nimia / public_drown_scanner Goto Github PK

I installed tcpdump python-pyasn1 scapy python-crypto python-pip

but stil I only get this error, when starting

python scanner.py localhost 443

Running on ubuntu 12.04, using the system version of python:

$ python scanner.py google.com 443     
Import Error - most likely due to missing pycrypto libraries - disabling crypto functionality
ImportError('cannot import name PKCS1_v1_5',)
Traceback (most recent call last):
  File "scanner.py", line 20, in <module>
    import ssl_tls_crypto
  File "./scapy-ssl_tls/ssl_tls_crypto.py", line 13, in <module>
    from Crypto.Cipher import PKCS1_v1_5#,PKCS1_OAEP
ImportError: cannot import name PKCS1_v1_5

Installed python packages:

$ sudo dpkg -l | grep python
ii  libpython2.7                     2.7.3-0ubuntu3.8                                   Shared Python runtime library (version 2.7)
ii  libpython3.2                     3.2.3-0ubuntu3.7                                   Shared Python runtime library (version 3.2)
ii  python                           2.7.3-0ubuntu2.2                                   interactive high-level object-oriented language (default version)
ii  python-apt                       0.8.3ubuntu7.3                                     Python interface to libapt-pkg
ii  python-apt-common                0.8.3ubuntu7.3                                     Python interface to libapt-pkg (locales)
ii  python-chardet                   2.0.1-2build1                                      universal character encoding detector
ii  python-crypto                    2.4.1-1ubuntu0.1                                   cryptographic algorithms and protocols for Python
ii  python-dbg                       2.7.3-0ubuntu2.2                                   debug build of the Python Interpreter (version 2.7)
ii  python-dbus                      1.0.0-1ubuntu1                                     simple interprocess messaging system (Python interface)
ii  python-dbus-dev                  1.0.0-1ubuntu1                                     main loop integration development files for python-dbus
ii  python-debian                    0.1.21ubuntu1                                      Python modules to work with Debian-related data formats
ii  python-dev                       2.7.3-0ubuntu2.2                                   header files and a static library for Python (default)
ii  python-enum                      0.4.4-2                                            robust enumerated type support in Python
ii  python-gdbm                      2.7.3-1ubuntu1                                     GNU dbm database support for Python
ii  python-gi                        3.2.2-1~precise                                    Python 2.x bindings for gobject-introspection libraries
ii  python-gnupginterface            0.3.2-9.1ubuntu3                                   Python interface to GnuPG (GPG)
ii  python-impacket                  0.9.6.0-3                                          Python module to easily build and dissect network protocols
ii  python-minimal                   2.7.3-0ubuntu2.2                                   minimal subset of the Python language (default version)
ii  python-pcapy                     0.10.8-1build1                                     Python interface to the libpcap packet capture library
ii  python-pip                       1.0-1build1                                        alternative Python package installer
ii  python-pkg-resources             0.6.24-1ubuntu1                                    Package Discovery and Resource Access using pkg_resources
ii  python-pyasn1                    0.0.11a-1ubuntu1                                   ASN.1 library for Python
ii  python-pycryptopp                0.5.29-1build1                                     Python wrappers for the Crypto++ library
ii  python-pycryptopp-dbg            0.5.29-1build1                                     Python wrappers for the Crypto++ library (debug extension)
ii  python-pycurl                    7.19.0-4ubuntu3                                    Python bindings to libcurl
ii  python-scapy                     2.2.0-1                                            Packet generator/sniffer and network scanner/discovery
ii  python-setuptools                0.6.24-1ubuntu1                                    Python Distutils Enhancements (setuptools compatibility)
ii  python-software-properties       0.82.7.7                                           manage the repositories that you install software from
ii  python-support                   1.0.14ubuntu2                                      automated rebuilding support for Python modules
ii  python-xapian                    1.2.8-1                                            Xapian search engine interface for Python
ii  python2.7                        2.7.3-0ubuntu3.8                                   Interactive high-level object-oriented language (version 2.7)
ii  python2.7-dbg                    2.7.3-0ubuntu3.8                                   Debug Build of the Python Interpreter (version 2.7)
ii  python2.7-dev                    2.7.3-0ubuntu3.8                                   Header files and a static library for Python (v2.7)
ii  python2.7-minimal                2.7.3-0ubuntu3.8                                   Minimal subset of the Python language (version 2.7)

Am I missing a required crypto library?

