Friday, 11 May 2012

eroute - simple arp scanner with route checking



eroute

eroute is a simple arp scanner which can also do route checking through each host. It can quickly identify through the use of TCP and ICMP (with mixed TTLs) hosts which are set to route packets and bridge networks. This is obviously useful in subverting any firewall rules deployed on a network device. Some examples are detailed below:

* Arp scanner (-r 192.168.1.1-254)
* Check routes via TCP to google (-r 192.168.1.1-254 -i 209.85.229.103 -tcp)
* Check routes via ICMP to google (-r 192.168.1.1-254 -i 209.85.229.103 -ping)
* Check routes via TCP to google with a normal TTL/TTL of 1 (-r 192.168.1.1-254 -i 209.85.229.103 -tcp -ttl)
* Check routes via ICMP to google with a normal TTL/TTL of 1 (-r 192.168.1.1-254 -i 209.85.229.103 -ping -ttl)
* Check routes via TCP to a range of hosts (-r 192.168.1.1-254 -i 192.168.2.1-254 -tcp)
* Check routes via TCP to hosts stored in a file (-r 192.168.1.1-254 -I targets.txt -tcp)
* Check routes via TCP to hosts stored in a file with ports on the cmdline (-r 192.168.1.1-254 -I targets.txt -tcp -p 23,25,80,443,445,3389)
* Check routes via TCP to hosts stored in a file with ports from a file (-r 192.168.1.1-254 -I targets.txt -tcp -P 1-65535.txt)

As the routes are checked for incoming packets to the host, if you are port scanning at the same time the results might need some digging through. As such it is best to run in isolation.

Simple ARP Scan

C:\tools\dev\routeCheck\routeCheck\bin\Release>eroute.exe -r 192.168.8.1-254
eroute v0.5 - Edward Torkington
The following devices are available on this machine:
----------------------------------------------------


0) TAP-Win32 Adapter V9 IP'0.0.0.0' MAC'00FFDEC0CAC9'
1) VMware Virtual Ethernet Adapter IP'192.168.100.1' MAC'005056CC0001'
2) Intel(R) 82579LM Gigabit Network Connection IP'0.0.0.0' MAC'00FFD354C3BF'
3) Microsoft IP'0.0.0.0' MAC'A088B4672E55'
4) Check Point Virtual Network Adapter IP'0.0.0.0' MAC'54A4F7C7A111'
5) Microsoft IP'0.0.0.0' MAC'A088B4675E55'
6) Juniper Network Connect Virtual Adapter IP'0.0.0.0' MAC'00FFB0EED408'
7) Microsoft IP'192.168.8.202' MAC'A088B4672E54'
8) VMware Virtual Ethernet Adapter IP'192.168.233.1' MAC'005056C00908'
9) Check Point Virtual Network Adapter IP'172.19.111.147' MAC'541D2168BA22'


-- Please choose a device: 7
192.168.8.1      is-at A0:21:B7:10:27:AA
192.168.8.8      is-at 00:19:66:44:03:F1
192.168.8.9      is-at 00:50:56:7B:57:20
192.168.8.21     is-at 04:20:9A:21:10:04
192.168.8.82     is-at 00:50:56:12:05:99
192.168.8.204    is-at 00:0C:29:44:4A:33
192.168.8.201    is-at D0:23:DB:51:A1:B6
192.168.8.209    is-at 00:06:78:0D:8C:19
192.168.8.216    is-at 00:50:56:B4:00:0E
192.168.8.225    is-at 98:D6:BB:26:4F:28
192.168.8.226    is-at 00:50:56:89:6E:A7
192.168.8.254    is-at E0:46:9A:51:BA:12
Waiting 5 seconds for any responses...


Sorted:
192.168.8.1      is-at A0:21:B7:10:27:AA
192.168.8.8      is-at 00:19:66:44:03:F1  Asiarock Technology Limited
192.168.8.9      is-at 00:50:56:7B:57:20  VMWare, Inc.
192.168.8.21     is-at 04:20:9A:21:10:04
192.168.8.82     is-at 00:50:56:12:05:99  VMWare, Inc.
192.168.8.201    is-at D0:23:DB:51:A1:B6
192.168.8.204    is-at 00:0C:29:44:4A:33  VMware, Inc.
192.168.8.209    is-at 00:06:78:0D:8C:19  Marantz Japan, Inc.
192.168.8.216    is-at 00:50:56:B4:00:0E  VMWare, Inc.
192.168.8.225    is-at 98:D6:BB:26:4F:28
192.168.8.226    is-at 00:50:56:89:6E:A7  VMWare, Inc.
192.168.8.254    is-at E0:46:9A:51:BA:12


