disftpsc 0.1 This is discftpsc tool. It is the tool for port scanning using distributed ftp bounce. The idea -------- Do you know what is "ftp bounce" method of port scanning? If not, read this: http://www.insecure.org/nmap/hobbit.ftpbounce.txt My idea is to scan each port of the target machine with another ftp proxy. This way I hope to stay undetected by the victim. How to use it ------------- First you have to collect the list of misconfigured ftp servers which you will use as proxy. You can do this in two steps: first you find machines that have their 21 port open: # nmap -sS -PS23 -iR 0 -p 23 Then create a file ip_open_21.txt with a list of IP addresses you found (look at the file "ip_open_21-example.txt"). Then check which of that addresses are vulnerable to ftp bounce: ./test_ip-main.pl < ip_open_21.txt This tool will check that addresses (in parallel) are vulnerable. Each parallel process will create his own logfile. That logs are called "LOG-process_id". Look at that logs and find lines like: 66.66.66.66 is working: 1 It means that machine 66.66.66.66 can be used as proxy for ftp bounce. Now create file called "ip" with a list of ip addresses (look at the file "ip.example"). Now you can do scanning. In order to scan ports 80..85 of machine 66.249.93.99 issue a command: ./ftp_bounce.pl 66.249.93.99 '80 81 82 83 84 85' ip In output look for lines like: 66.249.93.99:81 is open: 0 tested with 128.2.121.156 or: 66.249.93.99:81 is open: 1 tested with 128.2.121.156 It means that port 81 of machine 66.249.93.99 is close (open: 0) or opened (open: 1), according to the proxy 128.2.121.156. BUGS, TODO ---------- Now tool does not work in parallel. Thus it works really slowly. It is also - as you can see - rather uncomfortable to use. Actually, I don't care too much about it. I trat it rather as a proof of concept alpha version. Maybe some day I will improve it, or maybe not. If you think it is worth something, drop me an email, so I know it makes sense to put my time and energy into it. QUESTIONS, COMMENTS ------------------- If you have any questions or comments, don't hesitate to contact me: http://www.rozrywka.jawsieci.pl/materialy/dane_EN.html