v2.6.1

This update contains fixes for various small bugs introduced in v2.6.0:

• On linux machines with IPv6 disabled, Scapy would crash on startup (#4541)
• The scapy.1 manpage was no longer installed (#4549)
• Upon the first startup, there could be a crash related to the creation of Scapy's XDG-* related folders. (#4558)
• other small bugs that could lead to issues during packaging. Thanks to the downstream package maintainers for their help.

Please have a look at the full v2.6.0 changelog over here.

v2.6.0

Note to package maintainers: it is important to point out that special care should be taken when porting/testing this release. The plateform-specific code aimed at reading the network configuration (interfaces, routes, etc.) has been entirely rewritten on both Linux and *BSD flavors. Plateforms that were tested include: Linux, OpenBSD, NetBSD, FreeBSD, Darwin. Other plateforms have not been tested, therefore we encourage maintainers to perform additional testing. This has no impact on the other plateforme that we support, such as Windows.

Changelog

General

• [removal] DROP SUPPORT OF PYTHON 2.7

• Python 3.11-3.13 support. The full range of supported Python versions is therefore 3.7-3.13
• Improve packaging (pyproject.toml) and version handling. Scapy will now include wheels on pypi.
• We welcome Nils Weiss (polybassa) as a new maintainer !

Main changes

• [major] support for RFC6874-like scope identifiers. This is very useful for multicast IPs as one can now do the following on L3: sr(IP(dst="224.0.0.1%eth0")/..., multi=True)
• [major] using the iface= argument is deprecated on level3 functions (send, sr, sr1), as its behavior was undefined. It remains in use for level2 functions (sendp, srp, srp1). RFC6874-like scope identifiers (see just above) should be used.
• [major] the internals that read the routes and interfaces configuration have been rewritten on Linux and BSD:
  • on linux, to use RTNETLINK. (this should help on machines that have huge BPG tables)
  • on *BSDs, to use PF_ROUTE.
  • on Linux, NetBSD and FreeBSD, link-local and multicast routes should now properly be loaded
• [new] Windows protocols:
  • DCE/RPC: DCERPC_Client and DCERPC_Server with support for NCACN_IP_TCP and NCACN_NP
  • SMB2/3:
    • Protocol refactor, many more SMB2/3 structures supported
    • Server (class + 'simple' util smbserver()) (2.0.2 to 3.1.1)
    • Client (class + interactive CLI smbclient()) (2.0.2 to 3.1.1)
    • SMB socket, RPC over SMB socket, etc.
  • Kerberos:
    • KerberosSSP to use in SMB/RPC clients/servers, [MS-KILE] variants, SFU and more !
    • Crypto: use cryptography, latest RFC8009, GSS_WrapEx support, typing, etc.
    • Util functions krb_as_req, krb_tgt_req, kpasswd (both modes), etc.
    • Ticketer++: ccache support, ask/renew/resign/edit tickets, etc
  • NTLM:
    • refactor, clean SSP
  • Extensive GSSAPI / SPNEGO support !
  • LDAP
    • Fixes, ASN.1 Windows variation support
    • dclocator, answering machine for "LDAP PING", etc.
    • add a (very) basic LDAP_client (support for various binding mechanisms, encryption, etc.)
• [dep] Support for recent cryptography (42/43.0) versions
• [new] CLI improvements
  • [breaking] Scapy CLI configuration now available in ~/.config/scapy/startup.py. This follows XDG variables. (Older ~/.scapy_startup.py is now non functional)
  • Support for bpython, ptpython and ptipython
• [new] Wireshark extcap interfaces support (load_extcap())
• Automaton:
  • fixes memory usage on Windows
  • support for EOF events
  • spawn() mode, better socket.socket support
• [breaking] StreamSocket changes, support for TCP reassembly, etc. TCPSession(app=True) must no longer be used with StreamSocket. Custom sessions are marked as unstable.
• Use L3RawSocket(6) automatically on the loopback interface on linux
• L3pcapSocket (the default L3 on Windows or when libpcap is used) now follows the same behavior as other L3 sockets when routing
• the sr* class of functions now properly supports sending on multiple interfaces (Windows & Linux)
• performance issues with the sr* class of functions have also been fixed
• manufdb (from wireshark) is now bundled and cached in ~/.cache/scapy, as it is no longer shipped as a standalone file in Wireshark.
• Improve builtin answering machines (dnsd, llmnrd, nbnsd, dhcpd...). Add mdnsd for mDNS support
• Fix performance issues with nested *ListFields
• [new] conf.nameservers contains the DNS servers. Also adds dns_resolve()
• [new] SSHv2 layer
• [breaking] Rework Session objects
• Fix L2 address computation when ARP is used over Ether (intrusive ARPs, bad guessing..)
• [breaking] change sendpfast loop argument to be consistent with sendp
• automaton: improve graph() to include implicit links
• HTTP:
  • [new] add HTTP_Client and HTTP_Server which support the same SSPs as Windows
  • rework http_client
  • various fixes to reassembly when using TCPSession
• TLS:
  • support for TLS 1.3 post handshake
  • support for EdDSA signatures / keys (ed25519/ed448)
  • various fixes (ffdhe generation, middlebox compat)
  • support choosing of curve, signature algorithms, etc.
• More options supported in DHCP(v6), IPv6, DNS/LLMNR (special thanks to evverx)
• Bluetooth, 802.11: new payloads supported
• IPSEC: AES-NULL-GMAC support
• [breaking] Merge EAPOL contrib into EAP
• fix latex theme
• IKEv2, ISAKMP: NAT traversal support, and other fixes (notify, ...)
• Minor fixes in Netflow, NTP, SCTP, TACACS
• [deprecation] Deprecate Winpcap support on Windows (please use Npcap instead if you are not already using it).
• [removal] Remove ubberlogger.
• cache get_if_hwaddr for performance
• fix arping without IP
• [new] tcpros layer (ROS 1.1)
• many more fixes

