.packetfactory.net/projects/libnet/" is dead.

RIP Injection: -i 0.0.0.0 option results in random RIP Address

I have builded nemesis 1.7 release.

Run the following command:

$ nemesis rip -v -d wlan0 -c 1 -V 1 -a 0 -R 0 -i  0.0.0.0 -k 0.0.0.0 -h 0.0.0.0 -m 16 -S 10.10.10.1                                                                                     
                                                                                                                                       
RIP Packet Injection -=- The NEMESIS Project v1.7                                                                                      

               [MAC] 20:7C:8F:11:39:13 > FF:FF:FF:FF:FF:FF
     [Ethernet type] IP (0x0800)

                [IP] 10.10.10.1 > 224.0.0.9
             [IP ID] 39436
          [IP Proto] UDP (17)
            [IP TTL] 1
            [IP TOS] 0x10
    [IP Frag offset] 0x0000
     [IP Frag flags]
         [UDP Ports] 520 > 520

       [RIP Command] Request (1)
       [RIP Version] 1
[RIP Routing domain] 0
[RIP Address family] Unknown (0)
     [RIP Route tag] 0
       [RIP Address] 117.64.14.67
  [RIP Network mask] 0.0.0.0
      [RIP Next hop] 0.0.0.0
        [RIP Metric] 16

Wrote 66 byte RIP packet through linktype DLT_EN10MB.

The [RIP Address] should have been set by -i 0.0.0.0 option, but as showed above, it is randomized.

If setting -i with a non 0.0.0.0 IP, everything is fine.

The all-zero IP address is useful for the purpose of RIP testing, so it might be better to leave the choice to the users.

Deauth attack with nemesis

can nemesis used for deauth attack ? if possible , could you tell me ?

Nemesis won't update

It tells me to check to see if it has permission, but I have no idea how to do that.

Investigate using PACKET_QDISC_BYPASS when count > 1

On Linux, since 3.14, it is possible to bypass any qdisc set with tc to maximize throughput. So this, along with #8, should make it possible to create real nice packet loads, e.g. for arp.

Example:

https://stackoverflow.com/questions/27614657/example-code-on-using-packet-qdisc-bypass-option-on-ethernet-raw-socket-on-linux

Error calling dns_exit instead dhcp_exit

nemesis-dchp.c

Call to dns_exit on nemesis-dhcp.c instead of calling dhcp_exit on line 368
on versions 1.6 and master one.
`#if defined(WIN32)
case 'Z':
if ((ifacetmp = pcap_lookupdev(errbuf)) == NULL)
perror(errbuf);

		PrintDeviceList(ifacetmp);
		dhcp_exit /*dns_exit(1)*/;
		/* fallthrough */

#endif`

Version: 1.6 and trunk one
Platform: Windows.
please correct.

default timeout when sending only one frame

Expected Behavior

nemesis should quit after the last frame has been sent and not wait for -i or the default of 1 second.

Actual Behavior

nemesis waits for -i after the last frame has been sent.

Steps to Reproduce the Problem

send a frame ;)

Specifications

Version: 1.6
Platform: Ubuntu bionic

Solution

For me, it seem line 344 of nemesis-functions.c isn't working as it should.

344                 if (count != 0 && interval >= 0)
345                         usleep(interval);

If count would be 0, it should not sleep. So I think there's an issue with the counter (off by one?)

Convert man pages to mdoc

Sending IGMP v3 Join

Hi all,
I'm having an issue sending an IGMP v3 packet. I doubt it's an issue with nemesis itself, but rather my knowledge of it - I am hoping someone here is able to assist.

I modified the example in the docs for an IGMP v2 join, to:

sudo nemesis igmp -v -p 0x22 -S 192.168.69.62 -g 224.0.1.116 -D 224.0.0.2

However, watching with Wireshark shows an IGMPv3 Membership Report, but it indicates that it is a malformed packet. I found 0x22 as an option under nemesis igmp help. I attempted to craft a payload, but with my limited knowledge it did not go too well!

If anyone is able to provide any suggestions, it would be much appreciated. And if it is possible to send a v3 join packet, this may be useful in the docs.

Thank you

ICMP packets generate invalid IP header length

If generating ICMP packets, IP header's length field doesn't include the length of the IP header itself, producing invalid IP packets. Other protocols are correct.

Tested on latest master 0123747 on macOS 10.13.6.

Example:

nemesis icmp -d en0
# generates invalid ip len of 8
18:54:16.086289 IP bad-len 8
	0x0000:  4500 0008 7395 0000 ff01 cae4 12c6 791e  E...s.........y.
	0x0010:  e31b 0e7b 0800 8241 0331 728d            ...{...A.1r.

nemesis udp -d en0
# ip length in udp packet is correct
18:53:17.276246 IP 24.220.67.47.45058 > 204.54.51.44.33435: UDP, length 0
	0x0000:  4500 001c 3f13 0000 ff11 2150 18dc 432f  E...?.....!P..C/
	0x0010:  cc36 332c b002 829b 0008 71d2            .63,......q.

Investigate using sendmmsg(2) on Linux

Linux has sendmmsg(2) which is very efficient in sending multiple messages.

Binary link fails due to multiple definition of varables

Nemesis does not successfully compile

Expected Behavior

Successful creation of nemesis binary

Actual Behavior

ld fails to link nemesis

/usr/bin/ld: nemesis-proto_dns.o:/home/RL/packages/nemesis/nemesis-20210419/src/nemesis-dns.h:32: multiple definition of `state'; nemesis-dns.o:/home/RL/packages/nemesis/nemesis-20210419/src/nemesis-dns.h:32: first defined here
/usr/bin/ld: nemesis-proto_icmp.o:/home/RL/packages/nemesis/nemesis-20210419/src/nemesis-icmp.h:42: multiple definition of `mode'; nemesis-icmp.o:/home/RL/packages/nemesis/nemesis-20210419/src/nemesis-icmp.h:42: first defined here
/usr/bin/ld: nemesis-proto_icmp.o:/home/RL/packages/nemesis/nemesis-20210419/src/nemesis-icmp.h:43: multiple definition of `got_origoptions'; nemesis-icmp.o:/home/RL/packages/nemesis/nemesis-20210419/src/nemesis-icmp.h:43: first defined here
/usr/bin/ld: nemesis-ospf.o:/home/RL/packages/nemesis/nemesis-20210419/src/nemesis-ospf.h:46: multiple definition of `mode'; nemesis-icmp.o:/home/RL/packages/nemesis/nemesis-20210419/src/nemesis-icmp.h:42: first defined here
/usr/bin/ld: nemesis-proto_ospf.o:/home/RL/packages/nemesis/nemesis-20210419/src/nemesis-ospf.h:46: multiple definition of `mode'; nemesis-icmp.o:/home/RL/packages/nemesis/nemesis-20210419/src/nemesis-icmp.h:42: first defined here

Steps to Reproduce the Problem

make V=1

libnet / nemesis Goto Github PK

nemesis's Introduction

N E M E S I S - Crafting & Injection

Key Features

Examples

Build & Install

Debian/Ubuntu

Building from Source

Installing on Windows

Building from GIT

Origin & References

nemesis's People

Contributors

Stargazers

Watchers

Forkers

nemesis's Issues

nemesis-dchp.c

Expected Behavior

Actual Behavior

Steps to Reproduce the Problem

Specifications

Solution

Expected Behavior

Actual Behavior

Steps to Reproduce the Problem

Recommend Projects

Recommend Topics

Recommend Org