So get unicornscan from here :
http://unicornscan.org/ -- current version I could find is 0.4.7
you'll need some depenedencies
apt-get install flex bison
apt-get install libpcap0.8-dev libgeoip-dev libltdl3-dev libdumbnet1 libdumbnet-dev
* you may need texlive-extra-utils if you are on a headless system like slicehost or linode, otherwise it will bomb out when it tries to make the documentation :-(
apt-get install texlive-extra-utils
Fix up weird lib issues see at the bottom for where i got this:
blah@blah:$ sudo ln -s /usr/include/dumbnet.h /usr/include/dnet.h
blah@blah:$ for i in `find ./ -type f -exec grep -l 'ldnet' '{}' \;`; do sed -i bak -e 's/ldnet/ldumbnet/g' $i; done
apply this patch
https://www.pentoo.ch/pentoo/browser/portage/trunk/net-analyzer/unicornscan/files/unicornscan-0.4.7-configure.patch
./configure CFLAGS=-D_GNU_SOURCE
make
make install
after that it woud compile and run.
I did have to really crank down the pps to get it to actually run, default is 300 i had to use around 75-100
sudo unicornscan -m U -Ir 75 --show-errors -v externalrange.net/24
Lets test ...
host #1
sudo unicornscan -m U -Ir 75 -v 192.168.1.143
adding 192.168.1.143/32 mode `UDPscan' ports `7,9,11,13,17,19,20,37,39,42,49,52-54,65-71,81,111,161,123,136-170,514-518,630,631,636-640,650,653,921,1023-1030,1900,2048-2050,27900,27960,32767-32780,32831' pps 75
using interface(s) eth0
UDP open domain[ 53] from 192.168.1.143 ttl 50
UDP open netbios-ns[ 137] from 192.168.1.143 ttl 50
UDP open unknown[51468] from 192.168.1.143 ttl 50
msf auxiliary(udp_sweep) > run
[*] Sending 10 probes to 192.168.1.143->192.168.1.143 (1 hosts)
[*] Discovered NTP on 192.168.1.143:123 (NTP v4)
[*] Discovered NetBIOS on 192.168.1.143:137 (INEEDAFW01:<00>:U :INEEDAFW01:<03>:U :INEEDAFW01:<20>:U :__MSBROWSE__:<01>:G :WORKGROUP:<1d>:U :WORKGROUP:<1e>:G :WORKGROUP:<00>:G :00:00:00:00:00:00)
[*] Discovered DNS on 192.168.1.143:53 (BIND 9.4.2-P2)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
sudo nmap -sU 192.168.1.143
PORT STATE SERVICE
53/udp open domain
69/udp openfiltered tftp
123/udp open ntp
137/udp open netbios-ns
138/udp openfiltered netbios-dgm
*took approx 13 min for results
Host #2
sudo unicornscan -m U -Ir 75 -v 192.168.1.94
UDP open sunrpc[ 111] from 192.168.1.94 ttl 50
UDP open shilp[ 2049] from 192.168.1.94 ttl 50
msf auxiliary(udp_sweep) > run
[*] Sending 10 probes to 192.168.1.94->192.168.1.94 (1 hosts)
[*] Discovered Portmap on 192.168.1.94:111 (100000 v2 TCP(111), 100000 v2 UDP(111), 100024 v1 UDP(35483), 100024 v1 TCP(34855), 100003 v2 UDP(2049), 100003 v3 UDP(2049), 100003 v4 UDP(2049), 100021 v1 UDP(51021), 100021 v3 UDP(51021), 100021 v4 UDP(51021), 100003 v2 TCP(2049), 100003 v3 TCP(2049), 100003 v4 TCP(2049), 100021 v1 TCP(32771), 100021 v3 TCP(32771), 100021 v4 TCP(32771), 100005 v1 UDP(54730), 100005 v1 TCP(50729), 100005 v2 UDP(54730), 100005 v2 TCP(50729), 100005 v3 UDP(54730), 100005 v3 TCP(50729))
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
sudo nmap -sU 192.168.1.94 -v
PORT STATE SERVICE
111/udp open rpcbind
639/udp openfiltered unknown
2049/udp open nfs
*took approx 14 min
Quick notes:
unicornscan sucks for NTP, the metasploit udp_sweep is better even though the port is in the scan list it fails to locate NTP servers
you'll probably want to add some port to the /usr/local/etc/unicornscan/unicorn.conf file in the UDP section, namely 1434,1604,5093,& 523 to be consistent for what metasploit is sending probes for.
you may also want to update the ports list in the above folder to be les stupid as well.
In this case nmap gave consistent results, just took forever
compile stuff from here:
http://itbloggen.se/cs/blogs/olle_lindgren/archive/2009/01/08/unicornscan-on-ubuntu-8-10-intrepid-ibex.aspx?CommentPosted=true#commentmessage
http://geek00l.blogspot.com/2009/01/ubuntu-unicornscan-revisit.html
Installing Unicornscan on a current Ubuntu Distro
Langganan:
Posting Komentar (RSS)
0 komentar:
Posting Komentar