GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  UNICORNSCAN (1)

NAME

unicornscan - Enhanced network scanner

CONTENTS

Synopsis
Description
Options
Examples
Bugs
Authors
Warnings And Disclaimers
See Also

SYNOPSIS

unicornscan [OPTIONS] [HOSTLIST]

DESCRIPTION

unicornscan ( http://www.dyadsecurity.com/unicornscan/ ) is a modular flexable network scanner, it reads configuration files to get options and udp payloads, command line arguments may be used to override the options found in the configuration files. The configuration files will be located in the PREFIX (default /usr/local) share/unicornscan directory.

Host List syntax is one of ‘host.domain.tld’ or dot quad ‘X.X.X.X’ with an optional CIDR mask prefixed by a forward slash, and a port list following prefixed with a colon. The following hostlists are valid examples:
host.domain.tld/24:q
10.0.0.1:1-40
192.168.2.3/30:1,2,3,4,50-60

OPTIONS

-b, --broken-crc OPTION
Set broken crc sums on [T]ransport layer, [N]etwork layer, or both[TN].
-B, --source-port OPTION
Set scan source port using numeric option.
-D, --no-defpayload
No default payload, only probe ports we have payloads for (currently udp only).
-e, --enable-output OPTION
Enable output modules listed as arguments.
-h, --help
Display command line help.
-i, --interface OPTION
Use the network interface specified in OPTION.
-E, --show-errors
Track icmp errors and tcp non-open replies.
-m, --mode OPTION
Use OPTION scan mode, tcp syn scan is default, U for udp T for tcpsyn. for -mT you can also specify tcp flags following the T like -mTsFpU for example. ‘-mTsFpU’ would send tcp syn packets with NO Syn,FIN,NO Push,URG bits inside the tcp header. (see http://www.iana.org/assignments/tcp-header-flags for more info)
-M, --module-dir OPTION
Directory modules are found at.
-p, --no-patience
Display things as we find them.
-P, --pcap-filter
Extra pcap filter string for listener (like not port 162 perhaps)
-r, --pps OPTION
Scan at base10 numeric OPTION packets per second. This value is total, not per host, and is highly connection dependent (on both ends).
-R, --repeats OPTION
Repeat packet scan base10 numeric OPTION times.
-s, --source-addr OPTION
Source address to send packets from (dot quad notation), ‘r’ for random.
-S, --no-shuffle
DO NOT shuffle port list before sending.
-t, --ip-ttl OPTION
Set IP TTL on packets to base10 numeric OPTION.
-T, --ip-tos OPTION
Set IP TOS on packets to base10 numeric OPTION.
-w, --safefile OPTION
Write pcap file of recieved packets to OPTION file. Note that ‘%d’ is escaped into a numeric unix timestamp, to use a ‘%’ character in a filename, use ‘%%’.
-W, --fingerprint
Emulate OS fingerprint 0=cisco (default) 1=openbsd 2=WindowsXP for packets sent.
-v, --verbose
Verbose operation, each time more verbose (for -v), so -vvvvv is really verbose, and --verbose can take a base10 numeric value as well.
-V, --version
Display version information.

EXAMPLES

unicornscan www.domain.tld/24:161,53,123 -mU -r 400
Scan the 256 hosts inside the network that www.domain.tld resides for snmp, dns, and ntp in udp scanning mode with a rate of 400 packets per second
unicornscan 192.168.1.233:q
TCP syn scan host 192.168.1.233 (/32 is implied) for "Quick" Ports
unicornscan -B53 -mTEC -R2 -W2 -t5 www.domain.tld/16:22
TCP syn scan the class B network www.domain.tld resides in with TCP packets coming from source port 53 with the tcp header flags SYN, ECE (ECN echo), and CWR (ECN Congestion Window Reduced). Initial time to live on sent ip packet should be set to ‘5’ hops.
unicornscan -B22 -sr -mTsR -r 5000 -R 10000 10.0.0.24:31425
Send to the host 10.0.0.24 destination port 31425 TCP packets coming from random ipv4 addresses at 5,000 packets per second for a total packet count of 10,000 packets, note that the TCP sequence numbers will not be random per packet, but rather "random" per session.

BUGS

THIS IS PRE-RELEASE SOFTWARE, EXPECT PROBLEMS, DO NOT:

A) Use for production without monitoring correct operation
B) Use in security "sensitive" environment
C) Please report bugs to unicornscan@dyadsecurity.com
unicornscan also includes three other utilities called "fantaip (ip arp’er)", "unisniff (loopback ipc message debugger)", and "uniconfigtest (configuration file checker)", However these tools remain undocumented. Some flags may not be fully implemented, or removed from this release, not even the configuration file syntax is documented.

AUTHORS

jack@dyadsecurity.com, josh@dyadsecurity.com, robert@dyadsecurity.com, gh0st@rapturesecurity.org

WARNINGS AND DISCLAIMERS

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. We hope you will be responsible with this software, please respect others. Unicornscan is intended to be used with permission, please be aware of local laws restricting its use.

SEE ALSO

tcpdump(1) for pcap filter expression help
Search for    or go to Top of page |  Section 1 |  Main Index


PRE-RELEASE UNICORNSCAN (1) sometime within 2004

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.