Shulou(Shulou.com)06/01 Report--

Editor to share with you how to use Evilscan to scan the network under Linux, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Evilscan is a network scanner that runs in a NodeJS environment. There are many options that allow users to scan a single IP address or a range of IP. It also allows users to choose to scan a single port or a group of ports.

Environment

Centos8

Npm (Node package Manager)

Installation

Clone the repository from github. If the system does not have git and npm installed, you need to install it in advance:

[root@localhost ~] # yum-y install git npm [root@localhost ~] # git clone https://github.com/eviltik/evilscan.gitCloning into 'evilscan'...remote: Enumerating objects: 901, done.remote: Counting objects: 100% (178evilscan'...remote), done.remote: Compressing objects: 100% (124 MiB), done.remote: Total 901 (delta 88), reused 114 (delta 46), pack-reused 723Receiving objects: 100% (901 MiB 901), 12.97 MiB | 5.66 MiB/s Done.Resolving deltas: 100% (545amp 545), done.

Enter the evilscan working directory and install:

[root@localhost ~] # cd evilscan/ [root@localhost evilscan] # npm install-g evilscan/usr/local/bin/evilscan-> / usr/local/lib/node_modules/evilscan/bin/evilscan.js+ evilscan@1.8.0added 4 packages from 4 contributors in 6.476s usage

Use the following command to view help information for evilscan:

[root@localhost] # evilscan-- helpUsage: evilscan [options] Example: evilscan-- target=192.168.0.0/24-- port=21-23 you want to scan 80 options:-- port port (s) you want to scan, examples:-- port=80-- port=21,22-- port=21,22,23,5900-5900-- reverse display DNS reverse lookup-- reversevalid only display results having a valid reverse dns Except if ports specified-geo display geoip (free maxmind)-banner display grabbed banner when available-bannerraw display raw banner (as a JSON Buffer)-bannerlen grabbed banner length in bytes default 512-progress display progress indicator each seconds-status ports status wanted in results (example-status=OT) T (timeout) R (refused) O (open) Default) U (unreachable)-scan scan method tcpconnect (full connect, default) tcpsyn (half opened Not yet implemented) udp (not yet implemented)-- concurrency max number of simultaneous socket opened default 500-- timeout maximum number of milliseconds before closing the connection default 2000-- hugescan allow number of ip/port combinaison greater than 16580355 (i.e a / 24 network with port range 0-65535)-- display display result format (json,xml Console) default console-outfile dump result in a file-json shortcut for-display=json-xml shortcut for-display=xml-console shortcut for-display=console-help display help-about display about-version display version number

Use an example

Syntax:

Evilscan [options]

Scan ports 0-4000 on a host in the network, grab banner and display only the ports of open:

[root@localhost ~] # evilscan 192.168.0.10-- port=0-4000-- banner192.168.0.10 | 139 | | open 192.168.0.10 | 135 | | open 192. 168.0.10 | 110 | | open 192.168.0.10 | 25 | | open 192.168.0.10 | 445 | | open 192.168.0.10 | 2381 | | open 192.168.0.10 | 2301 | | open 192.168.0.10 | 3389 | | open

Scan ports 0-100 on a host in the network, grab banner, display only open ports, output in json format, and show progress status per second:

[root@localhost ~] # evilscan 192.168.0.13-- port=0-100-- banner-- isopen-- istimeout-- progress-- json {"_ timeStart": "jobsTotal A", "_ timeElapsed": "jobsTotal A", "_ jobsRunning": 0, "_ jobsDone": 0, "_ progress": 0, "_ concurrency": 500, "_ status": "Starting", "_ message": "Starting"} {"_ timeStart": 1628685339594, "_ timeElapsed": 999 "_ jobsTotal": 100,100,100,100,100,100,0,0,0,0,500,500,500,500,500,500, "status", "Running", "message": "Scanning 192.168.0.13jobsDone"} {"_ timeStart": 1628685339594, "_ timeElapsed": 2003, "_ jobsTotal": 100," _ jobsRunning ": 100," _ jobsDone": 0, "_ progress": 0, "_ concurrency": 500,500, "_ status": "Running" "_ message": "Scanning 192.168.0.13 port 100"} {"ip": "192.168.0.13", "port": 25, "status": "open"} {"ip": "192.168.0.13", "port": 22, "banner": "SSH-2.0-OpenSSH_7.9-hpn14v15\ r\ n", "status": "open"} {"ip": "192.168.0.13", "port": 80 "status": "open"} {"_ timeStart": 1628685339594, "_ timeElapsed": 2019, "_ jobsTotal": 2019, "_ jobsRunning": 0, "_ jobsDone": 100, "_ progress": 100, "_ concurrency": 500, "_ status": "Finished", "_ message": "Scanned 192.168.0.13 timeElapsed 80"}

Tip: the number of concurrency defaults to 100. If you want to scan a large range of ip/ ports, you can use the-- concurrency option (for example, 1000).

To break the limit of 1024 open sockets, update the limit parameters using the following command:

Ulimit-u unlimited above are all the contents of this article entitled "how to scan the Network with Evilscan in Linux". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.