olle.nxs.se

Blog * Software * Email * PGP

Projects:

• visimport

Archived stuff:

• john-ntlm
• huggorm
• slingerbult
• netu
• skravel
• remote-x
• winmap
• nload
• ypf

winmap

Windows portscanner with Nmap-like user interface.

This project was started in March 2000 by the author Olle Segerdahl <olle@nxs.se>. It's intent was to create a portscanning tool that was slim and usable, using only raw sockets (ie. no device drivers needed) and with an Nmap-like user interface. If you are familiar with Nmap, you should have no trouble using winmap, as the parameters and output are designed to be at least vaguely similar.

It is now considered obsolete by the author, since a good WIN32 port has been merged into Nmap.

Features:

• ICMP hostenumeration with TCP & UDP portscanning
• Nmap-like user interface (syntax and output)
• Uses only WinSock code, no external packet libraries
• Resolves IPs to hostnames and portnumbers to servicenames
• Many commandline switches available to finetune behaviour

FAQ:

---

Q: Why can't I use the SYN scan feature?
A: Presently the only known working platform for SYN scan is Windows 2000(tm). Some third-party windows socket implementations may work, but this is yet to be confirmed. Windows 2000(tm) is a great improvement over all previous Windows(tm) versions, so an upgrade is recommended.

---

Q: Hey! The TCP connect() scan is really slow, winmap SUCKS!
A: Please read "What the hell are those *.reg files in the distribution for?" in this FAQ and apply the relevant registry updates.

---

Q: What the hell are those *.reg files in the distribution for?
A: Simply put, they make the default TCP connect() scan go a hellofalot faster. They do this by disabling the stupid retries that winsock does in the connect() function. Refer to M$ KB article Q175523: "INFO: Winsock TCP Connection Performance to Unused Ports" for more details. As with most registry changes, you must reboot to activate the changes.

---

Q: Why can't I SYN scan my own IP adress?
A: Winsock does not allow the RCV_ALL flag to be set on loopback interfaces, and since all traffic to and from local IP's are routed over loopback we have no way of listening to the reply packets. SYN scan therefore skips any IP adresses routed over the loopback interface.

---

Q: Why doesn't winmap find my "services file"?
A: The short answer is that winmap checks for the file "services" first in %SYSTEMROOT%\system32\drivers\etc and then in %WINDIR% .... the long and more correct answer is in the code... Use the source, Luke!

---

Download:

• wiNmap version 1.1 complete source dist
• wiNmap version 1.1 WIN32 binary only

© 2002 by Olle Segerdahl <olle@nxs.se>