NINJA PingU - An Open-source High Performance Network Scanner

NINJA PingU - An Open-source High Performance Network Scanner

NINJA PingU is a free open-source, high-performance network scanner for large-scale analyses.

It is designed with performance as its primary goal and developed as a framework to allow easy plugin integration.

It comes out of the box with a set of plugins for services analysis embedded devices identification and to spot backdoors.



How NINJA PingU Works

NINJA PingU takes advantage of raw sockets to reduce the three-way TCP handshake latency and it's state. Directly sending IP packets also avoids the TCP stack overhead.


It also implements non-blocking networking I/O in the plugin's interface by means of epoll. Each component is multi-threaded and they have built-in caches to minimize synchronization points. In addition, the results persistent operations are buffered to reduce disk writes.

Plugins:

  • 32764/TCP Backdoor Scanner Plugin:
Backdoor32764 is a plugin that can identify hosts affected by Backdoor32764 backdoor. You can run this plugin as follows.
# ./bin/npingu -t 2 -p 32764 1.1.1.1-255.0.0.0 -m Backdoor32764
  • Embedded Devices & Services Discoverage Plugin:
This plugin can be run by using the following command:
# ./bin/npingu -t 5 -p 80 1.1.1.1-255.0.0.0 -m Service
The [-t 5] sets the number of spotter threads, the [-p 80] specifies the targeted port, [-m Service] loads the service and embedded device identification plugin.

The following and several other devices are currently supported:
  • Network Cameras
  • Direct Digital Control Services
  • Smart TV Devices
  • Network Programmable Controllers
  • Printers
  • Solar Power Plants Management Devices
  • VoIP Conference Phones
  • Central Communication Devices
  • Measurement Control Data Logger Devices
  • GPS Devices
  • Network Multimedia Disks

Requirements:

NINJA PingU comes with all the necessary dependencies out of the box. The following platform is required, though.
  • GCC compiler
  • Linux box. Will not work neither on *BSD or Windows OS.
  • Root privileges (required to create raw socket descriptors)

To get pingu, you can run:
$ cd /tmp; wget https://github.com/OWASP/NINJA-PingU/archive/v1.0.1.tar.gz; tar -xvf 
v1.0.1.tar.gz; cd NINJA-PingU-1.0.1/; ./npingu.sh

Usage:

 # sudo ./bin/npingu [OPTIONS] targets

  -t    Number of sender threads.
  -p	Port scan range. For instance, 80 or 20-80.
  -d	Delay between packages sent (in usecs).
  -s	No service identification (less bandwith load, more hosts/time).
  -m	Module to run. For instance, Service.
  -h	Show this help.
  [targets] Ip address seed. For instance, 192.168.1. or 1.1.1.1-255.0.0.0
NINJA Pingu comes with a bash script to automate process compilation, operating system performance tuning, and enhanced user interface with terminator integration. It can be run by running the following command:
$ ./npingu.sh

Examples:

  • Scanning some OVH servers:
# ./bin/npingu -t 3 -p 20-80 188.1.1.1-188.255.1.1 -d 1 -m Service

  -Targeted Hosts [188.165.83.148-188.255.83.148]
  -Targeted Port Range [20-80]
  -Threads [3]
  -Delay 1 usec
  -Use the Service identification Module
  • Scanning several google web servers:
# ./bin/npingu -t 5 -p 80 -s 74.125.0.0-74.125.255.255

  -Targeted Hosts [74.125.0.0-74.125.255.255]
  -Targeted Port [80]
  -Threads [5]
  -s synOnly scan
  • Scanning the 32764/TCP Backdoor:
# ./bin/npingu -t 2 1.1.1.1-255.1.1.1 -m Backdoor32764 -p 32764

  -Targeted Hosts [1.1.1.1-255.1.1.1]
  -Targeted Port [32764]
  -Threads [2]
  -Use the 32764/TCP Backdoor Module




No comments

Powered by Blogger.