Hi everyone & Merry Christmas ! This release brings many new features, bug fixes and cleanups. If you encounter any issues when trying it out, please submit bug reports !

Deprecation notice

• This version will be the last to support Python 3.7 and 3.8. (PEP639 will require a new license format starting in 2026, which isn't supported in the latest version of setuptools available on those older versions of Python.)

Changelog

• [new] ForwardMachine: a new Scapy feature allowing to create a scriptable multi-clients, multi-destination TCP forwarder. It can edit packets on the fly, redirect them to another server, perform TLS interception and more. More details here

• Windows protocols:
  • Implementation details in this paper
  • SMB:
    • client improvements (doc)
    • server improvements (doc)
    • add support for encryption
    • add support for requiring signature
  • Kerberos:
    • FAST support
    • PKINIT support
    • DMSA support
    • many improvements to Ticketer++ (see demo below)
    • many bug fixes & improvements
  • SSPs:
    • SPNEGOSSP was re-written for clarity & now enforces proper mechListMIC rules
    • NTLMSSP and KerberosSSP were improved. Support for KB5068222 changes. Better error handling.
    • NeglogonSSP now supports Kerberos secure channel (Windows 2025+)
  • [new] .NET Remoting layer ([MS-NRTP])
  • LDAP: many improvements to the client
  • [new] graphical LDAP client "ldaphero"
  • DCE/RPC
    • better handling of contexts
    • better handling of fragmentation
    • See https://github.com/gpotter2/scapy-rpc for the MIDL -> Scapy compiler
  • [new] DCOM is now supported
• [removal] scapy -s has been removed.
• TLS:
  • Parsing of CSR structures is now implemented (PKCS#10 and CMC variants)
  • Big refactor of the TLS utils to parse certificates, CSRs, keys and manipulate them. See examples in the documentation
  • New CertTree class to act as a certificate store one can check a certificate against.
  • better handling of NSS KeyLog for TLS 1.3 decryption
  • doc improvements
  • more structures are implemented
• bluetooth:
  • MANY new payloads (EIR, BTLE, HCI_MON ...)
  • display of vendor IDs
  • many other bug fixes & improvements !
• [new] radiusd(): a small RADIUS server (CHAP / MS-CHAPv2)
• [new] nbns_request: perform a Netbios discovery
• [fixed] Scapy was not loading properly on 32bits *BSD plateforms
• ISAKMP / IKEv2: more supported payloads
• [major doc changes] the "Advanced" section of the documentation was split
• [darwin/osx] support TUN interfaces in TunTapInterface
• automaton:
  • [new] spawn(), allowing to serve automatons on a port
  • support for sessions (e.g. TCPSession)
  • many more fixes and performance improvements (unclosed file descriptors could lead to memory leaks)
• HTTP:
  • server/client improvements
  • support custom headers
  • support for GSSAPI authentication with channel binding
  • session improvements
  • Added EOF condition to the HTTP_Server state SERVE.
  • and more
• DNS:
  • improve dnsd() relay mode
  • fix a bug with (de)compression that could occur in certain cases
  • [fixed] dns_resolve now properly fallbacks on TCP when packets are too big
• TFTP: improvements of the interface selection in the client/server automatons
• pcapng: support of multiple comments, fixes to bound checks
• [fixed] defragment6 was not working in some cases
• improve handling of newer IPython versions, fix some deprecation warnings
• improve handling of newer cryptography versions, fix some deprecation warnings
• BGP: support reassembly with TCPSession
• NTP: various fixes, big refactor of the layer
• [fixed] AsyncSniffer stop() failed in some cases
• l2: improvements to arping() on interfaces with no IP addresses
• Defaulted sr1 to threaded=False
• Improved error handling in L2Socket.close() by adding ValueError.
• new protocols:
  • PSP
• many other bug fixes to: STUN, 6Lowpan, DHCPv6

Automotive Layers

• DoIP:
  • [new] Added version field for DoIP and DoIP sockets.
  • Adjusted hashret handling in DoIP.
    *UDS:
  • [new] Added additional argument for UDS_DSCEnumerator.
  • [new] Added software reset function for the UDS scanner.
  • Fixed answer function for UDS_HSFZSocket.
• ISOTP / Automotive Scanning:
  • [new] Added FD support for isotpscan.
  • [new] Added CAN-FD support for ISOTPScan.
    *HSFZ:
  • Improved incorrect tester field naming.
  • Added addressing information to incorrect_tester_address packets.
  • Improved alive-check dissection.
  • Corrected acknowledgment transfer packet structure.
  • Ensured vehicle identification string is only parsed when non-zero length.
  • Updated HSFZ with more detailed dissection logic.
    *UDS / GMLAN / AutomotiveScanner:
  • Various updates and improvements across UDS, GMLAN, and AutomotiveScanner modules.
    *ISO-TP:
  • Enhanced ISO-TP soft socket implementation.
  • Improved SOMEIP.fragment() behavior.