v2.5.0

Changelog

Scapy v2.5.0 is the last version to support Python 2.7

Main Changes

• Type hinting of Scapy core: Scapy now provides type hintings for all of its core
• Python 3.9 and 3.10 support
• macOS 10.15 support
• update built-in dependencies (six) + and our cryptography imports that created warnings
• fix sniffing performance issues with 2.4.4+ on Windows
• greatly improve BPF (macOS) support (timestamps...)
• enhanced loopback interface support on Linux, *BSD, and Windows
• SPDX License identifiers added
• several major CLI improvements, especially in autocompletion: you can now auto-complete the names for all Scapy fields, automatons, answering machines thanks to signature injection (and patches in IPython/bpython)

Core

• improved support of BPF
• support pcapng writing, comments, TLS secrets decryption block
• Re-work how sent_time is shared across packets iterators
• support new LINUX_SLL2 packet type (new tcpdump versions)
• pipes: performances issues fixed
• tools: fixes to hexdiff, lhex...
• [breaking] FlagsField in dict mode now uses values instead of offsets

Layers

• new layers related to Windows: DCERPC/NTLM/KERBEROS/GSSAPI/SPNEGO/(C)LDAP.
• new contrib layers: ESMC/RTPS/RTPC/metawatch
• rework Netbios/SMB1/SMB2, basic SMB clients & server, ntlm relay
• several fixes to the TLS implementation
• major zigbee/6lowpan improvements
• bug fixes in TLS: properly support FFDH, fix the TLS 1.3 notebooks... among other things
• p0f module update
• IPsec: fixes, x25519 support...
• various updates to the ASN.1 engine
• IKEv2: fixes, UDP encapsulation
• STUN support
• Postgres line protocol 3.0 support
• EDNS0 client subnet support
• ESMC protocol added
• support TCP-MD5 and TCP-AO options
• ERF Ethernet Support
• many fixes: modbus, 802.11, BTLE, SCTP, DNS, LLDP, Kerberos, RTPS, DHCP, MQTT, BGP, L2TP...

Automotive

• ISOTPSoftSocket: Bug fixes and performance improvements
• Documentation and API-Doc improvements
• Unit-Test speedups for Scanners
• IPv6 support for DoIP
• Bugfixes for DoIP
• Unit-Test cleanups
• UDS-, GMLAN- and OBD-Scanner refactoring
• CANFD support

Misc

• new sanity rules prevent fields from having the same name in all packets
  • Currently displays a warning but will become a SyntaxError in the future!
• archives of the Scapy repo should now have more consistent hashes

v2.4.5

Main Changes

Changelog

Core

• 354 commits to master since v2.4.4, from 73 contributors
• Python 3.9 support
• New interfaces system. conf.iface is now an object (retro-compatible as a string) which contains additional information about the interface and allows for an automatic selection of the socket type. conf.ifaces now lists all available interfaces.
• Fix *BSD support. Improve filters handling on Linux and libpcap
• Automaton: support for STOP event - allows to cleanly end an Automata. Implemented in all Scapy's automatons
• [Deprecated] Naming different fields with the same name will now raise a deprecation warning. This behavior has never properly worked and should never be necessary
• Enhance Net and Net6
• Improvements to scapy's logging, colored output and to UTscapy
• Fix edge-cases with ConditionalField and MultipleTypeField to make them more resilient
• [Doc] Enhancements: improved MultipleTypeField handling, add view source.
• [Internal] Move the test suite to GitHub Actions
• [Internal] Unit test housekeeping
• [Internal] Begin type hinting

Layers

• 6LoWPAN refactor
• TLS improvements (TLS 1.3 server downgrade, TLS 1.2 EXT MS...)
• HTTP improvements (http_request, support for zstd...)
• Refactor TunTap support
• Cleanup MACsec
• Many small bug fixes or improvements to layers (SMB2, BFD, DNS, Zigbee, EAP, HomeplugGP, DHCPv6, 802.11...)

