[Full-Disclosure] [ElectronicSouls] subnet scanner faster than nmap

From: es@hush.com
Date: 11/29/02

From: es@hush.com (es@hush.com)
Date: Fri, 29 Nov 2002 01:07:50 -0800


Before we wrote the network DDOS code that was responsible for
holding down a prominent blackhat wannabe website, we experimented
with various scanners -- such as the subnet scanner below.

This scanner literally steamrolls nmap. Nmap is very crappy code.
This code makes nmap look like a dwarf. We fork off 255 processes
to handle a /24 subnet, including xxx.xxx.xxx.255 for good measure
(future compatibility -- always a good thing). By forking this
many processes instead of using threads, we reduce resource
consumption tremendously, as running the pr0ggie 255 times in
a threaded shell environment is bad on system resources. We also
use alarm() timeouts on the connects because non-blocking connects
are too complex for a scanner designed for simplicity such as this
one. Either way, nmap bites the dust. Fyodor can't code, his stuff
is a complete mess -- we, on the other hand, understand advanced
software engineering concepts such as loose coupling and tight
cohesion and therefore... well we'll let our code speak for

   Class C Subnet Scanner
   a ElectronicSouls production.

   (C) BrainStorm

   simple but fast !

#include <stdio.h>
#include <stdlib.h>
#include <sys/signal.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include <errno.h>

#define PORT 22

int main (int argc, char *argv[])

  int fd,
      counter = 0;

  char host[30];
  char *ip;

  struct sockaddr_in target;

  if (argc < 2)
    printf ("Usage: %s <class-c> <port>\n", argv[0]);
    exit (1);

 if(argv[2] != NULL)



      printf("error: invalid class c\n");

      printf("\n *** ElectronicSouls Class C Subnet Scanner ***\n");
      printf(" (C) BrainStorm \n\n");

      while (counter < 255)
        sprintf (host, "%s.%d\n",ip,counter);

        if ((fork ()) == 0)
          target.sin_family = AF_INET;
          target.sin_port = htons (port);
          target.sin_addr.s_addr = inet_addr (host);
          fd = socket (AF_INET, SOCK_STREAM, 0);

          if (fd < 0)
            perror ("Socket");
            exit (2);
          alarm (3);
          res = connect (fd,(struct sockaddr *)&target,sizeof(target));

          if (res == 0)
            printf ("%s", host);
            close (fd);

            exit (0);
  close (fd);
  exit (0);

The Electronic Souls Crew
[ElectronicSouls] (c) 2002

"You can take my breath away."

Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify


Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Big $$$ to be made with the HushMail Affiliate Program:

Relevant Pages

  • Re: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket
    ... firewalls or packet filters between the scanner and target. ... create an audit trail of the scan and see anything that Nmap fails to ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
  • RE: Port Scanner Reports
    ... It'd be really easy to script with just about any CLI-based scanner, ... I believe this would include nmap - so you run nmap against ... Cross site scripting and other web attacks before hackers do! ...
  • RE: NMAP - 3.50 changes mstask.exe?
    ... Its only a scanner. ... NMAP - 3.50 changes mstask.exe? ... This email transmission and any documents, files, ... If you are not the intended recipient, ...
  • Scanning for "live" hosts, nmap vs unicornscan (scanrand?)
    ... I'm trying to scan network ranges for "live" IPs to feed to a vulnerability scanner. ... I'm using both nmap and unicornscan currently to try and determine which may be more accurate for my discovery. ...
  • Re: Avvia con un Foundation tool
    ... non e' niente di segreto ... int main ... while (![scanner isAtEnd]) ...