I think the scanner is returning false negatives in some cases. I've isolated the problem to the line:

if not SSLv2ServerHello in server_hello:

this branch isn't being triggered, even when the server does respond with valid SSLv2 Server Hello message (per tcpdump). This is with scapy 2.2.0-1 on ubuntu.

If I precede the above line with:

print server_hello
SSL(server_hello_raw).show()

it's clearly a valid and parseable hello message. But the end result is that the script reports ... "Case 3d; Server hello did not contain server hello" incorrectly :/

This is running on Archlinux, I have run into the following syntax issue:

$ python scanner.py localhost 443
  File "scanner.py", line 156
    except ValueError, e:
                     ^
SyntaxError: invalid syntax

Admittedly, this may be user error, but the example usage given makes that a long shot. Why is it looking for e: on Linux?

Hello there,

I' running CentOS 6 and after reading this and installing all modules that are told here #17 , I still have no idea how to solve this output error:

[root@xxx public_drown_scanner]# python scanner.py www.sapo.pt
Import Error - most likely due to missing pycrypto libraries - disabling crypto functionality
ImportError('cannot import name PKCS1_v1_5',)
Traceback (most recent call last):
File "scanner.py", line 26, in
import ssl_tls_crypto
File "/downloads/public_drown_scanner/scapy-ssl_tls/ssl_tls_crypto.py", line 7, in
from Crypto.Util.asn1 import DerSequence
ImportError: No module named asn1

Any help in this?

Thanks,
LP

Can you please tell me how to install it?

On Debian stretch I cannot install the requirements, aptitude doesn't suggest any solution for this problem.

how can I resolve this?

Hi

When I run 'python scanner.py localhost 443' I get:

Traceback (most recent call last):
File "scanner.py", line 25, in
from ssl_tls import *
File "/home/ian/public_drown_scanner-master/scapy-ssl_tls/ssl_tls.py", line 11, in
from scapy_ssl_tls import ssl_tls_crypto
File "/usr/lib/python2.6/site-packages/scapy_ssl_tls/ssl_tls_crypto.py", line 19, in
from Crypto.Cipher import AES, ARC2, ARC4, DES, DES3, PKCS1_v1_5
File "/usr/lib64/python2.6/site-packages/Crypto/Cipher/PKCS1_v1_5.py", line 73, in
from Crypto.Util.number import ceil_div
File "/usr/lib64/python2.6/site-packages/Crypto/Util/number.py", line 56, in
if _fastmath is not None and not _fastmath.HAVE_DECL_MPZ_POWM_SEC:
AttributeError: 'module' object has no attribute 'HAVE_DECL_MPZ_POWM_SEC'

OS is Red Hat Enterprise Linux Server release 6.7 (Santiago)

Any ideas?

Thanks

Hi there,

I build the docker container as you described.
Afterwards, I try to run a scan like this:

docker run -it --rm public-drown-scanner scanner.py 37.120.171.78 443

This is what I get:

Traceback (most recent call last):
File "scanner.py", line 359, in
port = int(sys.argv[2])
ValueError: invalid literal for int() with base 10: '37.120.171.78'

The result is the same, if I use DNS names instead of the IP.

The tool emits the following import errors under some circumstances:

Import Error - most likely due to missing pycrypto libraries - disabling crypto functionality
ImportError('cannot import name TLSHandshake',)

As the README file states, these errors are admittedly annoying, but do not prevent the tool from producing correct results.

At this point, I am unable to chase down the source of this problem, as it does not reproduce for me.
Kind users who have encountered this error and can suggest a fix, are encouraged to (preferably) submit a pull request, or add a comment to this issue.

Thanks in advance,
Nimrod

Even though it complains, it generates results.

(v_env)vagrant@vagrant-ubuntu-trusty-64:/src/public_drown_scanner$ python scanner.py weibo.com 443
Import Error - most likely due to missing pycrypto libraries - disabling crypto functionality
ImportError('cannot import name TLSHandshake',)
Testing weibo.com on port 443
weibo.com: Server is vulnerable to CVE-2015-3197, with cipher RC2_128_CBC_EXPORT40_WITH_MD5

weibo.com: Server is vulnerable to CVE-2015-3197, with cipher RC4_128_EXPORT40_WITH_MD5

weibo.com: Server is vulnerable to CVE-2015-3197 and CVE-2016-0703, with cipher RC4_128_WITH_MD5

weibo.com: Server is vulnerable to CVE-2015-3197, with cipher DES_64_CBC_WITH_MD5