Automotive

• Renaming of ENET to HSFZ
• Added XCP layer
• Added DoIP layer
• [Internal] Cleanup of interface preparation code in unit tests
• Renaming of ECU to Ecu
• Refactoring of EcuState class to be more versatile
• [Internal] Started with typing
• [Internal] Multiple minor cleanups
• Minor updates to the documentation

v2.4.4

Main Changes

Core

• 784 commits to master since this v2.4.3
• fix how timestamps are measured on layer 3 (broken since 2.4.1)
• drop DNET support (deprecated since 2.4.0)
• Scapy will now use libpcap instead of tcpdump to compile the filters (tcpdump is still used to filter pcaps)
• major changes to the online doc: add an automatically generated API reference with visual representation of each layer, move to Sphinx 3.0.0, new layer-specific doc...
• *BSD fixes
• more doc to many functions

Layers

• New layers (homeplug sg, smb2, NSH, RPL, ERSPAN, BFD, ROCE...)
• TLS: TLS 1.3 support & many fixes
• 802.11 improvements / WPA3 detection
• Netflow 9 fixes
• Major refactor & changes of the Automotive layers
• HTTP changes
• DHCPv6 fixes according to revision of the RFC
• Bluetooth improvements (+BLE)
• minor fixes to Radius, PPP, GTP, IPsec, CDP, VTP, HTTP/2, ...

v2.4.3

Main Changes

Core

• 364 commits since v2.4.2
• better native support for FreeBSD, NetBSD, OpenBSD
• Windows: native RAW sockets support, load interfaces/routes using C calls, ...
• Solaris: fixed support
• latency improvements
• sniff() can be used to test BPF fiters on pcap files
• more unit tests and Python3 compatibility
• asynchronous sniffing
• UTScapy vim syntax highlighting
• drop distutils for setuptools
• Console / IPython integration improvements

Layers

Major changes

New

• HTTP (from the deprecated scapy-http module), TLS 1.3, ATA over Ethernet, OVD, IEC 60870-5-104, enip, ...

Improved

• NetflowV9, ISOTP, Zigbee, RTR, BLE, PPI, DNS, LLDP, ...
• Bluetooth/BTLE rework
• PPI / 802.11 improvements

v2.4.2

Main changes

• Gabriel Potter is officially part of the Scapy maintainers team
• PEP08 compliance (see #1277)
• Speed improvements (see #642)

Core

• 253 merged pull requests since v2.4.0
• Python 3.7 support
• Enhanced Windows support
• unit testing is now 100% tox based

Layers

Major changes

• Many automotive related layers added (ISO-TP...)

New

• EtherCat
• OPCDA
• SOCKS
• USBpcap
• RPKI

Improved

• MACsec, MQTT, MPLS, DNS, ARP, Dot15d4, Zigbee, Bluetooth4LE, RadioTap ...
• Enhanced monitor mode support

Other

• addresses a v2.4.0 vulnerability

v2.4.0

Main changes

• Python3 support
• 85% code coverage

Core

• Pcap/PcapNg improvements
• enhanced Windows support
• OpenBSD improvements
• OSX 802.11 monitor mode
• Krack AP module
• iPython support
• automatically tested on Linux, OSX & Windows
• ...

Layers

Major changes

TLS (including TLS1.3), X.509 ...

New

HTTP/2, EAP-TTLS, TACACS, MQTT ...

Improved

IPv6, SCTP, NTP, PPTP, CDP, BGP, ISIS ...

v2.2.0

Note: all releases tags before 2.4.0 are imported from http://freshmeat.sourceforge.net/projects/scapy
This release adds a contrib section filled with old contributions that were not distributed with Scapy yet: CDP, IGMP, MPLS, CHDLC, SLARP, WPA EAPOL, DTP, EIGRP, VQP, BGP, OSPF, VTP RSVP, EtherIP, RIPng, and IKEv2. It fixes some bugs.

v2.1.1

This release adds SCTP and VRRP protocols. It fixes some bugs.