Re: portscanner written in PHP
From: H D Moore (hdm@secureaustin.com)Date: 10/16/01
- Previous message: Jon O .: "Re: Securing VOIP?"
- In reply to: MegaHz: "Re: portscanner written in PHP"
- Next in thread: Napnap: "Re: portscanner written in PHP"
- Reply: Napnap: "Re: portscanner written in PHP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <20011015235845.11742.qmail@securityfocus.com> From: H D Moore <hdm@secureaustin.com> To: "MegaHz" <costcon@cytanet.com.cy> Subject: Re: portscanner written in PHP Date: Mon, 15 Oct 2001 18:58:40 -0500
I wrote a distributed port scanner in php a few months back:
http://www.digitaloffense.net/phpDistributedPortScanner/
The public version supports unlimited nodes and a primitive form of
authentication. It can be fairly hard to trace the source of the scan because
the master can be accessed via one or more proxies and the connection
attempts only occur from the slave nodes. The communication protocol is
really simply and it would be trivial to add timing options and a much more
random port->node dispersal.
The development (aka nonpublic) version uses encrypted comms (shared secret
for now) and the 'agent' code consists of a wrapper which decrypt's and
eval()'s the code sent by the master. Master agents can be chained together
to transparently spread a scan across dozens of systems. In short, the agent
is only responsilble for authenticating code from a master system, just
viewing the source of the agent will not disclose the purpose of the script.
I have some other projects in the works which perform some much more
interesting tasks using the same distributed architecture. Think of an
attack-proxy system which uses randomly chained multiple relayers capable of
transforming the data as it passes through. The agent code is going to be
slimmed down enough so that it can be "injected" into any arbitrary php
script transforming it into a slave node on the fly. I am looking for
experienced php developers to help on this project, so if anyone is
interested...
-- H D Moore http://www.digitaldefense.net - work http://www.digitaloffense.net - play---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Previous message: Jon O .: "Re: Securing VOIP?"
- In reply to: MegaHz: "Re: portscanner written in PHP"
- Next in thread: Napnap: "Re: portscanner written in PHP"
- Reply: Napnap: "Re: portscanner written in PHP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
