Free scan hosts software for linux

LSF::Hosts is a Perl module to retrieve information about LSF hosts.

SYNOPSIS

use LSF::Hosts;
use LSF::Hosts RaiseError => 0, PrintError => 1, PrintOutput => 0;
($hinfo) = LSF::Hosts->new( [HOST_NAME] );
@hosts = LSF::Hosts->new();

LSF::Hosts is a wrapper arround the LSF bhosts command used to obtain information about lsf hosts. The hash keys of the object are LSF bhosts header values. See the bhosts man page for more information.

CONSTRUCTOR

new( [ [HOST_NAME] ] );

With a valid hostname, creates a new LSF::Hosts object. Without a hostname returns a list of LSF::Hosts objects for all the hosts in the system. Takes no arguments (jet).

BlockHosts is a script to record how many times "sshd" or "proftpd" is being attacked, and when a particular IP address exceeds a configured number of failed login attempts, that IP address is added to /etc/hosts.allow (or optionally to any other file).

Requires python version 2.3 at a minimum, and runs on Unix-like machines only.

The BlockHosts script is most suitable for home Linux users, who need to keep ssh/ftp ports open.

Blocks IP addresses based on SSH or FTP incoming login failures, by looking at SSHD and ProFTPD logs, and updating hosts.allow as needed.
If you are a Linux user running SSH server, it is likely that you have been probed by script kiddies, and your daily LogWatch emails will show 100-150 login attempts in a short interval, before they go away.

There is no option in OpenSSH to make it difficult to slow down repeated login attempts coming from one IP address -- logins occur at a pretty fast clip -- one attempt every few seconds.

For a home or small business linux user at least, it does not make sense to keep the door open for logins for so long. Use this script, and see the daily LogWatch email notifications now showing only 7-9 login attempts, and remote hosts start getting "Refused incoming connection" messages.

Then, reading the daily LogWatch emails is not terrifying at all, in fact, it may be fun to see these script kiddies get blocked!

- Be sure to acquaint yourself with material available on the web, related to security, and denial-of-service. In particular, see the discussion in the OpenSSH mailing list related to SSHD blocking and FAIL_DELAY:
- Make your sshd/proftpd configurations as tight as possible. For example, for sshd - turn off root logins (PermitRootLogin), use the AllowUsers keyword to only allow one or a select usernames to be accepted. As far as possible, try to avoid common usernames, make even the user names hard to guess. For ProFTPD, use /etc/ftpusers, which contains names of users that will not be allowed to use FTP, root should be in there.
- Last, but not least - always use strong passwords! That is the only real protection.

blockhosts.py scans system logs, and looks for failed login attempts. It keeps a record of the number of times a particular IP address had a failed login. When the count exceeds a configured value, that IP address is added to /etc/hosts.allow with a deny flag, so the next time that IP address attempts to connect to that box, they will get a refused connection message.

ICMPScan scans the specified address, or addresses, for ICMP responses.

Usage:

icmpscan [ -EPTSNMAIRcvbn ] [ -A address ] [ -f filename ] [ -i interface ] [ -r retries ] [ -t timeout ] target [...]

Options:

-i, --interface
Listen on the specified interface. If unspecified, icmpscan will examine the routing table and select the most appropriate interface for each target address.
-c, --promisc
Put in interface into promiscuous mode. As this option increases the load on the system in general, it should only be used if spoofing of source packets address is enabled with the "-A" option.
-A, --address
Specify the source IP address of generated packets.
-t, --timeout
Specify the timeout, in milli-seconds, before retrying.
-r, --retries
Specify the number of attempts to elicit a particular ICMP response.
-f, --file
Read target list from the specified file.
-E, -P, --echo, --ping
Check of ICMP Echo responses.
-T, -S, --timestamp
Check for ICMP Timestamp responses.
-N, -M, --netmask
Check for ICMP Netmask responses.
-I, --info
Check for ICMP Info responses.
-R, --router
Check for ICMP Router Solicitation responses.
-v, --verbose
Increase the output verbosity.
-B, --debug

Target Specification

The simplest case is listing single hostnames or IP addresses on the command line. If you want to scan a subnet of IP addresses, you can append /mask to the hostname or IP address. mask must be between 0 (scan the whole Internet) and 32 (scan the single host specified). Use /24 to scan a class "C" address and /16 for a class "B". There is also a more powerful notation which lets you specify an IP address using lists/ranges for each element. Thus you can scan the whole class "B" network 192.168.*.* by specifying "192.168.*.*" or "192.168.0-255.0-255" or even "192.168.1-50,51-255.1,2,3,4,5-255". And of course you can use the mask notation: "192.168.0.0/16". These are all equivalent. If you use asterisks ("*"), remember that most shells require you to escape them with back slashes or protect them with quotes.

