eviltik / evilscan Goto Github PK

Having issue with the scan speed, tried on 4 different servers, but the story is the same,
Sample: evilscan xx.xxx.xx.0/24 --port=1-10000 --concurrency 5000 --progress
every 1% takes about 2 minutes to scan, --concurrency value doesn't seem to have any effect on the speed.
Tried "ulimit -u unlimited" command, with no positive result either.

Try to detect socks proxy when scanning.

Something like

cat myIpList.txt | evilscan --ports=21

I receive this error if I try to use evilscan as module with a target different than a valid IP/Network address:

var evilscan = require('evilscan'),
                options = {
                    target: 'fhjgfjhfhf',
                    port: 22,
                    status: 'TROU',
                    banner: true,
                    display: 'json'
                },
                scanner = new evilscan(options);

scanner.run();

node_modules/evilscan/main.js:390
this.q.run();
^

TypeError: Cannot read property 'run' of undefined

Reports options to generate PDF (HTML ?) reports for the scan session.

--raw

JSON.stringify the Buffer object of the banner

A port scan reports closed ports as 'close', rather than 'closed'

Hi there,

I tried to run the scanner in a continuous way - by re-starting the scan (via scanner.run() ) within the "done" callback.

However, it seams the module is only made for a single scan, all subsequent calls of scanner.run() result in an immediate call of the "done" callback without having run a scan.

When I reinitialize the evilscan module for every new round, I run into another problem which gives the following output after 11 rounds:

(node) warning: possible EventEmitter memory leak detected. 11 SIGUSR2 listeners                                     added. Use emitter.setMaxListeners() to increase limit.
Trace
    at process.addListener (events.js:239:17)

After a few more rounds even the reinstantiation of the evilscan module is not working anymore (Does not scan anymore and throws the "done" callback immediately )

Any ideas on how to overcome this? :-)

I'm running it on a RPI2:

Linux rpi2 4.1.13-v7+ #826 SMP PREEMPT Fri Nov 13 20:19:03 GMT 2015 armv7l GNU/Linux

By default, banner length is 150 chars.

Implement --banner=XX were XX is the maximum length of the grabbed banner

--banner will output banner in result when available

Ascii only, unicode chars translation, limited at 150 chars for the moment.

Tired to wait without knowing of the process is not stalled.

--progress

Will show where the process is every seconds, with that format:

_timeStart:1370884852498,
_timeElapsed:1000,
_jobsTotal:98295,
_jobsRunning:800,
_jobsDone:7,
_progress:0,
_concurrency:800,
_status:"Running",
_message:"Scanned 122.99.128.254:21"

Hi, I'm adding Evilscan to my VoIP security tool (https://github.com/jesusprubio/bluebox-ng) but I've a problem running the provided example of use included in the README.

$ node scan.js
/usr/lib/node_modules/evilscan/main.js:39
cb(self);

It's curious because in the command line It's working ok for me:
$ evilscan 192.168.122.59 --port=21,22,23,80,5060.5065
192.168.122.59|5060|open
192.168.122.59|22|open

Any idea please? :)

What am I doing wrong?
I installed it into my node project.

I'm getting this strange error when running the script from another script
TypeError: Cannot read property 'concurrency' of undefined at evilscan.init (/home/lluiscab/electron-boilerplate-master/boilerplate/node_modules/evilscan/main.js:189:36) at /home/lluiscab/electron-boilerplate-master/boilerplate/node_modules/evilscan/main.js:35:18

My settings
`var scanner = new evilscan({
target: conf.get('server.ip') + '/' + conf.get('server.mask'),
port: conf.get('server.port'),
status:'O',
concurrency: 50
});

		scanner.on('result',function(data) {
			console.log(data);
		});
		
		scanner.on('error',function(err) {
			throw new Error(data.toString());
		});
		
		scanner.on('done', function() {
			scanning = false;
		});`
	`

Hello,
I want to grab HTTP responses via banner but it couldnt give me these responses. Is there any bug or missing implementation?

And could we give different timeout for banner grabbing?

Thanks

Hi ,
Thanks for the great work !! could you tell me how to scan the ip addresses ? I can see that you are scanning ports in your Readme . what if i want to scan ips ?

Thanks

globally installed evilscan --version does not work because you want to read package.json but it should be psuedo: __dirname package.sjon

line 179: var package = JSON.parse(fs.readFileSync('package.json'));

Actualy, cidr is supported, i.e we can

evilscan 192.168.0.0/24 --port=21

Should be great we can support ip range but not cidr, i.e

evilscan 192.168.0.10-192.168.0.20 --port=21

Hi,
When I tried running:
evilscan xxx.xx.xxx.xxx --port=80 --banner

I get the following:

/usr/local/lib/node_modules/evilscan/bin/evilscan.js:14
let scan = new evilscan(options);
^^^

SyntaxError: Block-scoped declarations (let, const, function, class) not yet supported outside strict mode
at exports.runInThisContext (vm.js:53:16)
at Module._compile (module.js:374:25)
at Object.Module._extensions..js (module.js:417:10)
at Module.load (module.js:344:32)
at Function.Module._load (module.js:301:12)
at Function.Module.runMain (module.js:442:10)
at startup (node.js:136:18)
at node.js:966:3

Sometimes it finds my device, sometimes it doesn't... very intermittent from scan to scan.
Is the device doing something that could be causing this?

implement --help !

kill SIGUSR1 one time will pause the process
kill SIGUSR1 one more time will unpause it

In a first time, "tcpconnect" subclass was tested.

