phpDistributedPortScanner Documentation
Table of Contents
1. Introduction
A. What is it?
2. Installation
1. What is it?
It's a joke. You might be able to get way with calling it a proof of concept tool, but I doubt it. phpDistributedPortScan is the first completely web-based distributed port scanner. It uses no stealth features besides mutiple origin points, but the raw speed and general usefulness made it worth releasing publicly. It is comprised of a master node and an infinite number of slave nodes. The slave "node" is actually a tiny PHP 3.x script with minimal authorization (MD5 hash) that performs portscans and sends the results back to the master. All communication is outbound from the master and uses normal HTTP POST requests to control the slaves. The master is a slightly more complex PHP 3.x script that coordinates all of the slave nodes and brings all of the scan results back to the user. There is currently no authentiaction scheme implemented on the master script, as I am assuming you will place it somewhere not publicly accessible.Apache 1.3.x Webserver PHP 3.0.12 or later.
You can always download the latest release from:
http://www.digitaloffense.net
A. Download the tarball from the site listed above.
B. Extract it with the following command:
$ gunzip -c phpDistributedPortScan-VERSION.tar.gz | tar -xvfC. Configure pscan.php3 and master.php with help from the Configuration section of this manual.
D. Copy pscan.php3 to web-accessible directories on any sites you wish to use as slave nodes.
E. Copy master.php3 to a restricted area on a web site you have access to.
F. Point your browser to the location of the master.php3 file and enjoy!
1. Setting up the Master node.
The first thing you need to do is generate a password/hash combination for the master -> slave communication. You do this by placing the genkey.php3 script on a web server and accessing it with your browser. This will generate the lines you need to add to your master and slave scripts. For each slave node wish to use, you need to add a line like the following:$nodes["www.yoursite.com"] = "/~user/pscan.php3";You may only add one slave per web server (thats why threads were implemented) and servers using non-standard ports are not currently supported.2. Setting up the Slave nodes.
Modify the pscan.php3 script so that the ClusterKeyMD5 variable is set to the right value and upload it to your PHP enabled web server. Accessing this file directly will print out a cheesy "Hello World" string to remain inconspicious. You may wish to rename the file to something else, so its intent is not as obviousThe security implemented into this is minimal. Only master nodes with the correct key can access the slave nodes with the corresponding hash of that key. The keys are sent in the clear via the HTTP POST method and could easily be intercepted. The master script has no built in security, so it is up to you to protect it via ACL's or rewriting it to require a password.
Point your browser to the master.php3 script and fill out the fields. The target field can contain a hostname or an ip address. The ports field accepts ranges like 1-100 and comma delimited values like 1-100,200-306,1024,514. The threads field specifies how many concurrent scans should be performed per node. Since we are using a tcp connect call, there is a 5 second max timeout per port. By setting the thread field to 10 with 5 nodes, you are scanning 50 ports in parallel at any given time. The maximum number of threads can be changed by editing the MaxThreads variable in master.php3The more nodes you have, the harder it will be to track down every source address. The more threads you use, the faster the scan will be and the more "noise" will be produced. The next version will have exact delay options and the ability to cluster many master nodes together.Do not go around randomly scanning peoples machines. They will probably get mad and call your ISP as well as the ISP of every web server you used for the scan. Please remember that even though the portscan is not coming from your machine, the web logs of the slave nodes will contain the IP address of the master node. The web log files of the server the master node is on will show the address you used to do the scan. This tool is not stealthy. It uses full TCP connections to perform the portscan, which means it will get logged by every port sentry/tcp wrappers/port blocking security system out there.