(v_env)vagrant@vagrant-ubuntu-trusty-64:/src/public_drown_scanner$ pip freeze
argparse==1.2.1
enum==0.4.6
pyasn1==0.1.9
pycrypto==2.6.1
scapy==2.3.2
wsgiref==0.1.2

I had to install these two dependencies in addition to what is listed in the README. I'm using pip on OS X.

scapy-ssl_tls
dnet

$ python -V
Python 2.7.10
$ uname -sv
Darwin Darwin Kernel Version 15.3.0: Thu Dec 10 18:40:58 PST 2015; root:xnu-3248.30.4~1/RELEASE_X86_64

Hi I've been trying to set this up on Kali linux which I believe is debian based. It already has python-enum34, but I tried with either library and it was still the same.

Also, scapy install was apt-get install python-scapy. I did install python-crypto.

Ok, so I ran the script and go the error: "Import Error - most likely due to missing pycrypto libraries - disabling crypto functionality" and "ImportError('cannot import name TLSHandshake')"

Then it continues on with check information.

Testing server on port 443
server: Case 3b; Connection reset by peer when waiting for server hello
server: Server is NOT vulnerable with cipher RC2_128_CBC_EXPORT40_WITH_MD5, Message: 3b: no tls

server: Case 3b; Connection reset by peer when waiting for server hello
server: Server is NOT vulnerable with cipher RC4_128_CBC_EXPORT40_WITH_MD5, Message: 3b: no tls

server: Case 3b; Connection reset by peer when waiting for server hello
server: Server is NOT vulnerable with cipher RC4_128_WITH_MD5, Message: 3b: no tls

server: Case 3b; Connection reset by peer when waiting for server hello
server: Server is NOT vulnerable with cipher DES_64_CBC_WITH_MD5, Message: 3b: no tls

Is this running correctly, or is the TLSHandshake actually an issue and I should ignoring these results?

> python scanner.py localhost 443
  File "scanner.py", line 156
    except ValueError, e:
                     ^
SyntaxError: invalid syntax

I am on Arch linux and tried to mangle through the dependency lists that you supplied
for other distros.

Get no import error but get the, for me, rather strange error.

Both python3.4 and python2 is installed but
/usr/bin/python is symlinked to python3.4

I just cloned git and have not edited?

https://github.com/nimia/public_drown_scanner/blob/master/scanner.py#L2 says sys.path.append("./enum/enum") but there is no enum directory. Related to #1. As an aside, this would be alternative code that doesn't have enum as a required import:

class Protocol:
    BARE_SSLv2 = 1
    ESMTP      = 2
    IMAP       = 3
    POP3       = 4

This behaves more or less the same as an enum, although the values aren't immutable.

Also there's zero instructions for how to actually run this, what's needed etc, but I'll wait for the requirements.txt PR to be completed.

I just went through dependency hell on 4 different servers before I finally got this script to run on my CentOS 7 server.

In the hopes of saving someone else the torment I endured, here is a quick rundown of what I had to do. Bear in mind that this was on a pretty stripped down installation of CentOS, so a lot of things people take for granted (like gcc) were not installed.

(logged in as root)

yum install gcc gcc-c++ python-devel libpcap-devel
curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"
python get-pip.py
pip install enum pcapy pyasn1 pycrypto scapy scapy-ssl-tls

After all this, I still receive the following warning message, but the script appears to be running as expected.

Import Error - most likely due to missing pycrypto libraries - disabling crypto functionality
ImportError('cannot import name TLSHandshake',)

Can't seem to get around this error. Installed all dependencies as indicated in the readme. Any suggestions?

Hey,

I've added support for DES_192_EDE3_CBC_WITH_MD5 and I was thinking of doing a pull request.
Do you think it might be useful?

Cheers!

pechora1.icann.org uses Sendmail's "greet_pause" feature to delay sending the initial SMTP greeting by 20 seconds. This causes the scanner to emit "Case 3b; Connection reset by peer when waiting for server hello". However, even when I change the scanner code to:
SOCKET_TIMEOUT = 30
the same message is given. It seems that the socket logic isn't fully compensating for long-delayed SMTP banners.

As already pointed out in #14, I still can't get the script to run. I tested it on some sites I believe to be vulnerable. If you want me to test any other site, please let me know.

I only get the import error if I don't do pip install scapy-ssl_tls but the results are the same (it does not matter if I install scapy-ssl_tls or not).

