Fog Creek Software
Discussion Board




Client sniffer/port scanner a la Shields Up ?

I am seeking a script that implements a client port scanner and sniffer similar to the test that grc.com has in its Shields Up! marketing page.  I could probably cobble something together in Perl or PHP, but because I am lazy as hell I thought I would ask here. :-)

My interest is in creating a web page that demonstrates to the user that their system may be vulnerable to attack. I could point the user to grc through a link, but I would rather brand the test as "my own" if possible.

I realize that I would have to guard access to the page with some sort of click through agreement that specified that the user was consenting to this procedure, etc.

Searches of Freshmeat, Sourceforge, the web, and newsgroups yield nothing relevant. I thought this stuff was all over the place for hackers to abuse!? ...

Bored Bystander
Saturday, May 01, 2004

What like a public service to check the security of a machine? Can you imagine how quickly you'd get blacklisted if you did. And you could be up for blame if someone successfully found a vunerability in a system using your service.

Matthew Lock
Saturday, May 01, 2004

Take a look at NMap.  http://www.insecure.org/nmap .  It ships with Red Hat and there is also a Windows port available ( http://www.eeye.com/html/Research/Tools/nmapnt.html ).  It provides the guts of what your are looking to accomplish. 

Karl
Saturday, May 01, 2004

So you're lazy as hell and are asking for free code, but then you're going to label the test as "your own"?  WTF?

get off your arse and do it yourself!
Saturday, May 01, 2004

Here is my thinking:

It would be a excellent promotional tool to have a page on my company's web site that did a cursory probe of the visitor's ports, as part of a security awareness page.

In other words this would not be a test that could be pointed arbitrarily at "any" system, it would only display findings associated with the PC that is doing the browsing.

I would not do a complete port scan. I would simply examine the common ports that may be open: Windows shares, and common internet services (HTTP, FTP, telnet). Probably a dozen or fewer ports. It would be a simplistic kind of "your computer is NOT safe, you need our services" test.

If I used GPL or LGPL source code, I would credit the author and provide a hyperlink to their site.

I would protect the test itself behind a legal authorization screen that absolved my co. from liability for findings. Probably I'd also use some sort of "enter your initial" authorization to run the test.

Bored Bystander
Saturday, May 01, 2004

"So you're lazy as hell and are asking for free code, but then you're going to label the test as "your own"?  WTF?"

Yeah, that'a a classic.

Jorel on Software
Saturday, May 01, 2004

I second the suggestion of Nmap. Its a consol app, but if you are a perl guy piping the output to a web page shouldnt be to tricksy.

Eric Debois
Saturday, May 01, 2004

Matthew >>
This is not an uncommon thing to find on security related sites. As long as you only scan the IP from where the request came, there is no harm in it.
Besides, port scanning isnt illegal.

Eric Debois
Saturday, May 01, 2004

I'll look at nmap, thanks for the suggestion. It appeared to be about 100x what I wanted for this purpose but if the output can be scrubbed and formatted for a web display, no big deal.

BTW, as far as accusations of freeloading: by this definition, everyone using Apache and Perl and crediting those served web pages to themselves is lazy and undeserving.

Bored Bystander
Saturday, May 01, 2004

If there is a t-shirt, then it must be true!
http://www.americansushi.com/

Karl
Monday, May 03, 2004

Bored:

You're asking for implementation details for a work that you want to call your own.  That's a lot different than using a tool someone else has written to create original work.  No matter what daemon serves up a webpage, that page's author is the creator of the page.

Bored and lazy
Monday, May 03, 2004

*  Recent Topics

*  Fog Creek Home