hi, early june last year i emailed "mscan 1.0" to rootshell.com. i didnt expect there to be such an explosion thereafter.. but almost all the major security organizations released advisories about it, etc, and to this day i get script kiddies on irc msg'ing me asking me why it wont compile on such and such a box, asking me to add new vulnerability checks, etc. at any rate, mscan 1.0 was the most disgusting mess of code i've personally ever seen, so as repentance i have coded "sscan". this tool is much more powerful than mscan, and has been created with self-replication (integration into internet worms), configurability, and expandibility in mind. a built in scripting language allows anyone with *no* programming knowledge to add vulnerability checks in a matter of seconds. os detection is done with both tcp/ip stack id, and more traditional methods as well... the alpha release of sscan is available at: http://bear.berkeleycs.ml.org/~jsbach/sscan.tar.gz for now only linux (libc and glibc) are supported, but ports to other OS's are underway... this tool will be much expanded, this is only a prototype sorta th1ng... please, * DO NOT POST SSCAN ON YOUR WEBSITE *, this is an alpha release, wait for the 1.0 release, then mirror it to your hearts content. I'm looking for feedback here.. email me at jsb4chat_private thanks! p.s. this program is dedicated to wesley "silitek" walsh, thanks for your support mang ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:29:22 PDT