ICMP shell for Linux — tunnels commands and output through ICMP echo packets.
- Python 3
- Scapy (
pip install scapy) - Root / sudo (raw sockets require privileges)
sudo python3 ping.py -i eth0sudo python3 pwn.py eth0 <target_ip>You get an interactive shell prompt. Type commands as usual — cd, ls,
cat /etc/passwd, etc. Type exit to quit.
- The client sends shell commands inside ICMP echo-request payloads.
- The server sniffs ICMP, extracts the command, runs it, and sends the output back as ICMP packets.
- Large outputs are automatically chunked to stay within MTU limits.
- A 4-byte magic header (
PPWN) prevents the shell from reacting to normal ping traffic.
- Python 3 with proper byte handling
- Interactive prompt with working directory tracking
cdsupport (directory changes persist across commands)- Chunked output reassembly for large command results
- 30-second command timeout
- Graceful exit handling
- Configurable network interface via CLI args
This tool is intended for authorized security testing, CTF challenges, and educational purposes only. Do not use it without explicit permission on systems you do not own.