Installation:

> docker run -it --rm debian bash
> apt-get update
> apt-get install tcpdump python-enum python-pyasn1 scapy python-crypto git python-pip
> git clone https://github.com/nimia/public_drown_scanner.git
> cd public_drown_scanner
> pip install scapy-ssl_tls
> python scanner.py yahoo.com 443

Output

Testing yahoo.com on port 443
yahoo.com: Case 3d; Server hello did not contain SSLv2
yahoo.com: Server is NOT vulnerable with cipher RC2_128_CBC_EXPORT40_WITH_MD5, Message: 3d: no tls

yahoo.com: Case 3d; Server hello did not contain SSLv2
yahoo.com: Server is NOT vulnerable with cipher RC4_128_EXPORT40_WITH_MD5, Message: 3d: no tls

yahoo.com: Case 3d; Server hello did not contain SSLv2
yahoo.com: Server is NOT vulnerable with cipher RC4_128_WITH_MD5, Message: 3d: no tls

yahoo.com: Case 3d; Server hello did not contain SSLv2
yahoo.com: Server is NOT vulnerable with cipher DES_64_CBC_WITH_MD5, Message: 3d: no tls

I basically get this output for every website I test. So I highly suspect that these are false positives and some dependencies are missing.

dpkg -l | grep python

> dpkg -l | grep python
ii  libpython-stdlib:amd64     2.7.9-1                   amd64        interactive high-level object-oriented language (default python version)
ii  libpython2.7-minimal:amd64 2.7.9-2                   amd64        Minimal subset of the Python language (version 2.7)
ii  libpython2.7-stdlib:amd64  2.7.9-2                   amd64        Interactive high-level object-oriented language (standard library, version 2.7)
ii  python                     2.7.9-1                   amd64        interactive high-level object-oriented language (default version)
ii  python-cffi                0.8.6-1                   amd64        Foreign Function Interface for Python calling C code
ii  python-chardet             2.3.0-1                   all          universal character encoding detector for Python2
ii  python-colorama            0.3.2-1                   all          Cross-platform colored terminal text in Python - Python 2.x
ii  python-crypto              2.6.1-5+b2                amd64        cryptographic algorithms and protocols for Python
ii  python-cryptography        0.6.1-1                   amd64        Python library exposing cryptographic recipes and primitives (Python 2)
ii  python-distlib             0.1.9-1                   all          low-level components of python distutils2/packaging
ii  python-enum                0.4.4-2                   all          robust enumerated type support in Python
ii  python-html5lib            0.999-3                   all          HTML parser/tokenizer based on the WHATWG HTML5 specification (Python 2)
ii  python-minimal             2.7.9-1                   amd64        minimal subset of the Python language (default version)
ii  python-ndg-httpsclient     0.3.2-1                   all          enhanced HTTPS support for httplib and urllib2 using PyOpenSSL
ii  python-openssl             0.14-1                    all          Python 2 wrapper around the OpenSSL library
ii  python-pip                 1.5.6-5                   all          alternative Python package installer
ii  python-pkg-resources       5.5.1-1                   all          Package Discovery and Resource Access using pkg_resources
ii  python-ply                 3.4-5                     all          Lex and Yacc implementation for Python2
ii  python-pyasn1              0.1.7-1                   all          ASN.1 library for Python (Python 2 module)
ii  python-pycparser           2.10+dfsg-3               all          C parser in Python
ii  python-requests            2.4.3-6                   all          elegant and simple HTTP library for Python2, built for human beings
ii  python-scapy               2.2.0-1                   all          Packet generator/sniffer and network scanner/discovery
ii  python-setuptools          5.5.1-1                   all          Python Distutils Enhancements
ii  python-six                 1.8.0-1                   all          Python 2 and 3 compatibility library (Python 2 interface)
ii  python-support             1.0.15                    all          automated rebuilding support for Python modules
ii  python-urllib3             1.9.1-3                   all          HTTP library with thread-safe connection pooling for Python
ii  python-wheel               0.24.0-1                  all          built-package format for Python
ii  python2.7                  2.7.9-2                   amd64        Interactive high-level object-oriented language (version 2.7)
ii  python2.7-minimal          2.7.9-2                   amd64        Minimal subset of the Python language (version 2.7)

Thank you for your help in advance!

I installed all the dependencies as listed. When running, I get the following error. Any ideas?