Route checking to Google with ICMP

C:\tools\dev\routeCheck\routeCheck\bin\Debug>eroute.exe -d 7 -r 192.168.8.1-254 -i 209.85.229.103 -ping
eroute v0.5 - Edward Torkington
192.168.8.1      is-at A0:21:B7:10:27:AA
192.168.8.8      is-at 00:19:66:44:03:F1
192.168.8.9      is-at 00:50:56:7B:57:20
192.168.8.21     is-at 04:20:9A:21:10:04
192.168.8.82     is-at 00:50:56:12:05:99
192.168.8.204    is-at 00:0C:29:44:4A:33
192.168.8.209    is-at 00:06:78:0D:8C:19
192.168.8.216    is-at 00:50:56:B4:00:0E
192.168.8.225    is-at 98:D6:BB:26:4F:28
192.168.8.226    is-at 00:50:56:89:6E:A7
192.168.8.254    is-at E0:46:9A:51:BA:12
Waiting 5 seconds for any responses...


Sorted:
192.168.8.1      is-at A0:21:B7:10:27:AA
192.168.8.8      is-at 00:19:66:44:03:F1  Asiarock Technology Limited
192.168.8.9      is-at 00:50:56:7B:57:20  VMWare, Inc.
192.168.8.21     is-at 04:20:9A:21:10:04
192.168.8.82     is-at 00:50:56:12:05:99  VMWare, Inc.
192.168.8.204    is-at 00:0C:29:44:4A:33  VMware, Inc.
192.168.8.209    is-at 00:06:78:0D:8C:19  Marantz Japan, Inc.
192.168.8.216    is-at 00:50:56:B4:00:0E  VMWare, Inc.
192.168.8.225    is-at 98:D6:BB:26:4F:28
192.168.8.226    is-at 00:50:56:89:6E:A7  VMWare, Inc.
192.168.8.254    is-at E0:46:9A:51:BA:12


Checking routes...
Recieved from : 209.85.229.103      MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,0,0
Recieved from : 209.85.229.103      MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,0,0
Waiting 5 seconds for any responses...


Route checking to Google with TCP and default ports

C:\tools\dev\routeCheck\routeCheck\bin\Debug>eroute.exe -d 7 -r 192.168.8.1-254 -i 209.85.229.103 -syn
eroute v0.5 - Edward Torkington
192.168.8.1      is-at A0:21:B7:10:27:AA
192.168.8.8      is-at 00:19:66:44:03:F1
192.168.8.9      is-at 00:50:56:7B:57:20
192.168.8.21     is-at 04:20:9A:21:10:04
192.168.8.82     is-at 00:50:56:12:05:99
192.168.8.204    is-at 00:0C:29:44:4A:33
192.168.8.209    is-at 00:06:78:0D:8C:19
192.168.8.216    is-at 00:50:56:B4:00:0E
192.168.8.225    is-at 98:D6:BB:26:4F:28
192.168.8.226    is-at 00:50:56:89:6E:A7
192.168.8.254    is-at E0:46:9A:51:BA:12
Waiting 5 seconds for any responses...


Sorted:
192.168.8.1      is-at A0:21:B7:10:27:AA
192.168.8.8      is-at 00:19:66:44:03:F1  Asiarock Technology Limited
192.168.8.9      is-at 00:50:56:7B:57:20  VMWare, Inc.
192.168.8.21     is-at 04:20:9A:21:10:04
192.168.8.82     is-at 00:50:56:12:05:99  VMWare, Inc.
192.168.8.204    is-at 00:0C:29:44:4A:33  VMware, Inc.
192.168.8.209    is-at 00:06:78:0D:8C:19  Marantz Japan, Inc.
192.168.8.216    is-at 00:50:56:B4:00:0E  VMWare, Inc.
192.168.8.225    is-at 98:D6:BB:26:4F:28
192.168.8.226    is-at 00:50:56:89:6E:A7  VMWare, Inc.
192.168.8.254    is-at E0:46:9A:51:BA:12


Checking routes...
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK



Route checking to Google with TCP and default ports (normal TTL/TTL of 1)

C:\tools\dev\routeCheck\routeCheck\bin\Debug>eroute.exe -d 7 -r 192.168.8.1-254 -i 209.85.229.103 -syn -ttl
eroute v0.5 - Edward Torkington
192.168.8.1      is-at A0:21:B7:10:27:AA
192.168.8.8      is-at 00:19:66:44:03:F1
192.168.8.9      is-at 00:50:56:7B:57:20
192.168.8.21     is-at 04:20:9A:21:10:04
192.168.8.82     is-at 00:50:56:12:05:99
192.168.8.204    is-at 00:0C:29:44:4A:33
192.168.8.209    is-at 00:06:78:0D:8C:19
192.168.8.216    is-at 00:50:56:B4:00:0E
192.168.8.225    is-at 98:D6:BB:26:4F:28
192.168.8.226    is-at 00:50:56:89:6E:A7
192.168.8.254    is-at E0:46:9A:51:BA:12
Waiting 5 seconds for any responses...


