kali工具箱

HexInject包装说明

HexInject是一种用途很广的分组喷油器和嗅探器，提供了一个命令行框架，原始的网络接入。它的设计与其他命令行实用程序一起工作，并为这个原因，它有利于建立强大的shell脚本能够读，截取和修改以透明的方式的网络流量。

资料来源：http://hexinject.sourceforge.net/
HexInject首页 | 卡利HexInject回购

作者：埃马努埃莱Acri的
许可：BSD

包含在hexinject包工具

hexinject - 十六进制数据包注入器/监听器

[email protected]:~# hexinject -h

HexInject 1.5 [hexadecimal packet injector/sniffer]

written by: Emanuele Acri <[email protected]>



Usage:

   hexinject <mode> <options>



Options:

  -s sniff mode

  -p inject mode

  -r raw mode (instead of the default hexadecimal mode)

  -f <filter> custom pcap filter

  -i <device> network device to use

  -F <file> pcap file to use as device (sniff mode only)

  -c <count> number of packets to capture

  -t <time> sleep time in microseconds (default 100)

  -I list all available network devices



Injection options:

  -C disable automatic packet checksum

  -S disable automatic packet size



Interface options:

  -P disable promiscuous mode

  -M put the wireless interface in monitor mode

     (experimental: use airmon-ng instead...)



Other options:

  -h help screen

prettypacket - 反汇编的原始网络数据包

[email protected]:~# prettypacket -h

PrettyPacket 1.5 [disassembler for raw network packets]

written by: Emanuele Acri <[email protected]>



Usage:

    prettypacket [-x|-h]



Options:

    -x type print example packet, to see its structure

            (available types: tcp, udp, icmp, igmp, arp, stp)

    -h  this help screen

hex2raw - 转换hexstrings的标准输入到标准输出上的原始数据

[email protected]:~# hex2raw -h

Hex2Raw 1.5 [convert hexstrings on stdin to raw data on stdout]

written by: Emanuele Acri <[email protected]>



Usage:

    hex2raw [-r|-h]



Options:

    -r  reverse mode (raw to hexstring)

    -h  this help screen

packets.tcl - 生成的二进制包

[email protected]:~# packets.tcl -h

Packets.tcl -- Generates binary packets specified using an

               APD-like data format: http://wiki.hping.org/26



usage:

    packets.tcl 'APD packet description'



example packets:



ethernet(dst=ff:ff:ff:ff:ee:ee,src=aa:aa:ee:ff:ff:ff,type=0x0800)+ip(ihl=5,ver=4,tos=0xc0,totlen=58,id=62912,fragoff=0,mf=0,df=0,rf=0,ttl=64,proto=1,cksum=0xe500,saddr=192.168.1.7,daddr=192.168.1.6)+icmp(type=3,code=3,unused=0)+data(str=aaaa)+udp(sport=33169,dport=10,len=10,cksum=0x94d6)+data(str=aaaa)+arp(htype=ethernet,ptype=ip,hsize=6,psize=4,op=request,shard=00:11:22:33:44:55,sproto=192.168.1.1,thard=22:22:22:22:22:22,tproto=10.0.0.1)



ethernet(dst=ff:ff:ff:ff:ff:ff,src=ff:ff:ff:ff:ff:ff,type=0x0800)+ip(ihl=5,ver=4,tos=00,totlen=30,id=60976,fragoff=0,mf=0,df=1,rf=0,ttl=64,proto=tcp,cksum=0x40c9,saddr=192.168.1.9,daddr=173.194.44.95)+tcp(sport=32857,dport=80,seq=1804471615,ack=0,ns=0,off=5,flags=s,win=62694,cksum=0xda46,urp=0)



ethernet(dst=ff:ff:ff:ff:ff:ff,src=ff:ff:ff:ff:ff:ff,type=0x0800)+ip(ihl=5,ver=4,tos=00,totlen=30,id=60976,fragoff=0,mf=0,df=1,rf=0,ttl=64,proto=tcp,cksum=0x40c9,saddr=192.168.1.9,daddr=173.194.44.95)+tcp(sport=32857,dport=80,seq=1804471615,ack=0,ns=0,off=8,flags=s,win=62694,cksum=0xda46,urp=0)+tcp.nop()+tcp.nop()+tcp.timestamp(val=54111314,ecr=1049055856)+data(str=f0a)

hexinject用法示例

在启动通过eth0接口监听模式（-s）（-i eth0的）：

[email protected]:~# hexinject -s -i eth0

FF FF FF FF FF FF 40 6C 8F 1B CB 90 08 00 45 00 00 31 E4 36 00 00 40 11 11 4E C0 A8 01 E8 C0 A8 01 FF D3 C6 7E 9C 00 1D B1 DA 4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F 31 2E 31 0D 0A

FF FF FF FF FF FF 40 6C 8F 1B CB 90 08 00 45 00 00 31 A1 63 00 00 40 11 54 21 C0 A8 01 E8 C0 A8 01 FF FF 69 7E 9E 00 1D 86 35 4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F 31 2E 31 0D 0A

FF FF FF FF FF FF 7C C3 A1 A4 B4 70 08 00 45 00 00 31 BF 94 00 00 40 11 35 FC C0 A8 01 DC C0 A8 01 FF E3 ED 7E 9C 00 1D A1 BF 4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F 31 2E 31 0D 0A

FF FF FF FF FF FF 7C C3 A1 A4 B4 70 08 00 45 00 00 31 2F DE 00 00 40 11 C5 B2 C0 A8 01 DC C0 A8 01 FF C5 16 7E 9E 00 1D C0 94 4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F 31 2E 31 0D 0A

prettypacket用法示例

打印一个UDP数据包（-x UDP）的例子 ：

五

hex2raw用法示例

[email protected]:~# hex2raw 

 FF 40 6C 8F 1B CB 90 08 00 45 00 00 31 E4 36 00 00 40 11 11 4E C0 A8 01 E8 C0 A8 01 FF D3 C6 7E 9C 00 1D B1 DA 4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F 31 2E 31 0D 0A

FF FF FF FF FF FF 40 6C 8F 1B CB 90 08 00 45 00 00 31 A1 63 00 00 40 11 54 21 C0 A8 01 E8 C0 A8 01 FF FF 69 7E 9E 00 1D 86 35 4D 2D 53 45 41 52 43 48 20 2A 20 48 54 54 50 2F 31 2E 31 0D 0A

������@lE1�[email protected]!�������i~��5M-SEARCH * HTTP/1.1

packets.tcl用法示例

[email protected]:~# packets.tcl 'ethernet(dst=ff:ff:ff:ff:ee:ee,src=aa:aa:ee:ff:ff:ff,type=0x0800)+ip(ihl=5,ver=4,tos=0xc0,totlen=58,id=62912,fragoff=0,mf=0,df=0,rf=0,ttl=64,proto=1,cksum=0xe500,saddr=192.168.1.7,daddr=192.168.1.6)+icmp(type=3,code=3,unused=0)+data(str=aaaa)+udp(sport=33169,dport=10,len=10,cksum=0x94d6)+data(str=aaaa)+arp(htype=ethernet,ptype=ip,hsize=6,psize=4,op=request,shard=00:11:22:33:44:55,sproto=192.168.1.1,thard=22:22:22:22:22:22,tproto=10.0.0.1)' > packet-out