Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
scanssh(1)		FreeBSD	General	Commands Manual		    scanssh(1)

     scanssh --	scans the Internet for open proxies and	SSH servers

     scanssh [-VIERph] [-s scanners,...] [-n ports,...]	[-u socks hosts,...]
	     [-e excludefile] addresses...

     ScanSSH scans the given addresses and networks for	running	services.  It
     mainly allows the detection of open proxies and Internet services.	 For
     known services, ScanSSH will query	their version number and displays the
     results in	a list.

     The adresses can be either	specified as an	IPv4 address or	an CIDR	like
     IP	prefix,	ipaddress/masklength.  Ports can be appended by	adding a colon
     at	the end	of address specification.

     Additionally, the following two commands can be prefixed to the address:

     random(n[,seed])/	The random command selects random address from the ad-
			dress range specified.	The arguments are as follows:
			n is the number	of address to randomly create in the
			given network and seed is a seed for the pseudo	random
			number generator.

     split(s,e)/	The split command is used to split the address range
			in several unique components.  This can	be use to scan
			from serveral hosts in parallel.  The arguments	are as
			follows: e specifies the number	of hosts scanning in
			parallel and s is the number of	the host this particu-
			lar scan runs on.

     The options are as	follows:

     -V		     Causes scanssh to print its version number.

     -I		     Does not send a SSH identification	string.

     -E		     Exit the program, if the file containing the addresses
		     for exclusion can not be found.

     -R		     If	addresses are generated	at random, this	flag causes
		     the program to ignore excluded addresses from the exclude
		     file.  The	default	behaviour is to	always exclude ad-

     -p		     Specifies that ScanSSH should operate as a	proxy detec-
		     tor.  This	flag sets the default modes and	default	scan-
		     ners to detect open proxies.

     -h		     Displays the usage	of the program.

     -n	ports,...    Specifies the port	numbers	to scan.  Ports	are separated
		     by	commas.	 Each specified	scanner	is run for each	port
		     in	this list.  The	default	is 22.

     -u	socks hosts,...
		     A list of comma separated host:port pairs of SOCKS	prox-
		     ies that scanssh should use to scan through.

     -s	scanners     Specifies a number	of scanners should be executed for
		     each open port.  Multiple scanners	are separated by com-
		     mas.  The following scanners are currently	supported:

		     ssh	    Finds versions for SSH, Web	and SMTP

		     socks5	    Detects if a SOCKS V5 proxy	is running on
				    the	port.

		     socks4	    Detects if a SOCKS V4 proxy	is running on
				    the	port.

		     http-proxy	    Detects a HTTP get proxy.

		     http-connect   Detects a HTTP connect proxy.

		     telnet-proxy   Detects telnet based proxy servers.

     -e	excludefile  Specifies the file	that contains the addresses to be ex-
		     cluded from the scan.  The	syntax is the same as for the
		     addresses on the command line.

     The output	from scanssh contains only IP addresses.  However, the IP ad-
     dresses can be converted to names with the	logresolve(8) tool included in
     the Apache	webserver.

     The following command scans the class C network - for
     open proxies:

     scanssh -p

     The next command scans for	ssh servers on port 22 only:

     scanssh -n	22 -s ssh

     The following command can be used in a parallel scan.  Two	hosts scan the
     specified networks	randomly, where	this is	the first host:

     scanssh 'random(0,rsd)/split(1,2)/(,80'

     At	the moment, scanssh leaves a one line entry in the log file of the ssh
     server.  It is probably not possible to avoid that.

FreeBSD	13.0			 July 17, 2000			  FreeBSD 13.0


Want to link to this manual page? Use this URL:

home | help