One of my favorite tools for fine-grained interactions with target systems during penetration testing is the mighty Scapy. While other tools are indispensable for scanning large numbers of machines, Scapy is like a fine-grained scalpel for manipulating a single target in a myriad of cool ways. With all kinds of features, Scapy just rocks.
In fact, a few years ago, I tweeted thusly:
I just said, "Working w/ Scapy is like being a 10 yo girl who gets a pony, & finding out it is a pegasus unicorn pony that farts rainbows." - edskoudis (@edskoudis) November 8, 2011
![image_1](https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt7256def047958da7/5df9867a0654a2046f5ff24a/niBXBKgXT.gif)
To that end, just a couple weeks ago, we released a Scapy cheat sheet, covering the items we use Scapy for in the SANS Security 560 course on Network Pen Testing and Ethical Hacking, plus some additional tips and tricks. Enjoy!
![scapy](https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt05236d3a8bbcbcf8/5df986964cd2a727fd2ce592/scapy.jpg)
If you like this kinda thing, plus a whole bunch of other practical, hands-on pen testing techniques (including recon, scanning, exploitation, post exploitation, and more), please do check out the SANS Security 560 course. I've recently added great new stuff on recon-ng, Anti-Virus evasion, PowerShell for post-exploitation, and much more!
Hope to see you there!
-Ed Skoudis.
SANS Instructor & Pen Test Curriculum Lead
Founder, Counter Hack
Follow @edskoudis