Unicornscan

UPDATE.

Sat Apr 26 00:19:50 CEST 2008
Robert has started a new information security blog at http://blog.robertlee.name/. This blog will share some of our work with security testing methodologies, compliance, security tools, metrics, and other current events. Please feel free to participate by using the comment capabilities of the blog.

Mon Dec 3 11:20:11 CET 2007
We have won 2nd place in the security category for this years Les Trophees du libre 2007. We are very pleased by this development. To celebrate, we have released version 0.4.7. See below for access to the new version.

OVERVIEW.

Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL license.

BENEFITS.

Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Although it currently has hundreds of individual features, a main set of abilities include:

Asynchronous stateless TCP scanning with all variations of TCP Flags.
Asynchronous stateless TCP banner grabbing
Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response).
Active and Passive remote OS, application, and component identification by analyzing responses.
PCAP file logging and filtering
Relational database output
Custom module support
Customized data-set views

DOWNLOAD.

Source Code:
20/12/2007 - Unicornscan - 0.4.7-2: unicornscan-0.4.7-2.tar.bz2
This release is known to compile on Linux. Other platforms may still work. Please send bug reports for compilation errors.

30/9/2004 - Unicornscan - 0.4.2: unicornscan-0.4.2.tar.gz
This release is known to compile on Linux, NetBSD, FreeBSD, and Solaris.

Packages:
3/1/2008 - Unicornscan - 0.4.7-2: unicornscan-0.4.7-4.fc8.i386.rpm
3/1/2008 - Unicornscan - 0.4.7-2 SRPM: unicornscan-0.4.7-4.fc8.src.rpm
This release is tested to work on Fedora Core 8 i386. Other platforms may still work. Please send bug reports for errors.

GETTING STARTED.

To begin, please read this getting started guide. You may also wish to go through the DEFCON presentation we gave to launch the tool. You can watch it here.

COMMUNITY.

If you want to join the mailing list, click on this link. Join us in #unicornscan on the efnet IRC network for immediate feedback. You can join the development effort over on SourceForge.