While using it a few days ago it, some features of it and the lack of some others, gave me a nudge to write my own scanner. Go seemed like a good language for it, given it's amazing multithreading abilities and its easy to use standard library.
I called it grIP and it has a few somewhat unique, I think, features.
- Shuffled, not random, scanning. I wanted it to shuffle the whole list of IP-port combinations and scan them in parallel. Angry IP Scanner has random scanning (but not shuffled) which in theory is not good for scanning humongous IP ranges (being a GUI app) and it will also repeat some IPs. So, for example, scanning 254 random IPs on the 192.168.0.0/24 range will not scan all of the IPs because some will be chosen more than once. The main problem with making a shuffled scan is that when scanning ranges like the whole IPv4-port range, which is 281470681743360 ports, shuffling it properly is impossible. Even having to keep a single bit for every of these ports to remember whether it's been scanned or not would occupy 32GiB of RAM. So I chose to do a half-assed shuffle: I chose a random starting point on that range, I chose a somewhat random step size which is co-prime with the size of the range, and then step through the range using that step size until I reach again my starting point. With the two numbers being co-primes this method is guaranteed to visit every port exactly once before looping back to the starting point. On top of it every 1 million ports generated with this method are also buffered and truly shuffled to further improve the shuffle. So, not a perfectly shuffled scan, but it's shuffled and it uses very little RAM.
- One thread per port, not one thread per IP. Angry IP Scan uses one thread per IP, so if you are trying to scan 65354 ports in a 254 IP LAN, it will at best run 256 threads, and it's still quite slow. GrIP can use 3900 threads, at least on a Linux box. The 1 thread per IP that seems to be used by Angry IP Scanner doesn't seem to be an arbitrary limitation though, and it may even have it's uses. If you scan a single IP with many threads, it may fail to respond to some of your port checks and you may see less open ports than it really has. So keep that in mind when scanning with grIP.
- IPv6 support. Limited to single IPs but it's there. I tried to add support for IPv6 ranges, but it needs some datatypes to be reworked so I may do that in a future version if I need it or if someone requests it.
- Scan partitioning, for cooperative scans. You can split the ports to be scanned and do only part of the scan while other computers or other people do the other parts.
It's a console app that runs on Windows, Linux, Mac and the Raspberry Pi (well, any ARM Linux really). Similarly to Aperito, it uses a non standard style of command line arguments where the order matters and "-h" style arguments don't exist.
Some example commands:
- grip 192.168.0.1-192.168.0.254
Scans all ports in your LAN (if that's your range). - grip 80,20-25 192.168.0.1-192.168.0.254
Same range but only port 80 and ports 20 to 25. - grip 80,20-25 192.168.0.1/24
Same but CIDR notation. - grip 22,80 192.168.0.15 2a00:1450:4014:80e::200e
Port 22 and 80 on one IPv4 and one IPv6. - grip host=www.example.com
All ports on www.example.com. - grip 80-85 192.168.0.17 90-95 192.168.0.21-192.168.0.31
Ports 80 to 85 on one IP and ports 90 to 95 on a range of IPs. - grip sockets=2 192.168.0.1/24 timeout=100
All ports in your LAN but using only 2 instead of the default 100 sockets in parallel and with a 100ms timeout instead of the default 2000ms. The sockets and timeout parameters can go anywhere in the arguments. - grip 0.0.0.0/0 1/3 sockets=3900
grip 0.0.0.0/0 2/3 sockets=3900
grip 0.0.0.0/0 3/3 sockets=3900
Three commands, to be run on three separate computers, that cooperatively scan the whole IPv4 internet for any open ports using 3900 sockets each in parallel. It will still never finish but it's 3 times faster than doing it alone. :-) - grip 150.150.100.0/24 rdns
Scans a range and also shows the reverse DNS of any finds. Again, the "rdns" can go anywhere in the arguments. - grip 192.168.0./24 file=mylan.txt
Scans your LAN and appends the open ports found to mylan.txt.
Update: v1.0.1 Fixes a bug in Windows and some tiny details in the help page.
No comments:
Post a Comment