Tool: Super Scan - Port scanner

SuperScan is a powerful connect-based TCP port scanner, pinger and hostname resolver. Released by Foundstone, its multithreaded and asynchronous techniques make this program extremely fast and versatile. SuperScan can do ping sweeps and scan any IP range. The attacker can also compile a list of target IP as a text file and use SuperScan to extract this list for scanning. The visual interface allows the attacker to view responses from connected hosts. The built in editor allows manipulation of port list and port descriptions. The advantage is that certain ports can be skipped as the ping results can be analyzed before hand to make the scan faster. The tool can be used to connect to any discovered open port using user-specified "helper" applications and then assign a custom helper application to any port. The attacker can also choose to save the scan list to a text file for future reference. The scan can be done slowly as well by controlling the transmission speed.

  

On the windows platform, Superscan does a very good job of swiftly looking for open ports. However, it does not give additional information such as if the port is closed, open, or filtered. Nmap is the better scanner for more detailed information, or when the attacker wants to use more advanced scanning techniques - for now SuperScan detects common ports.

  

Readers should note that the term "attacker" is used here, as these are the tools you might see being used over the Internet for unauthorized access. From a penetration tester's viewpoint, these very tools can be used to test the network as well as assist in doing reconnaissance about the attacker. In our example here, we find additional information on TCP ports that were not listed by NetScan Tools - we find a port with pcAnywhere data connection. This is good news to an attacker as he has to just get one point of access into the target system. Let us look at the data we have obtained here.

* + 64.3x.3x.xxx    xxxxxx.com
      |___    25   Simple Mail Transfer
             |___  220 X1 NT-ESMTP Server xxxxxx.com (IMail 5.05 111734-1)..
      |___    80   World Wide Web HTTP
             |___   HTTP/1.1  200  OK..Server:  Microsoft-IIS/4.0..Cache-Control:
no-cache..Expires: Mon, 21 Apr 2003 05:02:42 GMT..Content-Location:
      |___    110  Post Office Protocol - Version 3
             |___  +OK X1 NT-POP3 Server xxxxxx.com (IMail 5.08 228329-2)..
      |___    135  DCE endpoint resolution |__   139 NET BIOS Session Service
      |___    143  Internet Message Access Protocol
             |___  * OK IMAP4 Server (IMail 5.09)..
      |___  1032   BBN IAD
      |___  5631   pc ANYWHERE data
      |___  5800   Virtual Network Computing server
      |___  5900   Virtual Network Computing server
             |___ RFB 003.003.

Notice how the scanner returns additional information about the services running on the ports. Here, we see some banner grabbing done for the HTTP server, SMTP server, IMAP server and the POP3 server.