Projects

0

JSScanner

Posted by dk
October 23, 2006

JavaScript Network Mapper (v1.0)
author: david.kierznowski_at_gmail.com
http://michaeldaw.org

I have been doing alot of research into JavaScript Port Scanning lately. This tool is an initial attempt to correlate my ideas into a single project.

Download the latest version of jsscan.tar.gz here.

Synopsis:
function webPingScan() {
s = new jsscanner(”192.168.1.1/30″);
s.jssWebPing();
}

Usage:
s = new jsscanner(”IP/Range”);
s.jssWebPing(); OR
[...]

3

Web Browser Port Restrictions

Posted by dk
October 12, 2006

Some of my notes regarding Browser Port Restrictions.

Internet Explorer:

Anything goes. I need to look into this more.

Opera 9:

Resticts access to Ports 22,25,53 and 110. All other services seem accessible, I need to do more work here – It was interesting to note that my CPU was cranked up to 100% when requesting a restricted port. [...]

0

Client Side Port Scanning

Posted by dk
October 5, 2006

Current JavaScript or other Client Side Scanning Techniques:
1. IMG Scanner – using (img src=)
http://www.gnucitizen.org/projects/javascript-port-scanner/
http://www.spidynamics.com/spilabs/js-port-scan/
Limitations:
This is a nice technique for scanning but can be easily mitigated by disallowing external images. This effectively breaks both scanners (tested in Firefox). This includes SPI Dynamics PING feature. You can turn off external images as follows (instructions for Firefox):
> Tools
> [...]

4

JSWebPing – JavaScript Web Ping

Posted by dk
October 5, 2006

JavaScript Web Ping
Author: david.kierznowski_at_gmail.com
http://michaeldaw.org

The Idea:
1. We setup an Iframe
2. We dynamically load our target address with a timeout
3. If the document is loaded, we flag the host as being up.
4. If the host is down, the timeout is reached and we flag the host as down.

This concept can also be extended to perform port scanning [...]

4

JSEScanner – JavaScript Port Scanner

Posted by dk
September 28, 2006

Update: Removed JavaScript Example
Update: Removed tables due to cross browser issues.

JavaScript External File Scanner (JSEScanner)
Author: david.kierznowski_at_gmail.com
http://michaeldaw.org

JSEScanner is a simple idea:
1. Use uses <script src=””> to request a JavaScript file.
2. Use typeof to verify its existence.
3. Use result in fingerprint.

This technique can be used to enumerate internal web servers and/or applications via a clients browser. It [...]

Previous Page
Next Page