Re: Find out the subnetting of a company

From: Martin Mačok (martin.macok_at_underground.cz)
Date: 07/23/04

  • Next message: Jeremiah Grossman: "WASC Releases Web Security Threat Classification"
    Date: Fri, 23 Jul 2004 09:33:06 +0200
    To: pen-test@securityfocus.com
    
    

    On Tue, Jul 20, 2004 at 12:53:43PM -0400, David M. Zendzian wrote:

    > Isn't there some icmp or ip based packet that can be sent to most
    > devices querying the subnet theyare in?

    I recommend The Hackers Choice THC-RUT. I use it to quickly scan large
    networks through ARP/ICMP/IP requests and it works great. It runs on
    Linux, BSD and Solaris.

    http://www.thc.org/thc-rut/

     RUT (aRe yoU There, pronouced as 'root') is your first knife on
     foreign network. It gathers informations from local and remote
     networks.

     It offers a wide range of network discovery utilities like arp lookup
     on an IP range, spoofed DHCP request, RARP, BOOTP, ICMP-ping, ICMP
     address mask request, OS fingerprinting, high-speed host discovery,
     ...

     THC-RUT comes with a OS host Fingerprinter which determines the
     remote OS by open/closed port characteristics, banner matching and
     nmap fingerprinting techniques (T1, tcpoptions).

     The fingerprinter has been developerd to quickly (10mins) categorize
     hosts on a Class B network. Information sources are (amoung others)
     SNMP replies, telnetd (NVT) negotiation options, generic Banner
     Matching, HTTP-Server version, DCE request and tcp options. It is
     compatible to the nmap-os-fingerprints database and comes in addition
     to this with his own perl regex capable fingerprinting database
     (thcrut-os-fingerprints).

    The latest version is
    http://www.thc.org/download.php?t=r&f=thcrut-1.2.5.tar.gz

    Martin Mačok
    IT Security Consultant


  • Next message: Jeremiah Grossman: "WASC Releases Web Security Threat Classification"

    Relevant Pages

    • RE: Find out the subnetting of a company
      ... Find out the subnetting of a company ... It offers a wide range of network discovery utilities like arp lookup ... address mask request, OS fingerprinting, high-speed host discovery, ... nmap fingerprinting techniques. ...
      (Pen-Test)
    • Re: kern/131153: [iwi] iwi doesnt see a wireless network
      ... Subject: kern/131153: iwi doesn't see a wireless network ... EAPOL: SUPP_PAE entering state DISCONNECTED ... Selecting BSS from priority group 0 ... Setting scan request: 0 sec 0 usec ...
      (freebsd-net)
    • [SLE] network manager wont connect - 10.1
      ... Network manager has been excellent at connecting to ... NetworkManager - we are trying to connect to linksys-t on interface ath0 ... wpa_supplicant: Setting scan request: 0 sec 0 usec ... wpa_supplicant: WPA: clearing AP WPA IE ...
      (SuSE)
    • RE: Passive OS Fingerprinting was Cisco CTR etc
      ... Passive OS Fingerprinting was Cisco CTR etc ... Between you and I I used CyberCop a few years ... it if one got it to network map properly after a scan. ... > Although not as nifty as the comet tail network mapping RNA offers. ...
      (Focus-IDS)
    • Re: HTTP 400 - Bad Request
      ... Windows Server 2003 comes with Network Monitor, ... none of those settings have ANYTHING to do with a 400 Bad Request. ... and IIS never bothered to execute it. ...
      (microsoft.public.inetserver.iis)