DEV.co
Open-Source Security · secdev

scapy

Scapy is a Python library for building, sending, and analyzing network packets. It replaces or extends the functionality of tools like tcpdump, Wireshark, and nmap for network testing, security research, and protocol development.

Source: GitHub — github.com/secdev/scapy
12.4k
GitHub stars
2.2k
Forks
Python
Primary language
GPL-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorysecdev/scapy
Ownersecdev
Primary languagePython
LicenseGPL-2.0 — OSI-approved
Stars12.4k
Forks2.2k
Open issues138
Latest releasev2.7.0 (2025-12-26)
Last updated2026-07-08
Sourcehttps://github.com/secdev/scapy

What scapy is

Scapy provides packet crafting, capture, and manipulation across multiple protocols (IP, TCP, UDP, ICMP, 802.11, TLS, HTTP/2, etc.). It runs as an interactive shell or importable Python library, supports pcap I/O, and works cross-platform on Linux, BSD, macOS, and Windows with Python 3.7+.

Quickstart

Get the scapy source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/secdev/scapy.gitcd scapy# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Network Security Testing & Penetration Testing

Craft custom packets for scanning, ARP spoofing, VLAN hopping, and attack simulation. Ideal for red-team exercises and protocol fuzzing.

Protocol Development & Network Research

Rapidly prototype and test custom or non-standard network protocols. Decode and inspect packet structures in real-time with minimal boilerplate.

Network Troubleshooting & Forensics

Capture, decode, and analyze pcap files. Combine techniques (e.g., VoIP decoding, 802.11 frame injection) that standalone tools cannot easily perform.

Implementation considerations

  • Requires root/administrator privileges for packet injection and raw socket access on most OS.
  • Cross-platform deployment demands OS-specific dependency management (libpcap on Linux/BSD, Npcap on Windows).
  • Optional features (plotting, TLS, cryptography) depend on additional Python packages; evaluate at installation time.
  • Packet crafting defaults are permissive and may bypass protocol sanity checks; validate output for compliance.
  • Interactive shell mode aids prototyping but library mode is required for production automation; test both contexts.

When to avoid it — and what to weigh

  • GPL v2 Commercial Restrictions — If you require closed-source or proprietary derivatives, GPL v2 licensing requires source disclosure. Requires legal review before commercial embedding.
  • High-Throughput Packet Processing — Scapy is not optimized for bulk packet processing or real-time capture at line rate. Consider alternatives like libpcap bindings or DPDK for performance-critical workloads.
  • Windows as Primary Target — While Scapy runs on Windows, it requires manual installation of libpcap or Npcap and dependencies. Native Windows performance and usability lag behind Linux.
  • Enterprise GUI/Monitoring Suite — Scapy is CLI/script-focused. If you need a managed GUI dashboard or SIEM integration, it requires custom wrapper development.

License & commercial use

Scapy is licensed under GPL v2. Code, tests, and tools require source disclosure if modified and distributed. Documentation is CC BY-NC-SA 2.5 (non-commercial with attribution).

GPL v2 permits commercial use of unmodified Scapy as a library dependency, but any modifications or derivative works must be open-sourced under GPL v2. Using Scapy as-is in a commercial product is permissible; embedding and modifying it requires legal review and likely open-source compliance infrastructure. Requires clearance from legal/compliance before proprietary deployment.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityModerate
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Scapy enables raw packet injection and network spoofing; intended for authorized testing only. No built-in audit logging or integrity checks; operator must enforce access controls. Network packets it sends bypass standard OS firewalls; malformed packets can crash or confuse network infrastructure. Use in controlled/authorized environments. Cryptography features rely on optional external modules (cryptography package); evaluate their security posture separately.

Alternatives to consider

libpcap + pypcap (Python bindings)

Lower-level packet capture without packet crafting overhead; better for high-throughput capture. Steeper API learning curve; less integrated protocol support.

dpkt (pure Python packet parsing)

Lighter-weight packet decoder; no OS privileges required. No packet injection or interactive shell; primarily for offline pcap analysis.

Wireshark (GUI) + tshark (CLI)

Superior packet analysis, visualization, and dissection. Cannot easily craft or inject custom packets; designed for passive capture and inspection.

Software development agency

Build on scapy with DEV.co software developers

Scapy accelerates packet-level testing and network research, but GPL v2 licensing and platform-specific setup require upfront planning. Let's assess fit for your use case and compliance requirements.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

scapy FAQ

Can I use Scapy in a commercial product without open-sourcing my code?
Using unmodified Scapy as a library dependency is permissible. Modifying or embedding its code in a proprietary product requires GPL v2 compliance (source disclosure). Legal review required.
Does Scapy work on Windows?
Yes, but requires manual setup of Npcap (or WinPcap) and Python dependencies. Linux/BSD is the primary target platform; Windows support is functional but less polished.
Is Scapy suitable for high-speed packet processing?
No. Scapy prioritizes ease of use and flexibility over performance. For real-time packet processing at gigabit speeds, use libpcap bindings, DPDK, or kernel-level solutions.
What Python versions are supported?
Python 3.7 and later. Python 2 is no longer supported.

Work with a software development agency

From first prototype to production, DEV.co delivers software development services around tools like scapy. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source security and beyond.

Evaluate Scapy for Your Network Security or Protocol Development Project

Scapy accelerates packet-level testing and network research, but GPL v2 licensing and platform-specific setup require upfront planning. Let's assess fit for your use case and compliance requirements.