Free scanning software for linux

HTML::Tree::Scanning contains an article: "Scanning HTML".

SYNOPSIS

# This an article, not a module.

The following article by Sean M. Burke first appeared in The Perl Journal #19 and is copyright 2000 The Perl Journal. It appears courtesy of Jon Orwant and The Perl Journal. This document may be distributed under the same terms as Perl itself.

Scanning HTML

-- Sean M. Burke

In The Perl Journal issue 17, Ken MacFarlanes article "Parsing HTML with HTML::Parser" describes how the HTML::Parser module scans HTML source as a stream of start-tags, end-tags, text, comments, etc. In TPJ #18, my "Trees" article kicked around the idea of tree-shaped data structures. Now Ill try to tie it together, in a discussion of HTML trees.

The CPAN module HTML::TreeBuilder takes the tags that HTML::Parser picks out, and builds a parse tree -- a tree-shaped network of objects...

Footnote: And if you need a quick explanation of objects, see my TPJ17 article "A Users View of Object-Oriented Modules"; or go whole hog and get Damian Conways excellent book Object-Oriented Perl, from Manning Publications.

...representing the structured content of the HTML document. And once the document is parsed as a tree, youll find the common tasks of extracting data from that HTML document/tree to be quite straightforward.

Black List Scanning Bot (BLSB for short) checks the IP addresses of users connecting to your IRC server against DNS blacklist services such as Blitzed or Sorbs.
Black List Scanning Bot works like this, if a user matches a blacklist, that user is killed from your network.
Enhancements:
- Add support for lookup lists only without banning (D)
- Make sure we broadcast a message when we akill even if not in verbose (F)
- AKILL support (F)
- Reorder add command so name works. (M)
- Simplify command paths. (M)
- Initial Version. (F)

Login Scan fusion provides an adaptation theme from kdm fusion.

This is a adaptation of the theme for kde "fusion for GDM.

arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received.
It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details.
These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.
Enhancements:
- Support for Sun Solaris was added.
- This was tested on Solaris 9 (SPARC).
- The following new arp-fingerprint patterns were added for ARP fingerprinting: IOS 11.2, 11.3, and 12.4; ScreenOS 5.1, 5.2, 5.3, and 5.4; Cisco VPN Concentrator 4.7; AIX 4.3 and 5.3; Nortel Contivity 6.00 and 6.05; Cisco PIX 5.1, 5.2, 5.3, 6.0, 6.1, 6.2, 6.3, and 7.0.
- IEEE OUI and IAB MAC/Vendor files were updated.
- HSRP MAC address was added to mac-vendor.txt.

TN-GW-Scan is a scanner for scanning telnet proxies implemented using FWTK.

To install:

1) Check you have expect and telnet installed (expect and telnet packages under
GNU/Debian)
2) Make sure Tn-GW-Scan.exp is executable (chmod u+x Tn-GW-Scan.exp)

Nmap::Scanner is a Perl module to perform and manipulate nmap scans using perl.

SYNOPSIS

Perl extension for performing nmap (www.insecure.org/nmap) scans.

use Nmap::Scanner;

# Batch scan method

my $scanner = new Nmap::Scanner;
$scanner->tcp_syn_scan();
$scanner->add_scan_port(1-1024);
$scanner->add_scan_port(8080);
$scanner->guess_os();
$scanner->max_rtt_timeout(200);
$scanner->add_target(some.host.out.there.com.org);

# $results is an instance of Nmap::Scanner::Backend::Results
my $results = $scanner->scan();

# Print the results out as an well-formatted XML document
print $results->as_xml();

# Event scan method using *new* easier way to set scan options.

my $scanner = new Nmap::Scanner;
$scanner->register_scan_started_event(&scan_started);
$scanner->register_port_found_event(&port_found);
$scanner->scan(-sS -p 1-1024 -O --max-rtt-timeout 200 somehost.org.net.it);

sub scan_started {
my $self = shift;
my $host = shift;

my $hostname = $host->name();
my $addresses = join(,, map {$_->address()} $host->addresses());
my $status = $host->status();

print "$hostname ($addresses) is $statusn";
}

sub port_found {
my $self = shift;
my $host = shift;
my $port = shift;

my $name = $host->name();
my $addresses = join(,, map {$_->addr()} $host->addresses());

print "On host $name ($addresses), found ",
$port->state()," port ",
join(/,$port->protocol(),$port->portid()),"n";

}

This set of modules provides perl class wrappers for the network mapper (nmap) scanning tool (see http://www.insecure.org/nmap/). Using these modules, a developer, network administrator, or other techie can create perl routines or classes which can be used to automate and integrate nmap scans elegantly into new and existing perl scripts.

