MingSweeper

Features
Reverse DNS Sweeps
Ping Sweeps (currently ICMP only)
TCP Port Scan (full connect)
TCP Port Scan (SYN scan)
TCP Port Scan (NULL scan)
TCP Port Scan (FIN scan)
TCP Port Scan (XMAS scan)
TCP Port Filter Scan (ACK scan)
UDP Port Scan
Operating System Identification (utilises IP stack fingerprinting)
Application Identification (utilises banner grabbing)
Lazy DNS resolution
Comprehensive results presentation views with filtering/searching
Loading & Saving of scan results
Flexible target range specification

Some Technical Details
Non-connect TCP port scans and OS identification utilise Winsock 2.x raw sockets, these are only available on Windows 2000 and Windows XP. Windows NT 4.0 and Windows 9x/ME support raw sockets but ONLY for ICMP.

OS Identification currently utilises two IP stack fingerprinting techniques. Firstly an NMAP (by Fyodor) style fingerprint is 'taken', this involves the standard NMAP TSeq, T1-T7 and PU tests. This is followed by an ICMP fingerprinting technique based on the whitepaper produced by Ofir Arkin detailing ICMP usage in scanning. The ICMP tests include target TTL measurement, 4 ICMP query types (Echo,Timestamp,Information Request and Address Mask) each of which is sent 4 times with different IP/ICMP flags set (plain, DF bit echoing, non-0 ICMP code echoing and non-standard TOS value echoing.) At some point I will include information gathered from the application identification results but not just yet.

MingSweeper will perform OS identifcation in the following sequence :
1 - If Open TCP ports are present on the target then perform NMAP tests Tseq, T1, T2, T3 and T4.
2 - If Closed TCP ports are present on the target then perform NMAP tests T5, T6 and T7.
3 - Always perform the NMAP PU test with a UDP packet to an assumed closed UDP port.
4 - Always perform the MingSweeper IClass, I1, I2, I3 and I4 ICMP tests.

The results from all of these tests are used to create an OS fingerprint that can be used to match against the fingerprint database.

Requirements
Windows NT, Windows 2000, Windows XP
(Windows 2000 and Windows XP required for OS Identification and non-connect TCP port scans)
(Windows 95,98 and ME are currently not supported although they will be shortly for the masochists who continue to use them.)

Download
MingSweeper 1.00 alpha 5 - UK Site
MingSweeper 1.00 alpha 5 - US Site (www.securityfocus.com)

The latest application & OS identification files are also available:
applications.txt - 16/8/2001
tcpfp.txt - 16/8/2001

Installation
Simply extract the contents of the MingSweeper zip archive to the desired installation directory and Bob's your uncle. Windows 2000 and Windows XP users should install the supplied registry file 'enable-user-TOS.reg' by simply double-clicking the file. This registry change permits user applications (namely MingSweeper) to modify the TOS value in the IP header of sent datagrams, essential for accurate IP stack fingerprinting.

New OS fingerprints and application descriptions can be imported using the import commands under the file menu. New entries will be merged into the respective working databases. MingSweeper can currently read and use NMAP fingerprints with no problem.