X-Scan-v2.3 User Manual
1. System requirement: Windows 9x/NT4/2000
2. Introduction:
X-Scan is a general network vulnerabilities scanner for scanning network vulnerabilities for specific IP address scope or stand-alone computer by multi-threading method. Plug-ins are supportable and GUI or CUI programs are separately provided. The following items can be scanned: remote OS type and version detection based on TCP/IP stack(like nmap), standard port status and port BANNER information, SNMP information, CGI vulnerability, IIS vulnerability, RPC vulnerability, SSL vulnerability, SQL-SERVER, FTP-SERVER, SMTP-SERVER, POP3-SERVER, NT-SERVER weak user/password pair prob, NT server NETBIOS information, Register information, etc. The result will be saved in /log/ directory, whose index can be found in index_*.htm which can be browsed by a Web Browser. For the known vulnerabilities, the corresponding descriptions and solutions are provided. As to other vulnerabilities, please refer to "Document" and "Vulnerability engine" in www.xfocus.org.
3. Components:
xscan_gui.exe -- X-Scan for Windows 9x/NT4/2000 GUI main program
xscan.exe -- X-Scan for Windows 9x/NT4/2000 CUI main program
readme.txt -- X-Scan help text
oncrpc.dll -- OncRpc dynamic link library for RPC-plug-in
libeay32.dll -- SSL implementation dynamic link library for SSL-plug-in
/dat/language.ini -- multi-language database, language can be switched by setting "LANGUAGE\SELECTED"
/dat/config.ini -- user configuration file, being used to save scanning port list, scanning settings and the names of all dictionary files (including relative paths)
/dat/config.bak -- backup file of "/dat/config.ini", used to restore the default configuration
/dat/cgi.lst -- CGI vulnerabilities list
/dat/rpc.ini -- used to save RPC program name and vulnerabilities list
/dat/port.ini -- used to save all the known ports and their corresponding services
/dat/*_user.dic -- username dictionary file, used to search weak-password user
/dat/*_pass.dic -- password dictionary, used to search weak password
/dat/os.finger -- used to distinguish the OS fingerprinter utilized by remote computer OS detection
/plugin -- used to save all plug-ins (whose suffix is .xpn). Plug-ins can also be saved in other subdirectories which are in the same directory as xscan.exe, and the program will search them automatically.
Note: xscan_gui.exe & xscan.exe use the same plug-in and data file, but each will run independently.
4. Preparation:
X-Scan which is absolutely free can be executed immediately after being decompressed without registration and installation. Under Windows 98/NT 4.0, it's impossible to distinguish remote OS by TCP/IP stack fingerprinter. Under Windows 98, it has restricted Netbios and SNMP scanning function due to the OS limitation.
5. Attention:
1.When there's a too slow network connection, multithread scanning may bring local network block, resulting in connecting to network failure. Please adjust the corresponding thread number, or stop scanning CGI vulnerability at the time being. We suggest no cgi detection in large scope scanning, for there are so many cgi vulnerabilities, which would take you a lot of time.
2.Only under Windows 2000, SYN of port scan and the identification ability of passive host OS are available, simultaneously, the perview of administrator is required.
3.Dictionary shipped with X-Scan is a simple demo. To enhance cracking, you should improve the dictionary.
4.In the scanning process, press "<space>" to view the lines and scanning schedule, press "q" to save current data and exit, press "<ctrl+c>" to close the program compulsively.
