Kudelski Security is proud to announce the open-source release of Scannerl, its distributed fingerprinting tool.
Scannerl is a modular, distributed fingerprinting engine implemented in Erlang. It is to fingerprinting what zmap is to port scanning. This tool enables easily distributed fingerprinting among a large number of hosts and circumvents limitations of scale and speed, which are the principle challenges of today’s fingerprinting tools.
Let’s take a look at Scannerl’s features:
- Fast: Today’s tools are limited by the available resources of the host they run on (network card, CPU, RAM, network bandwidth, etc.). Scannerl circumvents these bottlenecks by spreading the tasks across multiple hosts in order to increase the overall performance. No need for a high-end server to perform large-scale scans anymore, a cluster of virtual servers spread across the globe will suffice.
- Distributed: Thanks to its Master/slave design, it is able to spread the workload across different hosts. The entire process is completely transparent to the user, who only needs to provide the hosts to use.
- Scalable: By using Erlang’s small sized processes, the tool can execute a large number of tasks in parallel, on the same host. Combining this with the ability to distribute the work across different hosts makes Scannerl a high-functioning and easily scalable tool.
- Modular: Adding custom modules in order to fingerprint specific protocols and services can be done in a few lines of code. Moreover, it is possible to add output modules to insert any results directly into a database technology of your choice.
- Stealth: When using a single host to fingerprint a large number of IPs, there are chances that ISPs/Firewalls might block your probes. By distributing your scan among several IP addresses, the chance of being blocked is reduced.
- Smart: Current tools tend to retrieve either the entire payload or the IP of the responding host. Scannerl can retrieve specific information from a fingerprint session (a field in the header, the version, etc.). It is trivial to implement a parser with fine-grained control over what information is to be extracted from the remote service.
Scannerl can easily be used on a single host, but it has been designed to distribute work over several machines with little more than an SSH account.
Throughout our scanning campaigns, it has proven to be our de facto tool for any large-scale fingerprinting sessions. It is extremely fast and allows a granular level of control over what needs to be queried as well as how to process it (parsing, outputting, etc.)
By releasing this tool to the public, we hope to participate in the effort to make the Internet a safer place.
To learn more about Scannerl, click here.