RE: new tool: qahs

From: Dawes, Rogan (ZA - Johannesburg) (rdawes@deloitte.co.za)
Date: Thu Jun 05 2003 - 05:41:08 EDT

• Next message: John Public: "found kuang2thevirus remote tool"
• Previous message: John Public: "request for kuang2 uploader for penetration test"
• Maybe in reply to: methodic@libpcap.net: "new tool: qahs"
• Next in thread: Oliver Karow: "Re: new tool: qahs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Something you might try on 6000 is to take a screenshot. That would identify
Xservers that have done an xhost +, which would allow keystroke sniffers to
be attached, e.g. xkey
(http://www.stllinux.org/meeting_notes/1997/0619/xkey.html)

Actually X client would do, so long as it reports success or failure, but a
screenshot is quite powerful as a demonstration :-)

Rogan
> -----Original Message-----
> From: methodic@libpcap.net [mailto:methodic@libpcap.net]
> Sent: 04 June 2003 09:03 PM
> To: pen-test@securityfocus.com
> Subject: new tool: qahs
>
>
> Im working on a tool called qahs (quick automatied host scanner)..
>
> basically it will nmap a host, parse it's open ports, attempts to get
> banners from open services, and has internal rules, so if port 79 is
> open, it'll run finger, if 2049 is open, it will run showmount, etc..
>
> it's a great tool to use if you're pen-testing subnets. qahs
> will write
> a seperate log file for each host scanned, so you can grep
> through them,
> or do something like less *.log.
>
> this isn't a "release" yet.. Id like to make it as complete as I can
> before I officially release it to other places. if you have any good
> ideas or know of any good programs to run if a port is open
> (im looking
> for a good one for port 6000), please feel free to email me.
>
> you can wget qahs here: http://libpcap.net/qahs.tar.gz
>
> thanks.
>
> --
> + Microsoft doesn't believe in free() code.
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------
>

Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre@Deloitte.co.za.

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: John Public: "found kuang2thevirus remote tool"
• Previous message: John Public: "request for kuang2 uploader for penetration test"
• Maybe in reply to: methodic@libpcap.net: "new tool: qahs"
• Next in thread: Oliver Karow: "Re: new tool: qahs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:34 EDT