6. Command line parameter description:
1.command format: xscan -host <start IP>[-<end IP>] <scanning items> [other options]
xscan -file <host list> < scanning items > [other options]
Explanations of scanning items are as follow:
-tracert : track path information;
-port : scan the common port status (customizing scanning port list by modifying
"PORT-SCAN-OPTIONS\PORT-LIST" in \dat\config.ini);
-snmp : scan SNMP information;
-rpc : scan RPC vulnerability;
-sql : scan SQL-Server weak password (setting user/password dictionary file by modifying \dat\config.ini);
-ftp : scan FTP weak (setting user/password dictionary file by modifying \dat\config.ini);
-ntpass : scan NT-Server weak password(setting user/password dictionary file by modifying \dat\config.ini);
-netbios : scan Netbios information;
-smtp : scan SMTP-Server vulnerability(setting user/password dictionary file by modifying \dat\config.ini);
-pop3 : scan POP3-Server weak password (setting user/password dictionary file by modifying \dat\config.ini);
-cgi : scan CGI vulnerability(setting coding scheme by modifying "CGI-ENCODE\encode_type" in \dat\config.ini);
-iis : scan IIS vulnerability(setting coding scheme by modifying "CGI-ENCODE\encode_type" in \dat\config.ini);
-bind : scan BIND vulnerability;
-finger : scan Finger vulnerability;
-sygate : scan sygate vulnerability;
-all : scan all the above items;
[other options] explanations:
-v: display verbose information;
-p: skip host when failed to ping;
-o: skip host when no opened port be found;
-t <thread_count[,host_count]>: specify the maximal thread count and host count, default is 100,10
* Meaning of coding scheme in HTTP requests:
1. Replace "GET" with "HEAD"
2. Replace "GET" with "POST"
3. Replace "GET" with "GET / HTTP/1.0\r\nHeader:"
4. Replace "GET" with "GET /[filename]?param=" (setting [filename] by modifying "CGI-ENCODE\encode4_index_file" in \dat\config.ini)
5. Replace "GET" with "GET %00"
6. Several "/" or "\"
7. Exchange of "/" and "\"
8. Replace "<space>" with "<Tab>"
Notes: the parameters can be used simultaneously when there's no confliction.
2.Exapmles:
xscan -host xxx.xxx.1.1-xxx.xxx.255.255 -all -p
Meaning: scan the vulnerabilities of all the hosts whose IP is between xxx.xxx.1.1-xxx.xxx.255.255, skip host when failed to ping;
xscan -host xxx.xxx.1.1-xxx.xxx.255.255 -port -ntpass -t 150 -o
Meaning: scan the standard port status and NT weak password user of all hosts whose IP is between xxx.xxx.1.1-xxx.xxx.255.255, skip host when no opened port be found. The max number of concurrent threads is 150;
xscan -file host.lst -port -cgi -t 200,5 -v -o
Meaning: scan the standard port status and CGI vulnerabilities of the hosts which is listed in "host.lst". The max number of concurrent threads is 200, and up to 5 hosts can be scanned simultaneously. Skip host when no opened port be found.
7. Plug-in Interface:
#define PLUGIN_PARAMS_0 0
#define PLUGIN_PARAMS_1 1
#define PLUGIN_PARAMS_101 101
#define PLUGIN_PARAMS_102 102
#define PLUGIN_PARAMS_103 103
#define PLUGIN_PARAMS_201 201
/*
- AlertUser()
-
* Function:
* form of string output:
* "[szHostName]: find [szVulnName] vulmerabilities-[szLine]"
* when szVlunName==NULL, form is as following:
* "[szHostName]: [szLine]"
*
* Parameters:
* IN szHostName - file name
* IN szVulnName - vulnerabilities name
* IN szLine - strings which will be inserted files
*
* Returned data:
* [nothing]
*
*/
typedef VOID (CALLBACK *PALERT_USER) (
char *szHostName,
char *szVulnName,
char *szL
q954238132
- 粉丝: 0
- 资源: 3
最新资源
- 基于QT实现的简单的停车场管理系统详细文档+全部资料+高分项目.zip
- 基于QT实现的银行管理系统详细文档+全部资料+高分项目.zip
- 基于QT实现的一个简单的个人网盘系统,分为好友操作和文件操作两部分。详细文档+全部资料+高分项目.zip
- 基于Qt实现的组态软件运行时系统原型详细文档+全部资料+高分项目.zip
- 基于Qt与MySQL的管理系统详细文档+全部资料+高分项目.zip
- 基于QT与C++的地铁自动售票系统详细文档+全部资料+高分项目.zip
- 基于Qt与C++开发的车载音乐播放系统详细文档+全部资料+高分项目.zip
- thinkphp6内核学生成绩管理系统源码 内附安装说明 站长亲测
- 基于粒子群的PMU优化配置 软件:MATLAB 介绍:电力系统PMU优化配置,为了使电力系统达到完全可观,以PMU配置数量最少为目标函数,运用粒子群算法进行优化处理,在IEEE30 39 57 118
- record_20241224_09_16_49.mp3
- Python实例-Python分块拆分txt文件中的数据
- Python实例-Python汇总各单位Excel档领料记录并加总每日领用次数
- Python实例-Python制作图形用户界面(GUI)让操作可视化
- mmexport1729869897900.jpg
- IMG_20241222_075106.jpg
- ThinkPHP5 MVC框架图书管理系统源码
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