Netrecon, a lightweight network tool

» 09 September 2010 » In Uncategorized »

Netrecon is a small network scan/recon tool that can perform fast network investigations. Netrecon isn’t a replacement for nmap and tcpdump, but can be considered an integration to the *nix network toolbox.

DISCLAIMER: This tools can cause harm to the normal operation of your network/servers if used improperly. Use this tool on your own networks/servers, or networks/servers for which you have been given permission to test. Before using this tools, please read the documentation available.

The main feature included are:

- Ping-like only fast connect/select check
- Precheck support (skips dead hosts) and keeps going
- Tiny footprint with only one dependency (pcap) for the sniffer
- Easy to use and modify for your own systems
- Simple port range support e.g. -p 23 or -p 22-80
- Fine grained timeout support in seconds, useconds or both
- Fast by default but able to do non-strobes (past port 1024/no service mapping)
- Optional full tcp connect for every port
- Very fast packet watching capability with little tiny footprint
- Simple subnet specification in the form of x.x.x.x-X
- ipv6 support (EXPERIMENTAL)
- Session dump capability using libpcap during scans in parallel
- Simple packet payload decoding in ascii
- Added ARP traffic monitoring
- Passive TCPIP port/host data collection

Installation:

apt-get install build-essential libpcap0.8 libpcap-dev
wget http://www.packetstormsecurity.org/UNIX/utilities/netrecon-1.78.tgz
tar xvfz netrecon-1.78.tgz
cd netrecon-1.78
make linux
make install

Usage:

Using netrecon:

./netrecon

Usage: netrecon <command> <args> …
netrecon scan –ping –conn –dgram –port n-N –time s.ms –extra -V {target}
netrecon scan6 –dgram –port N {ipv6addr}
netrecon passive –if <dev> –threshold <n> –polls <count> –extra {pcap-expr}
netrecon tcpdump –if <dev> –polls <count> –decode {pcap-expr}
netrecon arpsniff –if <dev> –polls <count> –decode {pcap-expr}

Example:

./netrecon scan 192.168.1.1
Host 192.168.1.1
22    ssh
53    domain
80    www
443   https

./netrecon scan –ping  192.168.1.1
Timeout: 2.0
Scan start: Thu Sep  9 15:50:04 2010
Host 192.168.1.1 is alive
Scan start: Thu Sep  9 15:50:04 2010
Scan end  : Thu Sep  9 15:50:04 2010

./netrecon arpsniff –if eth0

Photo:
Claus Rebler

Did you like this? Share it:
Scridb filter

Tags:

Trackback URL

One Comment on "Netrecon, a lightweight network tool"

Trackbacks

  1. Netrecon, a lightweight network tool Eclectic Security « Opexxx’s Weblog 06/10/2010 at 3:33 pm

    [...] Trackback URL via bailey.st [...]

Hi Stranger, leave a comment:

ALLOWED XHTML TAGS:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe to Comments