SkillAgentSearch skills...

Uberscan

Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.

GenerateConvertImprove

Install / Use

/learn @batchmcnulty/Uberscan
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

uberscan

Security program for pen-testing servers, routers and IoT devices

(btw my bitcoin address is 3A7yuqBcPAcVEM59bNAVQdTCmkxRb5JRgE )

(Here's an alternative, also for BTC, as I've been getting reports of some bitcoin wallets not supporting certain addresses: 1PEDKUiUTxGNJ3XTPfXCTAjpzVzX1VZAme )

Greeetings, comrades, and welcome to UBERSCAN 1.0

UBERSCAN is designed to help pen-test servers and networks, and as a tool for people like me who are trying to get into the ethical hacking business to just get a handle on, for example, just how many devices are vulnerable to, say, the Mirai virus. Yes, it's a sort of wardialler and yes, it can be used to crack the passwords of servers and IoT devices, and no, it is not to be used for sinister or nefarious purposes (see LEGAL NOTICE).

Quick Start:

Example command-line usage:

uberscan -user:admin -passblank -scantype:telnet -random_ip -forktimes:20

or

uberscan -user:root -password:admin -scantype:ssh -random_ip -forktimes:20

or maybe

uberscan -userfile:wordlist.txt -passfile:wordlist.txt -scantype:telnet -random_ip -forktimes:15

Try combining and adjusting these various options until you find some fun things to play with! (ONLY KIDDING, I DON'T WANT TO GO TO JAIL AAAAAAARRRGGGHHHHHH!)

CONTENTS:

0.... LEGAL NOTICE

1.... INSTALLATION

2.....ABSTRACT

2.1...Introduction
2.2...A note on wordlist mode
2.3...The SSH scanner
2.4...Easter eggs
2.5...Signoff and whiny begging bit

3.....OPTIONS

  1. LEGAL NOTICE:

This program (herafter referred to as UBERSCAN or uberscan) is distributed under the GPL 3 license. All relevant rights reserved. UBERSCAN IS COPYRIGHT (c) Batch McNulty 2017. You may distribute, modify and / or copy UBERSCAN without permission as long as you abide by the terms of the GPL 3 license.

This utility is designed for LEGAL USE ONLY. I will not be held responsible for malicious use. Malicious hackers are going to have their own tools anyway; UBERSCAN is designed to help secure computer systems, not trash them. If you do find vulnerable servers using the -random_ip and -random_ipblock scanners you are encouraged to contact the owners and tell them about the security hole.

Be nice! That's an order!

Please send all death threats, extradition warrants, and dodgy job offers to batchmcnulty@protonmail.com. I will try to get back to you but can't guarantee anything...

  1. INSTALLATION:

It has a few dependencies, so I'm shipping a batch file with it that should install those for you automatically. Just open a terminal window in whatever directory it's in and type

sudo bash INSTALL.bash

..wait (it can take a long time), and you should be able to run UBERSCAN (try perl uberscan.pl if you get really stuck)

In case the install program doesn't work, the required libraries are:

WWW::Curl::Easy HTTP::Request Net::SSH::Expect Net::Telnet Net::FTP Net::POP3 IO::Socket::INET Scalar::Util Fcntl utf8 Encode

Scalar::Util, Fcntl, utf8 and Encode should all be included in your Perl distro, which comes with Linux. The others probably need to be installed seperately... sadly in the case of Curl::Easy the dependency itsself has a dependancy, which can be hard to find. If the INSTALL.bash file doesn't leave you with a computer that runs UBERSCAN, try running one or all of these, then run the install file again:

sudo apt-get install libcurl4-doc 
sudo apt-get install libcurl3-dbg 
sudo apt-get install libgnutls-dev
sudo apt-get install libidn11-dev
sudo apt-get install libkrb5-dev 
sudo apt-get install libldap2-dev
sudo apt-get install librtmp-dev
sudo apt-get install zlib1g-dev

Also, the INSTALL.bash file requires cpan, which should come with linux - if it doesn't, type

sudo apt-get install cpan

at the terminal before running it.

One more very important thing:

The Net::SSH::Expect module requires that you make some changes to one of your system files. It is:

/etc/ssh/ssh_config

You'll need superuser permissions to adjust that, so load it up in your favourite editor and add the following lines to it:

Host *

StrictHostKeyChecking no
UserKnownHostsFile=/dev/null

(The "Host *" line may already exist, if it does, don't add a new one)

If you can't do this, uberscan will still work - you just won't be able to use the -scantype:ssh option.

  1. ABSTRACT:

2.1 Introduction

UBERSCAN was designed on an Ubuntu Linux platform, so I can't guarantee that it will run on anything else, though I'm fairly confident it will be OK on any Linux PC. Windows and Macs, not so much, but feel free to help yourselves.