Sorted:
192.168.8.1      is-at A0:21:B7:10:27:AA
192.168.8.8      is-at 00:19:66:44:03:F1  Asiarock Technology Limited
192.168.8.9      is-at 00:50:56:7B:57:20  VMWare, Inc.
192.168.8.21     is-at 04:20:9A:21:10:04
192.168.8.82     is-at 00:50:56:12:05:99  VMWare, Inc.
192.168.8.204    is-at 00:0C:29:44:4A:33  VMware, Inc.
192.168.8.209    is-at 00:06:78:0D:8C:19  Marantz Japan, Inc.
192.168.8.216    is-at 00:50:56:B4:00:0E  VMWare, Inc.
192.168.8.225    is-at 98:D6:BB:26:4F:28
192.168.8.226    is-at 00:50:56:89:6E:A7  VMWare, Inc.
192.168.8.254    is-at E0:46:9A:51:BA:12


Checking routes...
Recieved from : 82.46.101.1         MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,11,0
Recieved from : 82.46.101.1         MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,11,0
Recieved from : 209.85.229.103      MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,0,0
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103      MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,0,0
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK





Route checking to Google with several ICMP and several TCP ports (normal TTL/TTL of 1)

C:\tools\dev\routeCheck\routeCheck\bin\Debug>eroute.exe -d 7 -r 192.168.8.1-254 -i 209.85.229.103 -syn -ping -ttl -p 21,22,23,25,80,88,111,443,445,338
9
eroute v0.5 - Edward Torkington
192.168.8.1      is-at A0:21:B7:10:27:AA
192.168.8.8      is-at 00:19:66:44:03:F1
192.168.8.9      is-at 00:50:56:7B:57:20
192.168.8.21     is-at 04:20:9A:21:10:04
192.168.8.1      is-at A0:21:B7:10:27:AA
192.168.8.82     is-at 00:50:56:12:05:99
192.168.8.204    is-at 00:0C:29:44:4A:33
192.168.8.209    is-at 00:06:78:0D:8C:19
192.168.8.216    is-at 00:50:56:B4:00:0E
192.168.8.225    is-at 98:D6:BB:26:4F:28
192.168.8.226    is-at 00:50:56:89:6E:A7
192.168.8.254    is-at E0:46:9A:51:BA:12
Waiting 5 seconds for any responses...


Sorted:
192.168.8.1      is-at A0:21:B7:10:27:AA
192.168.8.1      is-at A0:21:B7:10:27:AA
192.168.8.8      is-at 00:19:66:44:03:F1  Asiarock Technology Limited
192.168.8.9      is-at 00:50:56:7B:57:20  VMWare, Inc.
192.168.8.21     is-at 04:20:9A:21:10:04
192.168.8.82     is-at 00:50:56:12:05:99  VMWare, Inc.
192.168.8.204    is-at 00:0C:29:44:4A:33  VMware, Inc.
192.168.8.209    is-at 00:06:78:0D:8C:19  Marantz Japan, Inc.
192.168.8.216    is-at 00:50:56:B4:00:0E  VMWare, Inc.
192.168.8.225    is-at 98:D6:BB:26:4F:28
192.168.8.226    is-at 00:50:56:89:6E:A7  VMWare, Inc.
192.168.8.254    is-at E0:46:9A:51:BA:12


Checking routes...
Recieved from : 209.85.229.103      MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,0,0
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:443  MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 82.46.101.1         MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,11,0
Recieved from : 82.46.101.1         MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,11,0
Recieved from : 82.46.101.1         MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,11,0
Recieved from : 82.46.101.1         MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,11,0
Recieved from : 82.46.101.1         MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,11,0
Recieved from : 82.46.101.1         MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,11,0
Recieved from : 82.46.101.1         MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,11,0
Recieved from : 82.46.101.1         MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,11,0
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:443  MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:443  MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103      MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,0,0
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:443  MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 192.168.8.1:1901    MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [UDP]
Recieved from : 82.46.101.1         MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,11,0
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103      MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [ICMP] 0,0,0
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:443  MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:443  MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 192.168.8.1:1901    MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [UDP]
Recieved from : 209.85.229.103:80   MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK
Recieved from : 209.85.229.103:443  MAC: A0:21:B7:10:27:AA Gateway: 192.168.8.1      [TCP] SYN ACK


Requires:


  • Winpcap
  • .net Framework 2

Download:

http://www.r00t.tv/p/downloads.html

No comments:

Post a Comment