From: Jerry Shenk (jshenk@decommunications.com)
Date: Sat Jul 24 2004 - 11:40:38 EDT
FYI - anybody interested in this file, the link on the site to download it doesn't work. Try this one: http://www.thc.org/releases/thcrut-1.2.5.tar.gz
-----Original Message-----
From: Martin Maèok [mailto:martin.macok@underground.cz]
Sent: Friday, July 23, 2004 3:33 AM
To: pen-test@securityfocus.com
Subject: Re: Find out the subnetting of a company
On Tue, Jul 20, 2004 at 12:53:43PM -0400, David M. Zendzian wrote:
> Isn't there some icmp or ip based packet that can be sent to most
> devices querying the subnet theyare in?
I recommend The Hackers Choice THC-RUT. I use it to quickly scan large
networks through ARP/ICMP/IP requests and it works great. It runs on
Linux, BSD and Solaris.
RUT (aRe yoU There, pronouced as 'root') is your first knife on
foreign network. It gathers informations from local and remote
networks.
It offers a wide range of network discovery utilities like arp lookup
on an IP range, spoofed DHCP request, RARP, BOOTP, ICMP-ping, ICMP
address mask request, OS fingerprinting, high-speed host discovery,
...
THC-RUT comes with a OS host Fingerprinter which determines the
remote OS by open/closed port characteristics, banner matching and
nmap fingerprinting techniques (T1, tcpoptions).
The fingerprinter has been developerd to quickly (10mins) categorize
hosts on a Class B network. Information sources are (amoung others)
SNMP replies, telnetd (NVT) negotiation options, generic Banner
Matching, HTTP-Server version, DCE request and tcp options. It is
compatible to the nmap-os-fingerprints database and comes in addition
to this with his own perl regex capable fingerprinting database
(thcrut-os-fingerprints).
The latest version is
http://www.thc.org/download.php?t=r&f=thcrut-1.2.5.tar.gz
Martin Mačok
IT Security Consultant
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:58 EDT