/scandalous

Raw socket experimental port scanner in C. Meant to run on linux, to have fun writing your own scanning algorithms, understand low level TCP/UDP communication.

Primary LanguageC

scandalous - Port scanner in C.
--------------------------------------------------------------------------
Copyright (c) 2012, Bill Smartt
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.
3. Neither the name of this program nor the names of its contributors
   may be used to endorse or promote products derived from this software
   without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.

Port Scanning without expressed permission by the owner is illegal is some 
jurisdictions, and you should be aware of the law in your jurisdiction.  
Scandalous and it's development team can not be held responsible for your actions.
This tool is meant to be used in a morally and legally ground context, and you
do not have permission to use scandalous if it is used otherwise.  
--------------------------------------------------------------------------
Current version is 0.3.

This application is not ready for use, but is being actively developed.

Scandalous is a port scanner using the C programming language.  One difference it has from nmap is it isn't reliant on libpcap.  Scandalous uses it's own (barebones) network stack down to the ethernet layer, which is handled by the kernel.  The Linux 2.6.39.4 kernel's ethernet implementation does everything we need it to, as the protocol is much more straightforward in the context of port scanning.

Although cross-platform testing has not been proctored yet, Scandalous should work on anything with POSIX compliant.  Scandalous was developed for and on BackTrack Linux (5r1, gnome 32-bit).

*********
*WARNING*
*********
Scandalous uses iptables when run. Before messing with the tables, Scandalous backs up the current tables using `iptables-save`.  It then creates a new, very specific, rule to block only tcp RST packets directed at target_ip:port.  After the scanning process finishes, `iptables-restore` is used to restore the tables from the backups.   
Reason: The kernel gets confused by Scandalous' packets and will send RSTs out behind anything we do without telling it (which is everything we send).  This is because the kernel wants to manage TCP and we are circumnavigating it when we send packets over SOCKET_RAW.
--------------------------------------------------------------------------
I.  Command line arguments / How to run scandalous
-s:             specify the scantype.  The available scantypes are "TCPCONN", "SYN",
                "UDP", "FIN", "NULLSCAN", and "XMAS".
        ex.             ./scandalous -s NULLSCAN
        ex.             ./scandalous -s TCPCONN
        
-t:             specify the target IP.  The currently supported formats for IPs
                include lists of IPs seperated with commas ",", and "*" wildcards.
        ex.             ./scandalous -t 192.168.1.1,192.168.1.2,192.168.1.3
        ex.             ./scandalous -t 192.168.1.*
        ex.             ./scandalous -t 192.168.1.1
			note: ranges in the form "-" will be supported soon.
-i:             specify the network interface to use
        ex.             ./scandalous -i eth0
        ex.             ./scandalous -i lo
        ex.             ./scandalous -i wlan0
                notes: if not specified, scandalous will do it's best to find the
                interface you wanted.
--------------------------------------------------------------------------
II. Features
currently, the only supported scan type is a tcp stealth scan.  more to come!
--------------------------------------------------------------------------