If you dont have nmap installed, you will need to download it BEFORE you can use these modules. Get it from http://www.insecure.org/nmap/. You will need nmap 3.10+ installed to use all the features of this module.

P3Scan is a full transparent proxy server for email clients. It runs on a Linux box with iptables (for port redirection).

P3Scan can be used to provide email scanning from the Internet to any internal network, and is ideal for helping to protect your "Other OS" LAN from harm, especially when used in conjunction with a firewall and other Internet proxy servers.

It is designed to enable scanning of incoming email messages for viruses, worms, trojans, spam, and harmful attachments. Because viewing HTML email can enable a spammer to validate an email address (via Web bugs), it can also provide HTML stripping.

You have to set up a port redirection with iptables so that all connections from e.g. inside your office to any POP3/POP3S/SMTP server outside in the world will not leave your router, but come to a local port, on which P3Scan listens.

P3Scan receives from the Linux kernel the original destination (the email server outside in the world) and will connect to them.

All data we receive from the client will be sent to the server, and vice versa. With a little enhancement: we parse the necessary parts of the protocol and when an email is sent from the server, we store it into a file, invoke our scanning, and send it along if it is good, or in the event of POP3/POP3S we replace it with a virus notification and optionally delete the infected message. For infected SMTP messages, we reject the message.

It should be possible to use all scanners using the scannertype=basic.

Also, P3Scan provides scannertype=avpd for high-speed scanning using Kaspersky Anti-Virus for Linux, every C programmer can easily adept other scan-daemons (trophie, sophie, antivir, ...).

Neither the client nor the server has to be configured, none of them will take notice that theres a mail scanner (except the client when he gets a virus notification or if he looks into the header, and the server gets our ip as source).

RogueScanner project is an open-source vulnerability management tool that is used to gain greater network visibility to enable you to quickly identify and remove rogue wireless devices that may provide a back door to access your critical data and infrastructure.

Considering that rogue access points and peers represent a major threat to data integrity, RogueScanner is a valuable tool that you can start using today at no cost.
More than 300 companies manufacture access points, and there are more than 10,000 different models of network infrastructure.

Companies thus face a major challenge in maintaining a system to track and identify all potential rogue wireless devices and in continually scanning the network to identify them. To address this challenge, Network Chemistry has made an open-source product available to help organizations begin to immediately scan their networks.

RogueScanner is available for use at no charge by organizations looking for a tool focused on device identification and rogue detection. RogueScanner leverages the Collaborative Device Classification system to automatically lookup and identify the device type and its identity in real time.

Whats New in This Release:

+ Reserved VLANs (1000 < VLAN < 1025) on Cisco devices are not queried.
+ Capture packets to trace.pcap and perform a hexdump of them in the log file
if DEBUG_PACKET is set (debug=0x01 or better).
+ Promiscuous mode testing is disabled unless ENABLE_SCAN_PROMISC is defined.
+ The switch/network scanning interval was bumped up to 24 hours.
+ Attribute data in the EvidenceMap wasnt being printed out correctly (always showed
up as "true") when issuing "device detail" commands in the CLI.
+ Ignore MACs in the bridge table that arent "learned" when querying switches.
+ *TAnalysisManager::LookupOrCreateDevice() will now refuse to create devices outside
"home_net" ranges, thus the IPs wont be scanned even if they are passively observed
on the local network.
+ Ignore our MAC address if a switch reports it to us.
+ Log timestamps are now in GMT.
+ Prevent duplicates in the "udp_ports" evidence by using AddEvidence() instead of
inserting into the EvidenceMap directly.
+ Manually invoke Rubys garbage collector after scanning a switch/router.
+ Added "packet queue size" CLI command to show how many packets are in the
AnalysisManagers packet queue.
+ If a device fails to be classified the classification will be retried automatically
in one minute.
+ All communication with the classification server is performed in a separate thread.
+ Keep ARP scanning from starving other threads for CPU time by introducing a delay
in addition to any that is added by bandwidth throttling.
+ Replaced internal ARP and routing table on WIN32 systems with functions from the
IPHelper API.
+ Added "device list size" command to show how many devices have been found.
+ Add read community strings from configured infrastructure devices to the list
of strings used when probing unknown devices.
+ Discard deferred scans if another scan of the same type is already deferred for
a device.
+ Added reporting of DHCP data.
+ If no scans are pending against a device, but a new port is found open then
submit the devices evidence.
+ Devices are re-scanned whenever a re-occuring ARP/Ping scan is launched.
+ Added "deferred list" CLI command to show scans that have been deferred.
+ Added "sniffer status" CLI command to report the number of packets that
have been received and dropped.
+ If we discover the IP of a device that we only knew about the MAC address for,
then issue scans against it.
+ If we see the MAC address associated with an IP change, then re-scan it since
its likely to be a different device.