UBERSCAN can scan a TCP/IP network for poorly passworded devices (including routers and IoT boxes) and SMTP mail servers vulnerable to spammers. Its main function is to brute-force password-protected servers (for ethical purposes ONLY, of course!)

It can scan for the following services / vulnerabilities:

  • SSH (Secure Shell) with poor password protection
  • Telnet (open on many routers and Internet Of Things devices)
  • FTP (open on many routers)
  • Anonymous FTP servers.
  • unencrypted POP3 mail servers
  • SMTP mail servers - the classic "SMTP bug", SMTP VRFY commands, and SMTP servers that can be hijacked by spammers (NB, it does NOT do password cracking on SMTP servers... yet).
  • devices protected by HTTP "challenge" (NOT "forms") - both "Realm" and "Digest" type.
  • As a bonus it can also scans for "banners", the first line sent by a device, so you can look for, say banners on the mysql port.

UBERSCAN is programmed with the default ports, but you can override this with the -port: option.

2.2 A note on wordlist mode:

Wordlist mode (-passlist:textfile.txt and -userlist:textfile:txt) pages through wordlists and tries to brute-force the selected IPs with them.

Wordlist mode differs in different scans. When you select an IP block, IP range or list of IPs, UBERSCAN goes through the targets and tries the same username / password on each IP, then loops back and tries the next username and / or password in the list until it runs out of wordlist(s). This is a rather basic attempt to overcome the old "three-strikes and you're out" style password security - if the list is long enough, by the time the same IP loops back again you'll have a fresh "go" at it.

Random IP generation (-random_ip) mode works differently. Because IPs are chosen randomly and the search can go on indefinitely, there is no list of IPs to loop through, so the entire wordlist has to be dropped on the target at once.

2.3 The SSH scanner:

Programming the SSH scanner has given me a lot of trouble. I have programmed it to look for the "~", ">", and "#" prompts as well as a "Welcome to" message, a large number of "bad password" type outputs and also created a third option, which is that if it finds neither it creates an "SSH-MAYBES.txt" file. It shouldn't create false negatives or false positives, but if it does, please send me any files it generates (suitably edited of course) so I can fix the problem.

2.4 Easter eggs:

There are a couple of fun cultural references in one or two of the program's status and error messages. These give UBERSCAN a bit of personality. If this creates confusion or seems a bit too silly I'm always happy to recieve feedback.

2.5 Signoff and whiny begging bit:

Admittedly, UBERSCAN is a bit crude, but it doesn't have to stay that way. I'm putting a bitcoin address with this, and if I get a good enough response, I'll work on refining its crudeness and there will be UBERSCAN 1.1, 1.2, maybe even an UBERSCAN 2.0. It all depends on you! Send your money to bitcoin address:

1PEDKUiUTxGNJ3XTPfXCTAjpzVzX1VZAme

-Remember, if you use this program as part of your job, you really should pay! (As an added inducement- if I get enough cash, and people ask me to, I might even take the nag screen out!)

  1. OPTIONS / USAGE:

Although it will work without them, it is strongly reccomended that you give UBERSCAN superuser privileges.

UBERSCAN is a command-line utility, and as such it expects to have at least one option passed to it.

Those Options In Full:

TYPES OF SCAN:

-scantype:xxx Sets the scan type. "xxx" can be SSH, FTP, POP3, SMTP, HTTP, Telnet, or Banner. See -ftpanon and -smtpbug

-port:nn Sets the port to something other than the default for that service. ("-scantype:banner" searches on Port 1433, the SQL port).

-ftpanon Searh for anonymous ftp servers. Used instead of -scantype and -user -pass

-smtpbug Tests for the smtp bug. Used instead of -scantype and -user -pass options

-spamcheck Only works under "-scantype:smtp" scans. Each and every time a server is connected to, it checks to see if it's vulnerable to abuse by spammers. Off by default.

-novrfy When doing an SMTP scan, stops UBERSCAN from issuing VRFY commands. Implies -spamcheck.

USERNAME AND PASSWORD SCANNING:

-user:xxx -pass:xxx Sets the username / password to try. If you're cruising the internet for random servers with the -random_ip option, this and -userblank / -passblank are the only username / password options that UBERSCAN will accept. Normally you will use both, but they are interchangable with the -userfile and -passfile (wordlist) options where these are allowed, as well as the -userblank and -passblank options. Please note that these don't do anything if -scantype is set to SMTP or if the -ftpanon or -smtpbug options have been set.

-userblank -passblank -userblank sets it up to try a blank username, -passblank

batchmcnulty

View profile

View on GitHub
GitHub Stars54
CategoryDevelopment
Updated2mo ago
Forks11
batchmcnulty/uberscan

Languages

Perl

Security Score

100/100

Audited on Jan 13, 2026

No findings