HackBlog

This post is about a nice network penetration testing tool. C-Scan is a penetration testing tool which scans the IP address range or a specific IP to find out network vulnerabilities. This tool is not new and no new updates have been released for years. But you can still find it useful.

By using this tool, following items can be scanned:

• NT server NETBIOS information, Remote Register informa
• Remote OS type and version detection,
• Standard port status and banner information,
• SNMP information,
• CGI vulnerability detection,
• IIS vulnerability detection,
• RPC vulnerability detection,
• SSL vulnerability detection,
• SQL-server,
• FTP-server,
• SMTP-server,
• POP3-server,
• NT-server weak user/password pairs authentication module,
• Remote Register information, etc.

The results of the scan are saved in /log directory, and are title index_ip_address.htm (if you used the GUI) or ip_address if you used the command line option. These can be directly browsed by any normal Web Browser.

Basic user and password lists are supplied to carry out a basic attack on certain services, (above), if found enabled on the host.

You can download XScan v3.3 here:

http://xfocus.org/programs/200507/X-Scan-v3.3-en.rar