[9130] in bugtraq
sscan 0.1 alpha release
daemon@ATHENA.MIT.EDU (johann sebastian bach)
Tue Jan 19 23:33:54 1999
Date: Tue, 19 Jan 1999 12:37:01 PST
Reply-To: johann sebastian bach <jsb4ch@HOTMAIL.COM>
From: johann sebastian bach <jsb4ch@HOTMAIL.COM>
To: BUGTRAQ@NETSPACE.ORG
hi, early june last year i emailed "mscan 1.0" to rootshell.com. i
didnt expect there to be such an explosion thereafter.. but almost all
the major security organizations released advisories about it, etc, and
to this day i get script kiddies on irc msg'ing me asking me why it wont
compile on such and such a box, asking me to add new vulnerability
checks, etc. at any rate, mscan 1.0 was the most disgusting mess of
code i've personally ever seen, so as repentance i have coded "sscan".
this tool is much more powerful than mscan, and has been created with
self-replication (integration into internet worms), configurability, and
expandibility in mind. a built in scripting language allows anyone with
*no* programming knowledge to add vulnerability checks in a matter of
seconds.
os detection is done with both tcp/ip stack id, and more traditional
methods as well...
the alpha release of sscan is available at:
http://bear.berkeleycs.ml.org/~jsbach/sscan.tar.gz
for now only linux (libc and glibc) are supported, but ports to other
OS's are underway... this tool will be much expanded, this is only a
prototype sorta th1ng...
please, * DO NOT POST SSCAN ON YOUR WEBSITE *, this is an alpha release,
wait for the 1.0 release, then mirror it to your hearts content. I'm
looking for feedback here.. email me at jsb4ch@hotmail.com. thanks!
p.s. this program is dedicated to wesley "silitek" walsh, thanks for
your support mang
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
