NINJA PingU - An Open-source High Performance Network Scanner

NINJA PingU - An Open-source High Performance Network Scanner

NINJA PingU is a free open-source, high-performance network scanner for large-scale analyses.

It is designed with performance as its primary goal and developed as a framework to allow easy plugin integration.

It comes out of the box with a set of plugins for services analysis embedded devices identification and to spot backdoors.

How NINJA PingU Works

NINJA PingU takes advantage of raw sockets to reduce the three-way TCP handshake latency and it's state. Directly sending IP packets also avoids the TCP stack overhead.

It also implements non-blocking networking I/O in the plugin's interface by means of epoll. Each component is multi-threaded and they have built-in caches to minimize synchronization points. In addition, the results persistent operations are buffered to reduce disk writes.


  • 32764/TCP Backdoor Scanner Plugin:
Backdoor32764 is a plugin that can identify hosts affected by Backdoor32764 backdoor. You can run this plugin as follows.
# ./bin/npingu -t 2 -p 32764 -m Backdoor32764
  • Embedded Devices & Services Discoverage Plugin:
This plugin can be run by using the following command:
# ./bin/npingu -t 5 -p 80 -m Service
The [-t 5] sets the number of spotter threads, the [-p 80] specifies the targeted port, [-m Service] loads the service and embedded device identification plugin.

The following and several other devices are currently supported:
  • Network Cameras
  • Direct Digital Control Services
  • Smart TV Devices
  • Network Programmable Controllers
  • Printers
  • Solar Power Plants Management Devices
  • VoIP Conference Phones
  • Central Communication Devices
  • Measurement Control Data Logger Devices
  • GPS Devices
  • Network Multimedia Disks


NINJA PingU comes with all the necessary dependencies out of the box. The following platform is required, though.
  • GCC compiler
  • Linux box. Will not work neither on *BSD or Windows OS.
  • Root privileges (required to create raw socket descriptors)

To get pingu, you can run:
$ cd /tmp; wget; tar -xvf 
v1.0.1.tar.gz; cd NINJA-PingU-1.0.1/; ./


 # sudo ./bin/npingu [OPTIONS] targets

  -t    Number of sender threads.
  -p	Port scan range. For instance, 80 or 20-80.
  -d	Delay between packages sent (in usecs).
  -s	No service identification (less bandwith load, more hosts/time).
  -m	Module to run. For instance, Service.
  -h	Show this help.
  [targets] Ip address seed. For instance, 192.168.1. or
NINJA Pingu comes with a bash script to automate process compilation, operating system performance tuning, and enhanced user interface with terminator integration. It can be run by running the following command:
$ ./


  • Scanning some OVH servers:
# ./bin/npingu -t 3 -p 20-80 -d 1 -m Service

  -Targeted Hosts []
  -Targeted Port Range [20-80]
  -Threads [3]
  -Delay 1 usec
  -Use the Service identification Module
  • Scanning several google web servers:
# ./bin/npingu -t 5 -p 80 -s

  -Targeted Hosts []
  -Targeted Port [80]
  -Threads [5]
  -s synOnly scan
  • Scanning the 32764/TCP Backdoor:
# ./bin/npingu -t 2 -m Backdoor32764 -p 32764

  -Targeted Hosts []
  -Targeted Port [32764]
  -Threads [2]
  -Use the 32764/TCP Backdoor Module

No comments

Powered by Blogger.