[angelo@scanner public_drown_scanner]$ ./scanner.py www.google.com 443
Traceback (most recent call last):
  File "./scanner.py", line 25, in <module>
    from pyx509.pkcs7.asn1_models.X509_certificate import Certificate
  File "/home/angelo/drown/public_drown_scanner/pyx509/pkcs7/asn1_models/X509_certificate.py", line 32, in <module>
    from tools import *
  File "/home/angelo/drown/public_drown_scanner/pyx509/pkcs7/asn1_models/tools.py", line 24, in <module>
    from decoder_workarounds import decode
  File "/home/angelo/drown/public_drown_scanner/pyx509/pkcs7/asn1_models/decoder_workarounds.py", line 10, in <module>
    class BooleanFixDerDecoder(derDecoder.Decoder): pass
AttributeError: 'module' object has no attribute 'Decoder'

[angelo@scanner public_drown_scanner]$ cat /etc/redhat-release 
CentOS release 6.7 (Final)
[angelo@scanner public_drown_scanner]$ name -a
Linux scanner.netmatch.nl 2.6.32-573.18.1.el6.x86_64 #1 SMP Tue Feb 9 22:46:17 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

The freshly cloned f304d80 gives me this mess on execution though all dependencies are statisfied.

Traceback (most recent call last):
  File "scanner.py", line 18, in <module>
    from scapy_ssl_tls.ssl_tls import *
ImportError: No module named scapy_ssl_tls.ssl_tls

These are the installed dependencies:

Downloading/unpacking enum from https://pypi.python.org/packages/source/e/enum/enum-0.4.6.tar.gz#md5=173d468112cfa13a149b2c8af3e8fd52
  Downloading enum-0.4.6.tar.gz
  Running setup.py (path:/tmp/pip-build-3FyStw/enum/setup.py) egg_info for package enum

Requirement already up-to-date: pycrypto in /usr/lib/python2.7/dist-packages
Downloading/unpacking scapy from https://pypi.python.org/packages/source/s/scapy/scapy-2.3.2.tar.gz#md5=b8ca06ca3b475bd01ba6cf5cdc5619af
  Downloading scapy-2.3.2.tar.gz (1.1MB): 1.1MB downloaded
  Running setup.py (path:/tmp/pip-build-3FyStw/scapy/setup.py) egg_info for package scapy

Downloading/unpacking pyasn1 from https://pypi.python.org/packages/3.5/p/pyasn1/pyasn1-0.1.9-py2.py3-none-any.whl#md5=0122c4548f64510b24a35353c0837198
  Downloading pyasn1-0.1.9-py2.py3-none-any.whl
Downloading/unpacking setuptools from https://pypi.python.org/packages/3.5/s/setuptools/setuptools-20.2.2-py2.py3-none-any.whl#md5=97127baa80ab8ceb383e4490626be475 (from enum)
  Downloading setuptools-20.2.2-py2.py3-none-any.whl (508kB): 508kB downloaded
Installing collected packages: enum, scapy, pyasn1, setuptools
  Found existing installation: enum 0.4.4
    Not uninstalling enum at /usr/lib/python2.7/dist-packages, owned by OS
  Running setup.py install for enum

  Found existing installation: scapy 2.2.0
    Not uninstalling scapy at /usr/lib/python2.7/dist-packages, owned by OS
  Running setup.py install for scapy
    changing mode of build/scripts-2.7/scapy from 644 to 755
    changing mode of build/scripts-2.7/UTscapy from 644 to 755

    changing mode of /usr/local/bin/UTscapy to 755
    changing mode of /usr/local/bin/scapy to 755
  Found existing installation: pyasn1 0.1.7
    Not uninstalling pyasn1 at /usr/lib/python2.7/dist-packages, owned by OS
  Found existing installation: setuptools 5.5.1
    Not uninstalling setuptools at /usr/lib/python2.7/dist-packages, owned by OS
Successfully installed enum scapy pyasn1 setuptools

root@home:~# python -V
Python 2.7.9
root@home:~# uname -a
Linux home.local 4.1.17+ #838 Tue Feb 9 12:57:10 GMT 2016 armv6l GNU/Linux

[jason@linux ~]$ ./drown_scanner.py localhost 443
Traceback (most recent call last):
File "./drown_scanner.py", line 21, in
from pyx509.pkcs7.asn1_models.X509_certificate import Certificate
ImportError: No module named pyx509.pkcs7.asn1_models.X509_certificate
[jason@linux ~]$

