[Full-Disclosure] [ElectronicSouls] subnet scanner faster than nmap

From: es@hush.com
Date: 11/29/02


From: es@hush.com (es@hush.com)
Date: Fri, 29 Nov 2002 01:07:50 -0800


-----BEGIN PGP SIGNED MESSAGE-----

Before we wrote the network DDOS code that was responsible for
holding down a prominent blackhat wannabe website, we experimented
with various scanners -- such as the subnet scanner below.

This scanner literally steamrolls nmap. Nmap is very crappy code.
This code makes nmap look like a dwarf. We fork off 255 processes
to handle a /24 subnet, including xxx.xxx.xxx.255 for good measure
(future compatibility -- always a good thing). By forking this
many processes instead of using threads, we reduce resource
consumption tremendously, as running the pr0ggie 255 times in
a threaded shell environment is bad on system resources. We also
use alarm() timeouts on the connects because non-blocking connects
are too complex for a scanner designed for simplicity such as this
one. Either way, nmap bites the dust. Fyodor can't code, his stuff
is a complete mess -- we, on the other hand, understand advanced
software engineering concepts such as loose coupling and tight
cohesion and therefore... well we'll let our code speak for
itself.

/*
   Class C Subnet Scanner
   a ElectronicSouls production.

   (C) BrainStorm

   simple but fast !

 */
#include <stdio.h>
#include <stdlib.h>
#include <sys/signal.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include <errno.h>

#define PORT 22

int main (int argc, char *argv[])
{

  int fd,
      res,
      port,
      counter = 0;

  char host[30];
  char *ip;

  struct sockaddr_in target;

  if (argc < 2)
  {
    printf ("Usage: %s <class-c> <port>\n", argv[0]);
    exit (1);
  }

 if(argv[2] != NULL)

    port=atoi(argv[2]);
    else
    port=PORT;

    ip=argv[1];
    sprintf(host,"%s.255",ip);

    if(!inet_aton(host,&target.sin_addr))
    {
      printf("error: invalid class c\n");
      exit(1);
    }

      printf("\n *** ElectronicSouls Class C Subnet Scanner ***\n");
      printf(" (C) BrainStorm \n\n");

      while (counter < 255)
      {
        ++counter;
        sprintf (host, "%s.%d\n",ip,counter);

        if ((fork ()) == 0)
        {
          target.sin_family = AF_INET;
          target.sin_port = htons (port);
          target.sin_addr.s_addr = inet_addr (host);
          fd = socket (AF_INET, SOCK_STREAM, 0);

          if (fd < 0)
          {
            perror ("Socket");
            exit (2);
          }
          alarm (3);
          res = connect (fd,(struct sockaddr *)&target,sizeof(target));

          if (res == 0)
          {
            printf ("%s", host);
            close (fd);

            exit (0);
            continue;
          }
          exit(0);
        }
    }
  sleep(1);
  close (fd);
  exit (0);
}

The Electronic Souls Crew
[ElectronicSouls] (c) 2002

"You can take my breath away."

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlMEARECABMFAj3nMKIMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltQFUAn0wHrgA8oSx5
iymU7mVxOIV/hyVIAJ0U3VhSG2+yPTL22L+3r8Jc/7P4Mg==
=FvLH
-----END PGP SIGNATURE-----

Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427