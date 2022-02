evilscan

Nodejs Simple Network Scanner

Features

individual IP or IP range scan

individual port, ports list, or ports range

banner grabbing (not fully implemented, works with native verbose ports only)

IAC negotiation for telnet

reverse dns

geolocation information

stdout or json output

optional progress details (event based)

Install

npm install -g evilscan

Usage: in your code, using events only

const Evilscan = require ( 'evilscan' ); const options = { target: '127.0.0.1' , port: '21-23' , status: 'TROU' , banner: true }; const evilscan = new Evilscan(options); evilscan.on( 'result' , data => { console .log(data); }); evilscan.on( 'error' , err => { throw new Error (data.toString()); }); evilscan.on( 'done' , () => { }); evilscan.run();

Usage: in your code, using callback and events

const Evilscan = require ( 'evilscan' ); const options = { target: '127.0.0.1' , port: '21-23' , status: 'TROU' , banner: true }; new Evilscan(options, (err, scan) { if (err) { console .log(err); return ; } scan.on( 'result' , data => { console .log(data); }); scan.on( 'error' , err => { throw new Error (data.toString()); }); scan.on( 'done' , () => { }); scan.run(); });

Usage: command line

Usage: evilscan <fqdn|ipv4|cidr> [options]

Example:

evilscan 192.168 .0 .0 /24 --port=21-23,80

Options

ports specified default 512 T(timeout) R(refused) O( open , default ) U(unreachable) tcpconnect ( full connect , default ) tcpsyn (half opened, not yet implemented) udp ( not yet implemented) default 500 default 2000 default console

Samples output

Every ports on localhost, grab banner, display only opened ports

eviltik@debian:~# evilscan 127.0 .0 .1 --port=0-65535 --banner 127.0 .0 .1 |111||open 127.0 .0 .1 |53||open 127.0 .0 .1 |23|Debian GNU/Linux jessie/sid\r

debian login:|open 127.0 .0 .1 |5432||open 127.0 .0 .1 |27017||open 127.0 .0 .1 |28017||open 127.0 .0 .1 |35223||open 127.0 .0 .1 |35491||open 127.0 .0 .1 |39619||open done, 9 result(s)

Every ports on localhost, grab banner, display only opened ports, json output, progress status each seconds

eviltik@debian:~ { "_timeStart" : "N/A" , "_timeElapsed" : "N/A" , "_jobsTotal" :65535, "_jobsRunning" :0, "_jobsDone" :0, "_progress" :0, "_concurrency" :500, "_status" : "Starting" , "_message" : "Starting" } { "_timeStart" :1371245901876, "_timeElapsed" :1031, "_jobsTotal" :65535, "_jobsRunning" :500, "_jobsDone" :7638, "_progress" :11, "_concurrency" :500, "_status" : "Running" , "_message" : "Scanning 127.0.0.1:8138" } { "_timeStart" :1371245901876, "_timeElapsed" :2085, "_jobsTotal" :65535, "_jobsRunning" :500, "_jobsDone" :16137, "_progress" :24, "_concurrency" :500, "_status" : "Running" , "_message" : "Scanning 127.0.0.1:16637" } { "ip" : "127.0.0.1" , "port" :111, "status" : "open" } { "ip" : "127.0.0.1" , "port" :53, "status" : "open" } { "ip" : "127.0.0.1" , "port" :23, "banner" : "Debian GNU/Linux jessie/sid\\r\

debian login:" , "status" : "open" } { "ip" : "127.0.0.1" , "port" :5432, "status" : "open" } { "_timeStart" :1371245901876, "_timeElapsed" :3107, "_jobsTotal" :65535, "_jobsRunning" :500, "_jobsDone" :24656, "_progress" :37, "_concurrency" :500, "_status" : "Running" , "_message" : "Scanning 127.0.0.1:25156" } { "_timeStart" :1371245901876, "_timeElapsed" :4166, "_jobsTotal" :65535, "_jobsRunning" :500, "_jobsDone" :33166, "_progress" :50, "_concurrency" :500, "_status" : "Running" , "_message" : "Scanning 127.0.0.1:33666" } { "_timeStart" :1371245901876, "_timeElapsed" :5215, "_jobsTotal" :65535, "_jobsRunning" :500, "_jobsDone" :41664, "_progress" :63, "_concurrency" :500, "_status" : "Running" , "_message" : "Scanning 127.0.0.1:42164" } { "ip" : "127.0.0.1" , "port" :27017, "status" : "open" } { "ip" : "127.0.0.1" , "port" :28017, "status" : "open" } { "_timeStart" :1371245901876, "_timeElapsed" :6217, "_jobsTotal" :65535, "_jobsRunning" :500, "_jobsDone" :49682, "_progress" :75, "_concurrency" :500, "_status" : "Running" , "_message" : "Scanning 127.0.0.1:50182" } { "ip" : "127.0.0.1" , "port" :35491, "status" : "open" } { "ip" : "127.0.0.1" , "port" :35223, "status" : "open" } { "ip" : "127.0.0.1" , "port" :39619, "status" : "open" } { "_timeStart" :1371245901876, "_timeElapsed" :7234, "_jobsTotal" :65535, "_jobsRunning" :500, "_jobsDone" :57732, "_progress" :88, "_concurrency" :500, "_status" : "Running" , "_message" : "Scanning 127.0.0.1:58232" } { "_timeStart" :1371245901876, "_timeElapsed" :8182, "_jobsTotal" :65535, "_jobsRunning" :0, "_jobsDone" :65535, "_progress" :100, "_concurrency" :500, "_status" : "Finished" , "_message" : "Scanning 127.0.0.1:65535" }

Tips :

Concurrency and fast scan

By default, concurrency is 100. Which is slow when you are scanning large ip range or large port range. You can pass a bigger value using --concurrency option. 1000 is fast by example. On some linux, only 1024 opened sockets are allowed in the same time. To break this limit, you have to update ulimit parameter of your linux first :

ulimit -u unlimited

In all cases, due to #25, you will not be able to scan more than 16580355 ipv4 addresses at the moment.

Pause/unpause

You can pause/unpause a running scan by sending SIGUSR2 signal. First time it will pause the process, second time it will unpause it.