SuperScan

 < Day Day Up > 



SuperScan is another graphical Windows scanning tool. Unlike NetScanTools, this tool is freely available from Foundstone Security Consultants at http://www.foundstone.com/resources/scanning.htm. As of version 4.0, it can now scan both UDP and TCP ports as well as gather an additional wealth of system identification information. However, the added functionality now limits the running of SuperScan to more recent Windows operating systems; SuperScan 4.0 will not run on Windows 95 or 98.

Implementation

The layout of the SuperScan user interface (shown in Figure 4-7) has greatly changed since version 3.0. Version 4.0 uses tabs to separate its new and improved functions and configuration areas. You can use SuperScan to perform port scans, retrieve general network information such as name lookups and traceroutes, and enumerate Windows host information such as users, groups, and services. It has many of the same features as NetScanTools without the cost.

click to expand
Figure 4-7: SuperScan startup screen

Configuring Scans

Your scan can be configured in the Host and Service Discovery and Scan Options tabs. The Scan Options tab lets you control such things as name resolution and banner grabbing. In the Host and Service Discovery tab, you can set up your host discovery method as well as the ports you want to scan. You can also adjust scan types as well as timeouts. Figure 4-8 shows a configuration for a TCP only scan of the first 1023 ports.

click to expand
Figure 4-8: Host and Service Discovery

Tip 

SuperScan has four different ICMP host discovery methods available. This is useful, because while a firewall may block ICMP echo requests, it may not block other ICMP packets such as timestamp requests. SuperScan gives you the potential to discover more hosts.

In Figure 4-8, we’ve specified a SYN scan, which provides a minimal amount of stealth, as we saw back in the nmap section. Also notice that we’ve specified to use a static source port of 80. As you’ll see in Chapter 13, stateless firewalls will often have rules that will allow traffic with a source port of a popular service such as HTTP. By running our port scan with a source port of 80, we would be able to pass through those firewalls.

Tip 

SuperScan comes with a default port list for the most common UDP and TCP ports. You can click the Restore Defaults button at any time to reload that default port list.

Additional Tools

In addition to the port scanning tool, SuperScan’s Tools tab includes a number of tools you can use for performing general network queries. For example, you can use it to grab the banner on a web server directly using the HTTP GET Request button, as shown in the following illustration.

click to expand

The Windows Enumeration tab is one of SuperScan’s most powerful features. Armed with an Administrator account and a list of registry keys (configurable from the Options button on the Windows Enumeration tab), SuperScan can obtain much of the same information as the tools discussed in Chapter 6. Bundling these tools with a port scanner makes SuperScan a handy weapon in your arsenal.

Running the Port Scan and Getting Results

Let’s go back to the Scan tab and start a port scan. We first need to identify a target for our scan. When specifying IP addresses to scan, you can specify individual hostnames and IPs in the Hostname/IP box, a range of IPs in the Start IP and End IP boxes, or a file containing IP addresses. SuperScan will parse the file for IP addresses and add any that it finds to its scan list. This is great for loading IPs from a system’s hosts file or log file.

We want to perform a port scan on a Linux box (192.168.1.50) and a Windows box (192.168.1.102) using SuperScan’s default port list. We can start, stop, and pause the scan using the buttons in the bottom left corner of the Scan tab. The setup for this scan and the scan results are shown in Figure 4-9.

click to expand
Figure 4-9: Performing a scan

In the middle window, you see a summary of the hosts and ports discovered on each system. The bottom window provides a detailed log of SuperScan’s progress. To view a full report, click the View HTML Results button. You’ll see a report similar to the one shown in Figure 4-10.

click to expand
Figure 4-10: SuperScan report

The report provides a port summary with hyperlinks for connecting to certain ports (such as FTP, TELNET, and HTTP) and a detailed port listing including banners obtained from each port. In Figure 4-10, you can see that SuperScan was able to obtain the type and version of FTP server running on 192.168.1.50 as well as an anonymous login. On the Windows side, SuperScan was able to obtain the system’s Media Access Control (MAC) address, network interface card (NIC) vendor, and NetBIOS name table—a very nice feature.

Note 

As mentioned in Chapter 6’s discussion of MAC addresses, NIC vendors each have a unique identifier that makes up the first six digits of a NIC’s MAC address. SuperScan is able to examine that MAC address and determine the NIC’s vendor using a mapping table.

As far as stealth is concerned, this program, too, leaves a rather large footprint in the logs, even in SYN scan mode. Also, when performing banner grabbing, there’s no way to keep activity from being logged. It’s a necessary evil if you want to know exactly what’s running on those ports you’re scanning.

Tip 

Unlike Unix systems that have TCP wrappers (inetd or xinetd) managing most of their services and logging connection attempts, Windows systems don’t natively log connect() attempts on ports. Individual services (such as IIS on port 80) might log your connection, but there’s no default system in place for logging this kind of activity in the event log. A thorough scan of a Windows box has a better chance of going undetected, unless an IDS is stationed on the Windows host’s network.

With a brand new assortment of bundled tools and with improved scanning options, banner grabbing capabilities, and interface usability, SuperScan is a must-have for your Windows tool kit.



 < Day Day Up > 



Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2004
Pages: 189

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net