Full Disclosure mailing list archives
[ElectronicSouls] subnet scanner faster than nmap
From: es () hush com
Date: Fri, 29 Nov 2002 01:07:50 -0800
-----BEGIN PGP SIGNED MESSAGE----- Before we wrote the network DDOS code that was responsible for holding down a prominent blackhat wannabe website, we experimented with various scanners -- such as the subnet scanner below. This scanner literally steamrolls nmap. Nmap is very crappy code. This code makes nmap look like a dwarf. We fork off 255 processes to handle a /24 subnet, including xxx.xxx.xxx.255 for good measure (future compatibility -- always a good thing). By forking this many processes instead of using threads, we reduce resource consumption tremendously, as running the pr0ggie 255 times in a threaded shell environment is bad on system resources. We also use alarm() timeouts on the connects because non-blocking connects are too complex for a scanner designed for simplicity such as this one. Either way, nmap bites the dust. Fyodor can't code, his stuff is a complete mess -- we, on the other hand, understand advanced software engineering concepts such as loose coupling and tight cohesion and therefore... well we'll let our code speak for itself. /* Class C Subnet Scanner a ElectronicSouls production. (C) BrainStorm simple but fast ! */ #include <stdio.h> #include <stdlib.h> #include <sys/signal.h> #include <sys/socket.h> #include <netinet/in.h> #include <unistd.h> #include <errno.h> #define PORT 22 int main (int argc, char *argv[]) { int fd, res, port, counter = 0; char host[30]; char *ip; struct sockaddr_in target; if (argc < 2) { printf ("Usage: %s <class-c> <port>\n", argv[0]); exit (1); } if(argv[2] != NULL) port=atoi(argv[2]); else port=PORT; ip=argv[1]; sprintf(host,"%s.255",ip); if(!inet_aton(host,&target.sin_addr)) { printf("error: invalid class c\n"); exit(1); } printf("\n *** ElectronicSouls Class C Subnet Scanner ***\n"); printf(" (C) BrainStorm \n\n"); while (counter < 255) { ++counter; sprintf (host, "%s.%d\n",ip,counter); if ((fork ()) == 0) { target.sin_family = AF_INET; target.sin_port = htons (port); target.sin_addr.s_addr = inet_addr (host); fd = socket (AF_INET, SOCK_STREAM, 0); if (fd < 0) { perror ("Socket"); exit (2); } alarm (3); res = connect (fd,(struct sockaddr *)&target,sizeof(target)); if (res == 0) { printf ("%s", host); close (fd); exit (0); continue; } exit(0); } } sleep(1); close (fd); exit (0); } The Electronic Souls Crew [ElectronicSouls] (c) 2002 "You can take my breath away." -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlMEARECABMFAj3nMKIMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltQFUAn0wHrgA8oSx5 iymU7mVxOIV/hyVIAJ0U3VhSG2+yPTL22L+3r8Jc/7P4Mg== =FvLH -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [ElectronicSouls] subnet scanner faster than nmap es (Nov 29)