Re: Find out the subnetting of a company

From: Martin Mačok (martin.macok_at_underground.cz)
Date: 07/23/04

  • Next message: Jeremiah Grossman: "WASC Releases Web Security Threat Classification"
    Date: Fri, 23 Jul 2004 09:33:06 +0200
    To: pen-test@securityfocus.com
    
    

    On Tue, Jul 20, 2004 at 12:53:43PM -0400, David M. Zendzian wrote:

    > Isn't there some icmp or ip based packet that can be sent to most
    > devices querying the subnet theyare in?

    I recommend The Hackers Choice THC-RUT. I use it to quickly scan large
    networks through ARP/ICMP/IP requests and it works great. It runs on
    Linux, BSD and Solaris.

    http://www.thc.org/thc-rut/

     RUT (aRe yoU There, pronouced as 'root') is your first knife on
     foreign network. It gathers informations from local and remote
     networks.

     It offers a wide range of network discovery utilities like arp lookup
     on an IP range, spoofed DHCP request, RARP, BOOTP, ICMP-ping, ICMP
     address mask request, OS fingerprinting, high-speed host discovery,
     ...

     THC-RUT comes with a OS host Fingerprinter which determines the
     remote OS by open/closed port characteristics, banner matching and
     nmap fingerprinting techniques (T1, tcpoptions).

     The fingerprinter has been developerd to quickly (10mins) categorize
     hosts on a Class B network. Information sources are (amoung others)
     SNMP replies, telnetd (NVT) negotiation options, generic Banner
     Matching, HTTP-Server version, DCE request and tcp options. It is
     compatible to the nmap-os-fingerprints database and comes in addition
     to this with his own perl regex capable fingerprinting database
     (thcrut-os-fingerprints).

    The latest version is
    http://www.thc.org/download.php?t=r&f=thcrut-1.2.5.tar.gz

    Martin Mačok
    IT Security Consultant


  • Next message: Jeremiah Grossman: "WASC Releases Web Security Threat Classification"