Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Find out the subnetting of a company

From: Martin Mačok <martin.macok () underground cz>
Date: Fri, 23 Jul 2004 09:33:06 +0200
On Tue, Jul 20, 2004 at 12:53:43PM -0400, David M. Zendzian wrote:


Isn't there some icmp or ip based packet that can be sent to most
devices querying the subnet theyare in?


I recommend The Hackers Choice THC-RUT. I use it to quickly scan large
networks through ARP/ICMP/IP requests and it works great. It runs on
Linux, BSD and Solaris.

http://www.thc.org/thc-rut/

 RUT (aRe yoU There, pronouced as 'root') is your first knife on
 foreign network. It gathers informations from local and remote
 networks.

 It offers a wide range of network discovery utilities like arp lookup
 on an IP range, spoofed DHCP request, RARP, BOOTP, ICMP-ping, ICMP
 address mask request, OS fingerprinting, high-speed host discovery,
 ...

 THC-RUT comes with a OS host Fingerprinter which determines the
 remote OS by open/closed port characteristics, banner matching and
 nmap fingerprinting techniques (T1, tcpoptions).

 The fingerprinter has been developerd to quickly (10mins) categorize
 hosts on a Class B network. Information sources are (amoung others)
 SNMP replies, telnetd (NVT) negotiation options, generic Banner
 Matching, HTTP-Server version, DCE request and tcp options. It is
 compatible to the nmap-os-fingerprints database and comes in addition
 to this with his own perl regex capable fingerprinting database
 (thcrut-os-fingerprints).

The latest version is
http://www.thc.org/download.php?t=r&f=thcrut-1.2.5.tar.gz

Martin Mačok
IT Security Consultant
Previous By Date Next
Previous By Thread Next

Current thread: