[Full-Disclosure] [ElectronicSouls] subnet scanner faster than nmap

From: es@hush.com
Date: 11/29/02

From: es@hush.com (es@hush.com)
Date: Fri, 29 Nov 2002 01:07:50 -0800


Before we wrote the network DDOS code that was responsible for
holding down a prominent blackhat wannabe website, we experimented
with various scanners -- such as the subnet scanner below.

This scanner literally steamrolls nmap. Nmap is very crappy code.
This code makes nmap look like a dwarf. We fork off 255 processes
to handle a /24 subnet, including xxx.xxx.xxx.255 for good measure
(future compatibility -- always a good thing). By forking this
many processes instead of using threads, we reduce resource
consumption tremendously, as running the pr0ggie 255 times in
a threaded shell environment is bad on system resources. We also
use alarm() timeouts on the connects because non-blocking connects
are too complex for a scanner designed for simplicity such as this
one. Either way, nmap bites the dust. Fyodor can't code, his stuff
is a complete mess -- we, on the other hand, understand advanced
software engineering concepts such as loose coupling and tight
cohesion and therefore... well we'll let our code speak for

   Class C Subnet Scanner
   a ElectronicSouls production.

   (C) BrainStorm

   simple but fast !

#include <stdio.h>
#include <stdlib.h>
#include <sys/signal.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include <errno.h>

#define PORT 22

int main (int argc, char *argv[])

  int fd,
      counter = 0;

  char host[30];
  char *ip;

  struct sockaddr_in target;

  if (argc < 2)
    printf ("Usage: %s <class-c> <port>\n", argv[0]);
    exit (1);

 if(argv[2] != NULL)



      printf("error: invalid class c\n");

      printf("\n *** ElectronicSouls Class C Subnet Scanner ***\n");
      printf(" (C) BrainStorm \n\n");

      while (counter < 255)
        sprintf (host, "%s.%d\n",ip,counter);

        if ((fork ()) == 0)
          target.sin_family = AF_INET;
          target.sin_port = htons (port);
          target.sin_addr.s_addr = inet_addr (host);
          fd = socket (AF_INET, SOCK_STREAM, 0);

          if (fd < 0)
            perror ("Socket");
            exit (2);
          alarm (3);
          res = connect (fd,(struct sockaddr *)&target,sizeof(target));

          if (res == 0)
            printf ("%s", host);
            close (fd);

            exit (0);
  close (fd);
  exit (0);

The Electronic Souls Crew
[ElectronicSouls] (c) 2002

"You can take my breath away."

Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify


Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Big $$$ to be made with the HushMail Affiliate Program: