olle.nxs.se

Blog * Software * Twitter * Email

Projects:

• visimport
• usb-device-fuzzing

Archived stuff:

• john-ntlm
• huggorm
• slingerbult
• netu
• tratt
• skravel
• remote-x
• winmap
• nload
• ypf

winmap

Windows portscanner with Nmap-like user interface.

This project was started in March 2000 by the author Olle Segerdahl <olle@nxs.se>. It's intent was to create a portscanning tool that was slim and usable, using only raw sockets (ie. no device drivers needed) and with an Nmap-like user interface. If you are familiar with Nmap, you should have no trouble using winmap, as the parameters and output are designed to be at least vaguely similar.

Features:

• ICMP hostenumeration with TCP & UDP portscanning
• Nmap-like user interface (syntax and output)
• Uses only WinSock code, no external packet libraries
• Resolves IPs to hostnames and portnumbers to servicenames
• Many commandline switches available to finetune behaviour

FAQ:

---

Q: What's this thing good for anyway?
A: Not much, if you're on a client release of Windows or can install WinPcap, then you're probably much better off with nmap. I find it is still useful on Windows Server when you have local admin privileges but can't, or don't want to for some reason, load the WinPcap drivers...

---

Q: Why can't I use the SYN scan feature?
A: The SYN scan needs access to raw sockets, these require local administrator privileges and are severely restricted on client versions of Windows. Also, you might be running a Windows version from the 90's... ;)

---

Q: Hey! The TCP connect() scan is really slow, winmap SUCKS!
A: Please read "What the hell are those *.reg files in the distribution for?" in this FAQ and apply the relevant registry updates.

---

Q: What the hell are those *.reg files in the distribution for?
A: Simply put, they make the default TCP connect() scan go a hellofalot faster. They do this by disabling the stupid retries that winsock does in the connect() function. Refer to M$ KB article Q175523: "INFO: Winsock TCP Connection Performance to Unused Ports" for more details. As with most registry changes, you must reboot to activate the changes.

---

Q: Why can't I SYN scan my own IP adress?
A: Winsock does not allow the RCV_ALL flag to be set on loopback interfaces, and since all traffic to and from local IP's are routed over loopback we have no way of listening to the reply packets. SYN and UDP scan skips scanning of any IP adresses routed over the loopback interface.

---

Q: Why doesn't winmap find my "services file"?
A: The short answer is that winmap checks for the file "services" first in %SYSTEMROOT%\system32\drivers\etc and then in %WINDIR% .... the long and more correct answer is in the code... Use the source, Luke!

---

Download:

• wiNmap version 1.2 complete source dist
• wiNmap version 1.2 WIN32 binary only

© 2002-2012 by Olle Segerdahl <olle@nxs.se>