This update contains fixes for various small bugs introduced in v2.6.0:

• On linux machines with IPv6 disabled, Scapy would crash on startup (#4541)
• The scapy.1 manpage was no longer installed (#4549)
• Upon the first startup, there could be a crash related to the creation of Scapy's XDG-* related folders. (#4558)
• other small bugs that could lead to issues during packaging. Thanks to the downstream package maintainers for their help.

Please have a look at the full v2.6.0 changelog over here.

Note to package maintainers: it is important to point out that special care should be taken when porting/testing this release. The plateform-specific code aimed at reading the network configuration (interfaces, routes, etc.) has been entirely rewritten on both Linux and *BSD flavors. Plateforms that were tested include: Linux, OpenBSD, NetBSD, FreeBSD, Darwin. Other plateforms have not been tested, therefore we encourage maintainers to perform additional testing. This has no impact on the other plateforme that we support, such as Windows.

Changelog

General

• [removal] DROP SUPPORT OF PYTHON 2.7

• Python 3.11-3.13 support. The full range of supported Python versions is therefore 3.7-3.13
• Improve packaging (pyproject.toml) and version handling. Scapy will now include wheels on pypi.
• We welcome Nils Weiss (polybassa) as a new maintainer !

Main changes

• [major] support for RFC6874-like scope identifiers. This is very useful for multicast IPs as one can now do the following on L3: sr(IP(dst="224.0.0.1%eth0")/..., multi=True)
• [major] using the iface= argument is deprecated on level3 functions (send, sr, sr1), as its behavior was undefined. It remains in use for level2 functions (sendp, srp, srp1). RFC6874-like scope identifiers (see just above) should be used.
• [major] the internals that read the routes and interfaces configuration have been rewritten on Linux and BSD:
  • on linux, to use RTNETLINK. (this should help on machines that have huge BPG tables)
  • on *BSDs, to use PF_ROUTE.
  • on Linux, NetBSD and FreeBSD, link-local and multicast routes should now properly be loaded
• [new] Windows protocols:
  • DCE/RPC: DCERPC_Client and DCERPC_Server with support for NCACN_IP_TCP and NCACN_NP
  • SMB2/3:
    • Protocol refactor, many more SMB2/3 structures supported
    • Server (class + 'simple' util smbserver()) (2.0.2 to 3.1.1)
    • Client (class + interactive CLI smbclient()) (2.0.2 to 3.1.1)
    • SMB socket, RPC over SMB socket, etc.
  • Kerberos:
    • KerberosSSP to use in SMB/RPC clients/servers, [MS-KILE] variants, SFU and more !
    • Crypto: use cryptography, latest RFC8009, GSS_WrapEx support, typing, etc.
    • Util functions krb_as_req, krb_tgt_req, kpasswd (both modes), etc.
    • Ticketer++: ccache support, ask/renew/resign/edit tickets, etc
  • NTLM:
    • refactor, clean SSP
  • Extensive GSSAPI / SPNEGO support !
  • LDAP
    • Fixes, ASN.1 Windows variation support
    • dclocator, answering machine for "LDAP PING", etc.
    • add a (very) basic LDAP_client (support for various binding mechanisms, encryption, etc.)
• [dep] Support for recent cryptography (42/43.0) versions
• [new] CLI improvements
  • [breaking] Scapy CLI configuration now available in ~/.config/scapy/startup.py. This follows XDG variables. (Older ~/.scapy_startup.py is now non functional)
  • Support for bpython, ptpython and ptipython
• [new] Wireshark extcap interfaces support (load_extcap())
• Automaton:
  • fixes memory usage on Windows
  • support for EOF events
  • spawn() mode, better socket.socket support
• [breaking] StreamSocket changes, support for TCP reassembly, etc. TCPSession(app=True) must no longer be used with StreamSocket. Custom sessions are marked as unstable.
• Use L3RawSocket(6) automatically on the loopback interface on linux
• L3pcapSocket (the default L3 on Windows or when libpcap is used) now follows the same behavior as other L3 sockets when routing
• the sr* class of functions now properly supports sending on multiple interfaces (Windows & Linux)
• performance issues with the sr* class of functions have also been fixed
• manufdb (from wireshark) is now bundled and cached in ~/.cache/scapy, as it is no longer shipped as a standalone file in Wireshark.
• Improve builtin answering machines (dnsd, llmnrd, nbnsd, dhcpd...). Add mdnsd for mDNS support
• Fix performance issues with nested *ListFields
• [new] conf.nameservers contains the DNS servers. Also adds dns_resolve()
• [new] SSHv2 layer
• [breaking] Rework Session objects
• Fix L2 address computation when ARP is used over Ether (intrusive ARPs, bad guessing..)
• [breaking] change sendpfast loop argument to be consistent with sendp
• automaton: improve graph() to include implicit links
• HTTP:
  • [new] add HTTP_Client and HTTP_Server which support the same SSPs as Windows
  • rework http_client
  • various fixes to reassembly when using TCPSession
• TLS:
  • support for TLS 1.3 post handshake
  • support for EdDSA signatures / keys (ed25519/ed448)
  • various fixes (ffdhe generation, middlebox compat)
  • support choosing of curve, signature algorithms, etc.
• More options supported in DHCP(v6), IPv6, DNS/LLMNR (special thanks to evverx)
• Bluetooth, 802.11: new payloads supported
• IPSEC: AES-NULL-GMAC support
• [breaking] Merge EAPOL contrib into EAP
• fix latex theme
• IKEv2, ISAKMP: NAT traversal support, and other fixes (notify, ...)
• Minor fixes in Netflow, NTP, SCTP, TACACS
• [deprecation] Deprecate Winpcap support on Windows (please use Npcap instead if you are not already using it).
• [removal] Remove ubberlogger.
• cache get_if_hwaddr for performance
• fix arping without IP
• [new] tcpros layer (ROS 1.1)
• many more fixes

Changelog

Scapy v2.5.0 is the last version to support Python 2.7

Main Changes

• Type hinting of Scapy core: Scapy now provides type hintings for all of its core
• Python 3.9 and 3.10 support
• macOS 10.15 support
• update built-in dependencies (six) + and our cryptography imports that created warnings
• fix sniffing performance issues with 2.4.4+ on Windows
• greatly improve BPF (macOS) support (timestamps...)
• enhanced loopback interface support on Linux, *BSD, and Windows
• SPDX License identifiers added
• several major CLI improvements, especially in autocompletion: you can now auto-complete the names for all Scapy fields, automatons, answering machines thanks to signature injection (and patches in IPython/bpython)

Core

• improved support of BPF
• support pcapng writing, comments, TLS secrets decryption block
• Re-work how sent_time is shared across packets iterators
• support new LINUX_SLL2 packet type (new tcpdump versions)
• pipes: performances issues fixed
• tools: fixes to hexdiff, lhex...
• [breaking] FlagsField in dict mode now uses values instead of offsets

Layers

• new layers related to Windows: DCERPC/NTLM/KERBEROS/GSSAPI/SPNEGO/(C)LDAP.
• new contrib layers: ESMC/RTPS/RTPC/metawatch
• rework Netbios/SMB1/SMB2, basic SMB clients & server, ntlm relay
• several fixes to the TLS implementation
• major zigbee/6lowpan improvements
• bug fixes in TLS: properly support FFDH, fix the TLS 1.3 notebooks... among other things
• p0f module update
• IPsec: fixes, x25519 support...
• various updates to the ASN.1 engine
• IKEv2: fixes, UDP encapsulation
• STUN support
• Postgres line protocol 3.0 support
• EDNS0 client subnet support
• ESMC protocol added
• support TCP-MD5 and TCP-AO options
• ERF Ethernet Support
• many fixes: modbus, 802.11, BTLE, SCTP, DNS, LLDP, Kerberos, RTPS, DHCP, MQTT, BGP, L2TP...

Automotive

• ISOTPSoftSocket: Bug fixes and performance improvements
• Documentation and API-Doc improvements
• Unit-Test speedups for Scanners
• IPv6 support for DoIP
• Bugfixes for DoIP
• Unit-Test cleanups
• UDS-, GMLAN- and OBD-Scanner refactoring
• CANFD support

Misc

• new sanity rules prevent fields from having the same name in all packets
  • Currently displays a warning but will become a SyntaxError in the future!
• archives of the Scapy repo should now have more consistent hashes

Main Changes

Changelog

Core

• 354 commits to master since v2.4.4, from 73 contributors
• Python 3.9 support
• New interfaces system. conf.iface is now an object (retro-compatible as a string) which contains additional information about the interface and allows for an automatic selection of the socket type. conf.ifaces now lists all available interfaces.
• Fix *BSD support. Improve filters handling on Linux and libpcap
• Automaton: support for STOP event - allows to cleanly end an Automata. Implemented in all Scapy's automatons
• [Deprecated] Naming different fields with the same name will now raise a deprecation warning. This behavior has never properly worked and should never be necessary
• Enhance Net and Net6
• Improvements to scapy's logging, colored output and to UTscapy
• Fix edge-cases with ConditionalField and MultipleTypeField to make them more resilient
• [Doc] Enhancements: improved MultipleTypeField handling, add view source.
• [Internal] Move the test suite to GitHub Actions
• [Internal] Unit test housekeeping
• [Internal] Begin type hinting

