github secdev/scapy v2.7.0
on GitHub

21 hours ago

Hi everyone & Merry Christmas ! This release brings many new features, bug fixes and cleanups. If you encounter any issues when trying it out, please submit bug reports !

Deprecation notice

  • This version will be the last to support Python 3.7 and 3.8. (PEP639 will require a new license format starting in 2026, which isn't supported in the latest version of setuptools available on those older versions of Python.)

Changelog

  • [new] ForwardMachine: a new Scapy feature allowing to create a scriptable multi-clients, multi-destination TCP forwarder. It can edit packets on the fly, redirect them to another server, perform TLS interception and more. More details here

Image

  • Windows protocols:
    • Implementation details in this paper
    • SMB:
      • client improvements (doc)
      • server improvements (doc)
      • add support for encryption
      • add support for requiring signature
    • Kerberos:
      • FAST support
      • PKINIT support
      • DMSA support
      • many improvements to Ticketer++ (see demo below)
      • many bug fixes & improvements
    • SSPs:
      • SPNEGOSSP was re-written for clarity & now enforces proper mechListMIC rules
      • NTLMSSP and KerberosSSP were improved. Support for KB5068222 changes. Better error handling.
      • NeglogonSSP now supports Kerberos secure channel (Windows 2025+)
    • [new] .NET Remoting layer ([MS-NRTP])
    • LDAP: many improvements to the client
    • [new] graphical LDAP client "ldaphero"
    • DCE/RPC
    • [new] DCOM is now supported
  • [removal] scapy -s has been removed.
  • TLS:
    • Parsing of CSR structures is now implemented (PKCS#10 and CMC variants)
    • Big refactor of the TLS utils to parse certificates, CSRs, keys and manipulate them. See examples in the documentation
    • New CertTree class to act as a certificate store one can check a certificate against.
    • better handling of NSS KeyLog for TLS 1.3 decryption
    • doc improvements
    • more structures are implemented
  • bluetooth:
    • MANY new payloads (EIR, BTLE, HCI_MON ...)
    • display of vendor IDs
    • many other bug fixes & improvements !
  • [new] radiusd(): a small RADIUS server (CHAP / MS-CHAPv2)
  • [new] nbns_request: perform a Netbios discovery
  • [fixed] Scapy was not loading properly on 32bits *BSD plateforms
  • ISAKMP / IKEv2: more supported payloads
  • [major doc changes] the "Advanced" section of the documentation was split
  • [darwin/osx] support TUN interfaces in TunTapInterface
  • automaton:
    • [new] spawn(), allowing to serve automatons on a port
    • support for sessions (e.g. TCPSession)
    • many more fixes and performance improvements (unclosed file descriptors could lead to memory leaks)
  • HTTP:
    • server/client improvements
    • support custom headers
    • support for GSSAPI authentication with channel binding
    • session improvements
    • Added EOF condition to the HTTP_Server state SERVE.
    • and more
  • DNS:
    • improve dnsd() relay mode
    • fix a bug with (de)compression that could occur in certain cases
    • [fixed] dns_resolve now properly fallbacks on TCP when packets are too big
  • TFTP: improvements of the interface selection in the client/server automatons
  • pcapng: support of multiple comments, fixes to bound checks
  • [fixed] defragment6 was not working in some cases
  • improve handling of newer IPython versions, fix some deprecation warnings
  • improve handling of newer cryptography versions, fix some deprecation warnings
  • BGP: support reassembly with TCPSession
  • NTP: various fixes, big refactor of the layer
  • [fixed] AsyncSniffer stop() failed in some cases
  • l2: improvements to arping() on interfaces with no IP addresses
  • Defaulted sr1 to threaded=False
  • Improved error handling in L2Socket.close() by adding ValueError.
  • new protocols:
    • PSP
  • many other bug fixes to: STUN, 6Lowpan, DHCPv6

Automotive Layers

  • DoIP:
    • [new] Added version field for DoIP and DoIP sockets.
    • Adjusted hashret handling in DoIP.
      *UDS:
    • [new] Added additional argument for UDS_DSCEnumerator.
    • [new] Added software reset function for the UDS scanner.
    • Fixed answer function for UDS_HSFZSocket.
  • ISOTP / Automotive Scanning:
    • [new] Added FD support for isotpscan.
    • [new] Added CAN-FD support for ISOTPScan.
      *HSFZ:
    • Improved incorrect tester field naming.
    • Added addressing information to incorrect_tester_address packets.
    • Improved alive-check dissection.
    • Corrected acknowledgment transfer packet structure.
    • Ensured vehicle identification string is only parsed when non-zero length.
    • Updated HSFZ with more detailed dissection logic.
      *UDS / GMLAN / AutomotiveScanner:
    • Various updates and improvements across UDS, GMLAN, and AutomotiveScanner modules.
      *ISO-TP:
    • Enhanced ISO-TP soft socket implementation.
    • Improved SOMEIP.fragment() behavior.

Video demos (click here)
  • Ticketer++: a module to manipulate Kerberos tickets. documentation
TicketerFirst.mp4
  • LdapHéro: a module that implements a graphical LDAP client documentation
ldaphero.mp4
  • smbclient: a SMB client (both interactive or programmable) documentation
smbclient.mp4
smbserver.mp4
Check out latest releases or
releases around secdev/scapy v2.7.0

Don't miss a new scapy release

NewReleases is sending notifications on new releases.

Get notifications