Examples:

The following example checks the first 16 addresses in the 192.168.1.0/24 netblock for all ICMP responses. The scan speed is increased by lowering the timeout value and setting the number of retries to 1:

> icmpscan -t 500 -r 1 192.168.1.0-16
192.168.1.0: Echo (From 192.168.1.17!)
192.168.1.0: Address Mask [255.255.255.0] (From 192.168.1.17!)
192.168.1.7: Echo
192.168.1.7: Timestamp [0x03ab2db0, 0x02d4c507, 0x02d4c507]
192.168.1.7: Address Mask [255.255.255.0]
192.168.1.8: Echo
192.168.1.8: Address Mask [255.255.255.0]
To display failed probes, increase the output verbosity:

> icmpscan -v 192.168.1.1
192.168.1.1: -- No response to Echo request --
192.168.1.1: -- No response to Timestamp request --
192.168.1.1: -- No response to Netmask request --
192.168.1.1: -- No response to Info request --
192.168.1.1: -- No response to Router Solicitation request --
Individual ICMP types can be checked for by listing their corresponding flags on the command line:

> icmpscan -v --echo --netmask 192.168.1.7
192.168.1.7: Echo
192.168.1.7: Address Mask [255.255.255.0]

AVScan is an AntiVirus scanner front end for ClamAV.

A front end for the Clam AntiVirus scanner using Endeavour Mark II. Features a scan list for frequently scanned locations, freshclam update support, and command line calling from Endeavour.

mdns-scan is a tool for scanning for mDNS/DNS-SD published services on the local network. mdns-scan issues a mDNS PTR query to the special RR _services._dns-sd._udp.local for retrieving a list of all currently registered services on the local link.
mdns-scan is not a good mDNS citizen since it queries continuously for services and doesnt implement features like Duplicate Suppression. It is intended for usage as a debugging tool only.
mdns-scan is incomplete since it doesnt resolve mDNS services for you - it just dumps their PTR RRs. To understand these records you need minimal knowledge of DNS-SD and how it works.
mdns-scan does not terminate on its own behalf. It scans for services continuously until the user kills it by pressing C-c.
mdns-scan does not rely on a local mDNS responder daemon. It has no dependencies besides the GNU libc. It has been tested on Linux only.
mdns-scan does NOT scan for local mDNS enabled hosts or A/AAAA RRs, it scans for DNS-SD registered services, nothing else.
Enhancements:
- Add man pages
- Improvements to the Debianization

TN-GW-Scan is a scanner for scanning telnet proxies implemented using FWTK.

To install:

1) Check you have expect and telnet installed (expect and telnet packages under
GNU/Debian)
2) Make sure Tn-GW-Scan.exp is executable (chmod u+x Tn-GW-Scan.exp)

Sambascan2 is a small bash-script, which can scan for SMB-shares in a given Netz.
The project currently needs nmap, find, smbclient, sed and grep. If you know a less agressive way for scanning on port 139, please tell me, because I thing nmap is not so polite.
sambascan2 was only written to scan in public shares and not in private ones (this may change with the time).
It is possible, that the Share have a directory with other permissions than the one needed to access it. Check the permission of the wanted directory, and if Samba can access it as the public user.
Enhancements:
- This version adds the ability to scan password protected shares, using known logins and passwords for the host being scanned.

Simple scAnning Tool is a simple and fast network scanner. Simple scAnning Tool is used to identify network devices and services. The identification is based on recieved data such as banners.

Usage:

sat.py [options] < file_name/ip_range >
sat.py -r [-f < file >]
sat.py -u [-o < host:port >]
sat.py -h

Options:

-i scan ip range, example: 10.1.1.1-10.1.1.2,10.1.2.2
[default]
-t scan targets from file
-n scan targets from file with nmap grepable output format
(nmap switch -oG)
-p < port_range > port range to scan, example: 1-1024,3333,4000-5000 [default
23]
-T scan TCP ports rather then UDP [default]
-U scan UDP ports rather then TCP
-4 scan via IPv4 rather than IPv6 [default]
-6 scan via IPv6 rather than IPv4
-H < number > maximum number of threads [default 100]
-O < file_name > set the output file name [default sat.log]
-V verbose scan mode
-c < file > specify the config file [default sat.conf]
-l < file > specify the srules file [default sat.srules]
-r restore aborted scan
-f < file > specify the restore file [default sat.restore]
-u update srules file from the net
-o < host:port > set the HTTP/FTP proxy for updater
-v show programs version number and exit
-h show this help message and exit