scapy
Scapy is a Python library for building, sending, and analyzing network packets. It replaces or extends the functionality of tools like tcpdump, Wireshark, and nmap for network testing, security research, and protocol development.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | secdev/scapy |
| Owner | secdev |
| Primary language | Python |
| License | GPL-2.0 — OSI-approved |
| Stars | 12.4k |
| Forks | 2.2k |
| Open issues | 138 |
| Latest release | v2.7.0 (2025-12-26) |
| Last updated | 2026-07-08 |
| Source | https://github.com/secdev/scapy |
What scapy is
Scapy provides packet crafting, capture, and manipulation across multiple protocols (IP, TCP, UDP, ICMP, 802.11, TLS, HTTP/2, etc.). It runs as an interactive shell or importable Python library, supports pcap I/O, and works cross-platform on Linux, BSD, macOS, and Windows with Python 3.7+.
Get the scapy source
Clone the repository and explore it locally.
git clone https://github.com/secdev/scapy.gitcd scapy# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires root/administrator privileges for packet injection and raw socket access on most OS.
- Cross-platform deployment demands OS-specific dependency management (libpcap on Linux/BSD, Npcap on Windows).
- Optional features (plotting, TLS, cryptography) depend on additional Python packages; evaluate at installation time.
- Packet crafting defaults are permissive and may bypass protocol sanity checks; validate output for compliance.
- Interactive shell mode aids prototyping but library mode is required for production automation; test both contexts.
When to avoid it — and what to weigh
- GPL v2 Commercial Restrictions — If you require closed-source or proprietary derivatives, GPL v2 licensing requires source disclosure. Requires legal review before commercial embedding.
- High-Throughput Packet Processing — Scapy is not optimized for bulk packet processing or real-time capture at line rate. Consider alternatives like libpcap bindings or DPDK for performance-critical workloads.
- Windows as Primary Target — While Scapy runs on Windows, it requires manual installation of libpcap or Npcap and dependencies. Native Windows performance and usability lag behind Linux.
- Enterprise GUI/Monitoring Suite — Scapy is CLI/script-focused. If you need a managed GUI dashboard or SIEM integration, it requires custom wrapper development.
License & commercial use
Scapy is licensed under GPL v2. Code, tests, and tools require source disclosure if modified and distributed. Documentation is CC BY-NC-SA 2.5 (non-commercial with attribution).
GPL v2 permits commercial use of unmodified Scapy as a library dependency, but any modifications or derivative works must be open-sourced under GPL v2. Using Scapy as-is in a commercial product is permissible; embedding and modifying it requires legal review and likely open-source compliance infrastructure. Requires clearance from legal/compliance before proprietary deployment.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
Scapy enables raw packet injection and network spoofing; intended for authorized testing only. No built-in audit logging or integrity checks; operator must enforce access controls. Network packets it sends bypass standard OS firewalls; malformed packets can crash or confuse network infrastructure. Use in controlled/authorized environments. Cryptography features rely on optional external modules (cryptography package); evaluate their security posture separately.
Alternatives to consider
libpcap + pypcap (Python bindings)
Lower-level packet capture without packet crafting overhead; better for high-throughput capture. Steeper API learning curve; less integrated protocol support.
dpkt (pure Python packet parsing)
Lighter-weight packet decoder; no OS privileges required. No packet injection or interactive shell; primarily for offline pcap analysis.
Wireshark (GUI) + tshark (CLI)
Superior packet analysis, visualization, and dissection. Cannot easily craft or inject custom packets; designed for passive capture and inspection.
Build on scapy with DEV.co software developers
Scapy accelerates packet-level testing and network research, but GPL v2 licensing and platform-specific setup require upfront planning. Let's assess fit for your use case and compliance requirements.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
scapy FAQ
Can I use Scapy in a commercial product without open-sourcing my code?
Does Scapy work on Windows?
Is Scapy suitable for high-speed packet processing?
What Python versions are supported?
Work with a software development agency
From first prototype to production, DEV.co delivers software development services around tools like scapy. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source security and beyond.
Evaluate Scapy for Your Network Security or Protocol Development Project
Scapy accelerates packet-level testing and network research, but GPL v2 licensing and platform-specific setup require upfront planning. Let's assess fit for your use case and compliance requirements.