Layers

• 6LoWPAN refactor
• TLS improvements (TLS 1.3 server downgrade, TLS 1.2 EXT MS...)
• HTTP improvements (http_request, support for zstd...)
• Refactor TunTap support
• Cleanup MACsec
• Many small bug fixes or improvements to layers (SMB2, BFD, DNS, Zigbee, EAP, HomeplugGP, DHCPv6, 802.11...)

Automotive

• Renaming of ENET to HSFZ
• Added XCP layer
• Added DoIP layer
• [Internal] Cleanup of interface preparation code in unit tests
• Renaming of ECU to Ecu
• Refactoring of EcuState class to be more versatile
• [Internal] Started with typing
• [Internal] Multiple minor cleanups
• Minor updates to the documentation

Main Changes

Core

• 784 commits to master since this v2.4.3
• fix how timestamps are measured on layer 3 (broken since 2.4.1)
• drop DNET support (deprecated since 2.4.0)
• Scapy will now use libpcap instead of tcpdump to compile the filters (tcpdump is still used to filter pcaps)
• major changes to the online doc: add an automatically generated API reference with visual representation of each layer, move to Sphinx 3.0.0, new layer-specific doc...
• *BSD fixes
• more doc to many functions

Layers

• New layers (homeplug sg, smb2, NSH, RPL, ERSPAN, BFD, ROCE...)
• TLS: TLS 1.3 support & many fixes
• 802.11 improvements / WPA3 detection
• Netflow 9 fixes
• Major refactor & changes of the Automotive layers
• HTTP changes
• DHCPv6 fixes according to revision of the RFC
• Bluetooth improvements (+BLE)
• minor fixes to Radius, PPP, GTP, IPsec, CDP, VTP, HTTP/2, ...

Main Changes

Core

• 364 commits since v2.4.2
• better native support for FreeBSD, NetBSD, OpenBSD
• Windows: native RAW sockets support, load interfaces/routes using C calls, ...
• Solaris: fixed support
• latency improvements
• sniff() can be used to test BPF fiters on pcap files
• more unit tests and Python3 compatibility
• asynchronous sniffing
• UTScapy vim syntax highlighting
• drop distutils for setuptools
• Console / IPython integration improvements

Layers

Major changes

New

• HTTP (from the deprecated scapy-http module), TLS 1.3, ATA over Ethernet, OVD, IEC 60870-5-104, enip, ...

Improved

• NetflowV9, ISOTP, Zigbee, RTR, BLE, PPI, DNS, LLDP, ...
• Bluetooth/BTLE rework
• PPI / 802.11 improvements

Main changes

• Gabriel Potter is officially part of the Scapy maintainers team
• PEP08 compliance (see #1277)
• Speed improvements (see #642)

Core

• 253 merged pull requests since v2.4.0
• Python 3.7 support
• Enhanced Windows support
• unit testing is now 100% tox based

Layers

Major changes

• Many automotive related layers added (ISO-TP...)

New

• EtherCat
• OPCDA
• SOCKS
• USBpcap
• RPKI

Improved

• MACsec, MQTT, MPLS, DNS, ARP, Dot15d4, Zigbee, Bluetooth4LE, RadioTap ...
• Enhanced monitor mode support

Other

• addresses a v2.4.0 vulnerability

Main changes

• Python3 support
• 85% code coverage

Core

• Pcap/PcapNg improvements
• enhanced Windows support
• OpenBSD improvements
• OSX 802.11 monitor mode
• Krack AP module
• iPython support
• automatically tested on Linux, OSX & Windows
• ...

Layers

Major changes

TLS (including TLS1.3), X.509 ...

New

HTTP/2, EAP-TTLS, TACACS, MQTT ...

Improved

IPv6, SCTP, NTP, PPTP, CDP, BGP, ISIS ...

Note: all releases tags before 2.4.0 are imported from http://freshmeat.sourceforge.net/projects/scapy
This release adds a contrib section filled with old contributions that were not distributed with Scapy yet: CDP, IGMP, MPLS, CHDLC, SLARP, WPA EAPOL, DTP, EIGRP, VQP, BGP, OSPF, VTP RSVP, EtherIP, RIPng, and IKEv2. It fixes some bugs.