[jason@linux ~]$ pip search asn1
zozol - Broken ASN1 for DSTU
rfc3161 - Python implementation of the RFC3161 specification, using pyasn1
pyasn1-modules - A collection of ASN.1-based protocols modules.
INSTALLED: 0.0.8 (latest)
asn1ate - ASN.1 translation library.
pyasn1 - ASN.1 types and codecs
INSTALLED: 0.1.9 (latest)
asn1crypto - Fast ASN.1 parser and serializer with definitions for private keys, public keys, certificates, CRL, OCSP, CMS, PKCS#7,
PKCS#8, PKCS#12, PKCS#5, X.509 and TSP

centos5.4
python enviroment 2.7.9

python public_drown_scanner-master/scanner.py 10.10.10.2 443
Traceback (most recent call last):
File "public_drown_scanner-master/scanner.py", line 22, in
from scapy.all import *
File "/usr/local/lib/python2.7/site-packages/scapy/all.py", line 11, in
from scapy.config import *
File "/usr/local/lib/python2.7/site-packages/scapy/config.py", line 388
"sctp", "vrrp", "ipsec", "lltd", "vxlan", "ssl_tls" ] contribs = dict()
^
SyntaxError: invalid syntax

Currently, the requirements.txt file includes dnet, which is apparently only available (and needed) on Mac.
I'm trying to research how to require it only on Mac, and surprisingly I can't find documentation on the matter (the sleep deficit from the last few days isn't helping either...)
If anyone can beat me to it, in an explanation here or even in a PR if possible, that would be much appreciated.

You can set up an automated build on docker hub to have a new Docker image built every time this repo changes.

Pulling the image would be a tiny bit faster than building it.

I get the following error after installing all the requirements:

python scanner.py www.test.com 443
Traceback (most recent call last):
File "scanner.py", line 25, in
from ssl_tls import *
ImportError: No module named ssl_tls

I have the package installed via pip: /usr/lib/python2.6/site-packages/scapy_ssl_tls/

Any ideas?

This may be an issue with setup but:

Traceback (most recent call last):
  File "scanner.py", line 22, in <module> from scapy.all import *
  File "C:\python\lib\site-packages\scapy\all.py", line 16, in <module> from arch import *
  File "C:\python\lib\site-packages\scapy\arch\__init__.py", line 80, in <module> from windows import *
  File "C:\python\lib\site-packages\scapy\arch\windows\__init__.py", line 23, in <module> from scapy.arch import pcapdnet
  File "C:\python\lib\site-packages\scapy\arch\pcapdnet.py", line 30, in <module> import pcapy as pcap
ImportError: No module named pcapy

Windows 7 SP1
Python 2.7.11 + pycrypto

The required dependencies should all be there:

> pip install enum pycrypto scapy pyasn1 scapy-ssl_tls

Requirement already satisfied (use --upgrade to upgrade): enum in c:\python\lib\site-packages
Requirement already satisfied (use --upgrade to upgrade): pycrypto in c:\python\lib\site-packages
Requirement already satisfied (use --upgrade to upgrade): scapy in c:\python\lib\site-packages
Requirement already satisfied (use --upgrade to upgrade): pyasn1 in c:\python\lib\site-packages
Requirement already satisfied (use --upgrade to upgrade): scapy-ssl-tls in c:\python\lib\site-packages
Requirement already satisfied (use --upgrade to upgrade): setuptools in c:\python\lib\site-packages (from enum)
Requirement already satisfied (use --upgrade to upgrade): tinyec in c:\python\lib\site-packages (from scapy-ssl-tls)

I just tried to get this running on Ubuntu and can't seem to get it working. The readme says to apt-get install scrapy, but there is no package called that, it's python-scrapy. I installed that package, but I still get an import error:

$ python scanner.py localhost 80
Traceback (most recent call last):
  File "scanner.py", line 18, in <module>
    from scapy_ssl_tls.ssl_tls import *
ImportError: No module named scapy_ssl_tls.ssl_tls

WARNING: Failed to execute tcpdump. Check it is installed and in the PATH
working ok I think without it.
but:
WARNING: Failed to execute tcpdump. Check it is installed and in the PATH Traceback (most recent call last): File "scanner.py", line 18, in <module> from scapy_ssl_tls.ssl_tls import * ImportError: No module named scapy_ssl_tls.ssl_tls
last line was because I forgot

pip install scapy-ssl_tls
:-)