Footprinting and scanning tools

This is a selection of footprinting and scanning tools you may wish to install in your MIS Lab machine in order to do the course assignments. You should be very careful in using these tools outside of the Lab. Network administrators do not take lightly the probing of their networks and may respond aggressively to your attempts to gain information about them by using some of these tools. Please note that I am emphasizing Windows tools, but we will see Linux/UNIX tools later.

---

1. CyberKit

   Start by downloading CyberKit from this Web site and install it. CyberKit is a graphical tool and will let you do the following:
   
   • whois (under WhoIs), as shown in class.
   • single ping (under Ping) and ping sweep (under NetScanner, ping addresses).
   • traceroute (under TraceRoute), as shown in class.
   • port scanning (under NetScanner, ScanPorts as shown here.
   CyberKit is best used for simple ping, whois and traceroute, while is not as fast as other tools for ping sweep and port scanning.

2. Sam Spade

   Download Sam Spade from this web site and install it. Sam Spade is also a graphical tool which allows you to do DNS interrogation and many other things. The features which make Sam Spade a key security tool are:
   
   • Advanced DNS - DIG tool requests all the DNS records for a host or domain
   • Zone Transfer - ask a DNS server for all it knows about a domain
   • SMTP Relay Check - check whether a mail server allows third party relaying
   • Scan Addresses - scan a range of IP addresses looking for open ports
   • Crawl Web site - search a Web site, looking for email addresses, offsite links, download a Web site
   • Search IP block - finds the IP block for an organization
   Sam Spade also does whois, traceroute, finger and dns lookup like CyberKit.

3. Pinger

   Download Pinger from its ftp location and install it. Pinger is a very fast ping sweeper as shown in class. Once you obtain the IP block of the target organization, you use pinger to see what hosts are active.



4. SuperScan

   Download SuperScan from its new location and install it. SuperScan allows you to scan a range of IP addresses and do TCP port scanning. It can check all ports, or the ones you select. It is a very fast and powerful tool. Once you obtain the active hosts using Pinger you can cut in the time SuperScan will find which ones have active ports.



5. WUPS

   Download WUPS from its Web site and install it. WUPS allows you to check UDP ports, to complement your study of hosts with active ports (TCP plus UDP). WUPS can only do one host at a time, but you can also select what ports to look for. You can see here a list of TCP and UDP ports, but be aware that hackers have been using some unnamed ports for Trojans, backdoors, etc.



6. Active Ports

   Active Ports is a free tool for Windows NT/2000/XP that enables you to monitor all open TCP and UDP ports on the local computer. You can download it from the Smartline free download site. As you can see in this image it shows not only the open ports, but also what application in your PC is linked to the open ports. If a connection is established with a remote host you can see the remote host IP number. Active Ports is not a Intrusion Detection System, but provides a picture of is going on in your computer regarding to ports.

We will see, later in the course, how to set IDS and firewall software to attempt to protect your hosts. But, if you cannot wait you can use for your home computers and workstations an individual, free, firewall: ZoneAlarm. Please note that the free version is only for personal and not for profit use, but the commercial (Plus) version is also not expensive at $40. Finally, you can also have free Anti-virus software from Avast.