Unicornscan is a novel information gathering together with correlation engine built for together with past times members of the safety inquiry together with testing communities. It was designed to supply an engine that is Scalable, Accurate, Flexible, together with Efficient. It is released for the community to role nether the damage of the GPL license.
Benefits:
Unicornscan is an endeavor at a User-land Distributed TCP/IP stack. It is intended to supply a researcher a superior interface for introducing a stimulus into together with measurement a answer from a TCP/IP enabled device or network. Although it currently has hundreds of private features, a principal ready of abilities include:
- Asynchronous stateless TCP scanning alongside all variations of TCP Flags.
- Asynchronous stateless TCP banner grabbing
- Asynchronous protocol specific UDP Scanning (sending plenty of a signature to elicit a response).
- Active together with Passive remote OS, application, together with cistron identification past times analyzing responses.
- PCAP file logging together with filtering.
- Relational database output.
- Custom module support.
- Customized data-set views.
Unicornscan Help
root@kali: # unicornscan -h
unicornscan (version 0.4.7)
usage: unicornscan [options `b:B:cd:De:EFG:hHi:Ij:l:L:m:M:o:p:P:q:Qr:R:s:St:T:u:Uw:W:vVzZ:' ] X.X.X.X/YY:S-E
-b, --broken-crc *set broken crc sums on [T]ransport layer, [N]etwork layer, or both[TN]
-B, --source-port *set source port? or any the scan module expects equally a number
-c, --proc-duplicates procedure duplicate replies
-d, --delay-type *set delay type (numeric value, valid options are `1:tsc 2:gtod 3:sleep')
-D, --no-defpayload no default Payload, alone probe known protocols
-e, --enable-module *enable modules listed equally arguments (output together with study currently)
-E, --proc-errors for processing `non-open' responses (icmp errors, tcp rsts...)
-F, --try-frags
-G, --payload-group *payload grouping (numeric) for tcp/udp type payload choice (default all)
-h, --help help
-H, --do-dns resolve hostnames during the reporting phase
-i, --interface *interface name, similar eth0 or fxp1, non unremarkably required
-I, --immediate immediate mode, display things equally nosotros respect them
-j, --ignore-seq *ignore `A'll, 'R'eset sequence numbers for tcp header validation
-l, --logfile *write to this file non my terminal
-L, --packet-timeout *wait this long for packets to come upward dorsum (default vii secs)
-m, --mode *scan mode, tcp (syn) scan is default, U for udp T for tcp `sf' for tcp connect scan together with H5N1 for arp
for -mT y'all tin forcefulness out too specify tcp flags next the T similar -mTsFpU for example
that would post tcp syn packets alongside (NO Syn|FIN|NO Push|URG)
-M, --module-dir *directory modules are establish at (defaults to /usr/lib/unicornscan/modules)
-o, --format *format of what to display for replies, run across human page for format specification
-p, --ports global ports to scan, if non specified inward target options
-P, --pcap-filter *extra pcap filter string for reciever
-q, --covertness *covertness value from 0 to 255
-Q, --quiet dont role output to screen, its going somewhere else (a database say...)
-r, --pps *packets per minute (total, non per host, together with equally y'all become higher it gets less accurate)
-R, --repeats *repeat bundle scan north times
-s, --source-addr *source address for packets `r' for random
-S, --no-shuffle create non shuffle ports
-t, --ip-ttl *set TTL on sent packets equally inward 62 or 6-16 or r64-128
-T, --ip-tos *set TOS on sent packets
-u, --debug *debug mask
-U, --no-openclosed dont order opened upward or closed
-w, --safefile *write pcap file of recieved packets
-W, --fingerprint *OS fingerprint 0=cisco(def) 1=openbsd 2=WindowsXP 3=p0fsendsyn 4=FreeBSD 5=nmap
6=linux 7:strangetcp
-v, --verbose verbose (each fourth dimension to a greater extent than verbose hence -vvvvv is actually verbose)
-V, --version display version
-z, --sniff sniff alike
-Z, --drone-str *drone String
*: options alongside `*' require an declaration next themaddress ranges are cidr similar 1.2.3.4/8 for all of 1.?.?.?
if y'all omit the cidr mask together with hence /32 is implied
port ranges are similar 1-4096 alongside 53 alone scanning i port, a for all 65k together with p for 1-1024
example: unicornscan -i eth1 -Ir 160 -E 192.168.1.0/24:1-4000 gateway:a
root@kali: #
Unicornscan Usage Example
root@kali: # unicornscan -mTsf -Iv -r chiliad 192.168.0.102:a
adding 192.168.0.102/32 agency `TCPscan' ports `a' pps 1000
using interface(s) eth0
scaning 1.00e+00 full hosts alongside 6.55e+04 full packets, should get got a lilliputian longer than 1 Minutes, 12 Seconds
connected 192.168.103.227:23221 -> 192.168.0.102:445
TCP opened upward 192.168.0.102:445 ttl 128
connected 192.168.103.227:50006 -> 192.168.0.102:443
TCP opened upward 192.168.0.102:443 ttl 128
connected 192.168.103.227:54487 -> 192.168.0.102:161
TCP opened upward 192.168.0.102:161 ttl 128
connected 192.168.103.227:47765 -> 192.168.0.102:80
TCP opened upward 192.168.0.102:80 ttl 128
connected 192.168.103.227:4267 -> 192.168.0.102:1884
TCP opened upward 192.168.0.102:139 ttl 128
sender statistics 963.9 pps alongside 65536 packets sent total
listener statistics 131180 packets recieved 0 packets droped together with 0 interface drops
TCP opened upward http[ 80] from 192.168.0.102 ttl 128
TCP opened upward netbios-ssn[ 139] from 192.168.0.102 ttl 128
TCP opened upward snmp[ 161] from 192.168.0.102 ttl 128
TCP opened upward https[ 443] from 192.168.0.102 ttl 128
TCP opened upward microsoft-ds[ 445] from 192.168.0.102 ttl 128
root@kali: #
Source:
Buat lebih berguna, kongsi:
