Dailydave mailing list archives
RE: Unicornscan
From: robert () dyadsecurity com
Date: Tue, 5 Oct 2004 02:58:14 -0700
That's really cool. It's written entirely in C, I imagine? How is a "unicornnode" set up? -dave
(I'm forwarding this for Jack, who isn't subscribed - Robert) You just start a couple of nodes in "drone" mode (the full code is missing in the 0.4.2 release to support that) and inform the "master" that its "drones" are remote now, and it wont fork processes to handle the work, it'll just connect to them over a tcp socket. When you start one of the scanner "nodes" in "drone" mode, the master thread just acts as a proxy to the worker, allowing a remote "master" to talk to the worker on non-local boxes. The documentation for it is terrible right now and the code isn't even complete in the release (though if you were clever you could see what I took out and get it working again without a lot of pain). The next release will have a lot more support for a more simple interface for "clustering" thats "user-friendly" (one of the reasons it was removed) from the code thats on the website now. It turns out that people really like that feature (something i didn't plan for) so we're working on a new interface for it anyhow. The tcp connection code is POC at this point, and is already mostly rewritten (for a 2 way `socket' type thing) possibly even exporting a "socket API" in the near future with a list of stacks it knows how to act like (though it will be a while before it behaves like a real stack in some respects). We are even planning to add python or some scripting support to its "configuration" syntax for doing things that are *ahem* more complex (like more involved payload generation without writing in C). But there is a lot of things to get done, the code base is growing really fast, so I spend quite a bit of time removing things and making generic replacements. Currently I'm removing libnet and replacing that with a library (that I'm writing :/) that has a better more `fragrouter' type interface for IDS evasion thats easy to use from a higher level. Oh yeah, its written in C and it uses flex/bison too. Also adding TCP triggers to allow for custom payload content. This is a poc format: } triggers[] = { {80, "OPTIONS / HTTP/1.1\r\nHost: %i:%p\r\n\r\n", "^(Server|Allow)"} We will support ASCII, octal, hex, etc just like the UDP custom payloads. Anyhow id like to hear about more things people want to use it for :]. Port scanning is a bit dull, it's certainly possible to up the application layer support in the modules to allow some neat stuff. Jack -- Robert E. Lee CTO, Dyad Security, Inc. W - http://www.dyadsecurity.com E - robert () dyadsecurity com M - (949) 394-2033 http://www.unicornscan.org _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- RE: Unicornscan robert (Oct 05)