Now time to switch to "evliscan" main class testing.

Something like

evilscan --fileport=/path/to/port.list.txt

port.list.txt will basicaly contains something like

21-23
8080

Seem's SIGUSR1 is reserved by nodejs itself for debugging purpose.

Let's use SIGUSR2.

Support one or more socks proxy for a scanning session

socks v5 first

Something like

evilscan --filehost=/path/to/ip.list.txt

ip.list.txt will basicaly contains something like

192.168.0.10 - 192.168.0.20
192.168.0.254
10.34.100.0/24

i have an error with evilscan by scaner all multi IP.

JavaScript heap out of memory.

how to set config time start Separated by a period of time

to be more readable ...

Need to develop an agent. But .. eval is evil isn't it ?

Perhaps more related to evilprobe project.

Long term.

net.createConnection got allowHalfOpen option ! cool ! it's evil !!

Atm (<0.0.6), only pure tcp connect is supported.

The code is a big shit, need to be completely refactored.

The scanner must be used as a standard nodejs lib pff !!

When i send the command:

evilscan 192.168.1.0/24

it returns me all the hosts from 192.168.1.1 to 192.168.1.255 ... what am i doing wrong? I'm on windows 10.

--geo

Will add country/city/longitude/latitude in the output

Rewrite everything with ES6 syntax and class

Of course, this package is deprecated. Should be replaced with minimist in v2.

have you guys ever meet this error when running CLI ?

$ evilscan 192.168.1.0/24 --port=8080

then error happend:

(libuv) Failed to create kqueue (24)

events.js:72
        throw er; // Unhandled 'error' event
              ^
Error: write EBADF
    at errnoException (net.js:901:11)
    at WriteStream.Socket._write (net.js:643:26)
    at doWrite (_stream_writable.js:219:10)
    at writeOrBuffer (_stream_writable.js:209:5)
    at WriteStream.Writable.write (_stream_writable.js:180:11)
    at WriteStream.Socket.write (net.js:613:40)
    at null.<anonymous> (/usr/local/lib/node_modules/evilscan/bin/evilscan.js:19:28)
    at EventEmitter.emit (events.js:95:17)
    at /usr/local/lib/node_modules/evilscan/main.js:377:18
    at /usr/local/lib/node_modules/evilscan/node_modules/async/lib/async.js:229:13

node version: v0.10.12
npm version: 1.2.32
evilscan version: lastest (0.0.9)

es-test\node_modules\evilscan\main.js:388
    this.q.run();
          ^
TypeError: Cannot read property 'run' of undefined
    at evilscan.run (es-test\node_modules\evilscan\main.js:388:11)

I ran into this using the test code provided in README.md. Curiously enough I can run the cli tool installed through npm install -g evilscan.

$ evilscan 127.0.0.1 --port=80

127.0.0.1|80|open

From some light troubleshooting, it looks like the async.series callback from options.parse never executes, so self.init from main.js is never executed, so this.q is never defined.

tests are ok, push that on npm, sorry for delay

• --console format (stdout output, stderr for progress infos, pipe separator) is partialy implemented
• --json is actualy fully implemented

Wondering more options like :
--screen (like the spec output of mocha)
--xml (if i really had nothing to do ...)

option --whoami will produce, when possible, what is behind an opened port.Example

{iam:"socks proxy"}. 
{iam:"http server"}. 
{iam:"tor proxy"}. 

The lookup will be first based on the IANA official port list, then, have to go deeper in the scan and test different protocol ..

Not a little thing. Wondering if this job should be more related to another hypothetical tool. i.e

root@debian~# evilscan 192.168.0/14 --port=0-65535 --json | evilsomething --json
{"ip":"192.168.1.254","port":"80","iam":"http server"}

If you specify something like 192.0.0.0/8, you will be alert that to many ip addr will be scanned and the scan will not run. You are suppose to override this using --hugescan option. But 2 things append :

• the option will not bypass the warning
• after fix the typo, i saw that something bad append:

FATAL ERROR: JS Allocation failed - process out of memory

I have to investigate more and play with qjobs to see if i can allow large scan

For the moment, let's remove --hugescan option, which don't have any effect finaly.

Most often, a telnet give a banner before it ask you something. It's implemented.

For HTTP ports and many others ports, you have to say something before having a banner. It's not yet implemented. Banners are empty for non-verbose-before-you-speak ports.

Hilarious by the way:

Speaking of crazy people... any tips on how to fan out from the user's current IP based on a a rule?
Like I'd like to scan the network to a particular point... but having trouble understanding what to feed it.

For instance, I'd love to take the 3rd octet up and down 20 numbers or so and limit it to that?

Actualy, when ports are specified, and geo and/or reverse option, geo and dns resolver are running for each port, it's overkill. Let's cache geo/reverse result for each IP

http://www.laynetworks.com/telnet.htm