Scapy is a powerful Python-based interactive packet manipulation program and library.
It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more.
It is designed to allow fast packet prototyping by using default values that work.
It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, wireshark, p0f, etc.).
It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VoIP decoding on WEP protected channel, …), etc.
Scapy supports Python 2.7 and Python 3 (3.4 to 3.7). It’s intended to be cross platform, and runs on many different platforms (Linux, OSX, *BSD, and Windows).
Also Read – Blisqy : Exploit Time-Based Blind-SQL Injection In HTTP-Headers
Demo
It can easily be used as an interactive shell to interact with the network. The following example shows how to send an ICMP Echo Request message to github.com, then display the reply source IP address:
sudo ./run_scapy
Welcome to Scapy
p = IP(dst=”github.com”)/ICMP()
r = sr1(p)
Begin emission:
.Finished to send 1 packets.
*
Received 2 packets, got 1 answers, remaining 0 packets
r[IP].src
‘192.30.253.113’
Installation
Scapy works without any external Python modules on Linux and BSD like operating systems. On Windows, you need to install some mandatory dependencies as described in the documentation.
On most systems, using Scapy is as simple as running the following commands:
git clone https://github.com/secdev/scapy
cd scapy
./run_scapy
To benefit from all Scapy features, such as plotting, you might want to install Python modules, such as matplotlib or cryptography. See the documentation and follow the instructions to install them.
SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…
The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…
The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…
The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…
AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…
Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…