[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <80115b690912221700g75f9451fo176ffd601b29df49@mail.gmail.com>
Date: Tue, 22 Dec 2009 18:00:36 -0700
From: Reed Arvin <reedarvin@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: WinScanX - A free Windows enumeration tool and a
must have for any security professional
WinScanX was released today. A Windows command-line enumeration tool
plus an optional GUI front-end. A must have for any security
professional.
Download link: http://windowsaudit.com/downloads/WinScanX_Basic.zip
Web site: http://www.windowsaudit.com/
Features and usage information:
WinScanX v1.0 | http://www.windowsaudit.com/
Usage: WinScanX [-abcdefgpklijmnostqurxwyzSWv123] <hostname>
<username> <password>
[-abcdefgpklijmnostqurxwyzSWv123] -- required argument
<hostname> -- required argument
<username> -- optional argument
<password> -- optional argument
If the <username> and <password> arguments are omitted, this utility
will attempt to establish a NetBIOS null session and gather information
via the null session.
If the <username> and <password> arguments are both plus signs (+), the
existing credentials of the user running this utility will be used.
Examples:
WinScanX -1 10.10.10.10
WinScanX -2 10.10.10.10 + +
WinScanX -3 10.10.10.10 administrator password
WinScanX -3 10.10.10.10 domain\admin password
WinScanX -1 WINSERVER01
WinScanX -2 WINSERVER01 + +
WinScanX -3 WINSERVER01 administrator password
WinScanX -3 WINSERVER01 domain\admin password
WinScanX -1 192.168.1-254
WinScanX -2 192.168.1-254 + +
WinScanX -3 192.168.1-254 administrator password
WinScanX -3 192.168.1-254 domain\admin password
WinScanX -1 IPInputFile.txt
WinScanX -2 IPInputFile.txt + +
WinScanX -3 IPInputFile.txt administrator password
WinScanX -3 IPInputFile.txt domain\admin password
==== WinScanX Advanced Features ====
-a -- Get Account Policy Information
-b -- Get Audit Policy Information
-c -- Get Display Information
-d -- Get Domain Information
-e -- Get LDAP Information
-f -- Get Administrative Local & Global Group Information
-g -- Get Local & Global Group Information
-p -- Get Installed Programs
-k -- Get Interactively Logged On Users
-l -- Get Logged On Users
-i -- Get Patch Information
-j -- Get Registry Information
-m -- Get Scheduled Task Information
-n -- Get Server Information
-o -- Get Service Information
-s -- Get Share Information
-t -- Get Share Permissions
-q -- Get SNMP Community Information
-u -- Get User Information
-r -- Get User Information via RA Bypass
-x -- Get User Rights Information
-w -- Get WinVNC3 & WinVNC4 Passwords
-y -- Save Remote Registry Hives
-z -- Ping Remote Host Before Scanning
-S -- Guess SNMP Community Strings
-W -- Guess Windows Passwords
-v -- Verbose Output
-1 -- Group 1 (includes -adglnsur)
-2 -- Group 2 (includes -adgpljnsquw)
-3 -- Group 3 (includes -abdgplijmnostquxw)
==== Retrieving Patch Information ====
The information that is queried for each host to determine the existance
of a patch is included in the PatchInfo.input file.
==== Retrieving Registry Information ====
The registry key/value pairs that are queried for each host are included
in the RegistryInfo.input file.
==== SNMP Community String Guessing ====
The SNMP community strings that are attempted for each host are included
in the CommunityStrings.input file.
==== Windows Password Guessing ====
For Windows password guessing to occur, there must be a matching
<hostname>.users file in the UserCache directory for each host on which
you attempt to guess passwords. WinScanX options -c, -r, -u, and -S can be
used to generate <hostname>.users cache files.
The passwords that are attempted for each user account are included in the
Dictionary.input file.
The following can also be used in the Dictionary.input file:
<username> -- The name of the current user
<lcusername> -- The name of the current user in lower case
<ucusername> -- The name of the current user in upper case
<blank> -- A blank or null password
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists