Free scan software for linux

arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received.
It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details.
These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.
Enhancements:
- Support for Sun Solaris was added.
- This was tested on Solaris 9 (SPARC).
- The following new arp-fingerprint patterns were added for ARP fingerprinting: IOS 11.2, 11.3, and 12.4; ScreenOS 5.1, 5.2, 5.3, and 5.4; Cisco VPN Concentrator 4.7; AIX 4.3 and 5.3; Nortel Contivity 6.00 and 6.05; Cisco PIX 5.1, 5.2, 5.3, 6.0, 6.1, 6.2, 6.3, and 7.0.
- IEEE OUI and IAB MAC/Vendor files were updated.
- HSRP MAC address was added to mac-vendor.txt.

mdns-scan is a tool for scanning for mDNS/DNS-SD published services on the local network. mdns-scan issues a mDNS PTR query to the special RR _services._dns-sd._udp.local for retrieving a list of all currently registered services on the local link.
mdns-scan is not a good mDNS citizen since it queries continuously for services and doesnt implement features like Duplicate Suppression. It is intended for usage as a debugging tool only.
mdns-scan is incomplete since it doesnt resolve mDNS services for you - it just dumps their PTR RRs. To understand these records you need minimal knowledge of DNS-SD and how it works.
mdns-scan does not terminate on its own behalf. It scans for services continuously until the user kills it by pressing C-c.
mdns-scan does not rely on a local mDNS responder daemon. It has no dependencies besides the GNU libc. It has been tested on Linux only.
mdns-scan does NOT scan for local mDNS enabled hosts or A/AAAA RRs, it scans for DNS-SD registered services, nothing else.
Enhancements:
- Add man pages
- Improvements to the Debianization

AVScan is an AntiVirus scanner front end for ClamAV.

A front end for the Clam AntiVirus scanner using Endeavour Mark II. Features a scan list for frequently scanned locations, freshclam update support, and command line calling from Endeavour.

scanlogd is a TCP port scan detection tool, originally designed to illustrate various attacks an IDS developer has to deal with, for a Phrack Magazine article (see below). Thus, unlike some of the other port scan detection tools out there, scanlogd is designed to be totally safe to use.

This release of scanlogd can be built with support for one of several packet capture interfaces. In addition to the raw socket interface on Linux (which does not require any libraries), scanlogd is now aware of libnids and libpcap.

The use of libpcap alone is not a good idea. If youre on a system other than Linux and/or want to monitor the traffic of an entire network at once, you should be using libnids in order to handle fragmented IP packets.

Multiscan is a tcp port scanner for console which allows you to scan a range of IP addresses. Each IP address is pinged before it is scanned. It is also possible to scan just known ports, and to scan them in a random order. Feel free to send me a mail at coldn@gamearena.net

Installation:
Grab the package from http://sourceforge.net/projects/multiscan/
tar xzvf multiscan-X.X.tar.gz
cd multiscan-X.X
./configure
make
make install (optional)

proxyScan.pl is a Perl script for security penetration testing, to scan for hosts and ports through a Web proxy server.

Features include various HTTP methods such as GET, CONNECT, HEAD as well as host and port ranges.

Nmap::Scanner is a Perl module to perform and manipulate nmap scans using perl.

SYNOPSIS

Perl extension for performing nmap (www.insecure.org/nmap) scans.

use Nmap::Scanner;

# Batch scan method

my $scanner = new Nmap::Scanner;
$scanner->tcp_syn_scan();
$scanner->add_scan_port(1-1024);
$scanner->add_scan_port(8080);
$scanner->guess_os();
$scanner->max_rtt_timeout(200);
$scanner->add_target(some.host.out.there.com.org);

# $results is an instance of Nmap::Scanner::Backend::Results
my $results = $scanner->scan();

# Print the results out as an well-formatted XML document
print $results->as_xml();

# Event scan method using *new* easier way to set scan options.

my $scanner = new Nmap::Scanner;
$scanner->register_scan_started_event(&scan_started);
$scanner->register_port_found_event(&port_found);
$scanner->scan(-sS -p 1-1024 -O --max-rtt-timeout 200 somehost.org.net.it);

sub scan_started {
my $self = shift;
my $host = shift;

my $hostname = $host->name();
my $addresses = join(,, map {$_->address()} $host->addresses());
my $status = $host->status();

print "$hostname ($addresses) is $statusn";
}

sub port_found {
my $self = shift;
my $host = shift;
my $port = shift;

my $name = $host->name();
my $addresses = join(,, map {$_->addr()} $host->addresses());

print "On host $name ($addresses), found ",
$port->state()," port ",
join(/,$port->protocol(),$port->portid()),"n";

}

This set of modules provides perl class wrappers for the network mapper (nmap) scanning tool (see http://www.insecure.org/nmap/). Using these modules, a developer, network administrator, or other techie can create perl routines or classes which can be used to automate and integrate nmap scans elegantly into new and existing perl scripts.

If you dont have nmap installed, you will need to download it BEFORE you can use these modules. Get it from http://www.insecure.org/nmap/. You will need nmap 3.10+ installed to use all the features of this module.