Port Scanner Challenge: nmap, Unicornscan, PortBunny
There's been quite a bit of mention lately of PortBunny, the new port scanner from Recurity Labs. The scanner is Linux kernel-based and provides a TCP SYN Scan. I figured that I'd put the scanner to the test against nmap and Unicornscan.
Here's the rundown of the setup used:
Software + Version:
Scanning Host:
OS: Ubuntu 7.10
Kernel: 2.6.22-14-generic
Processor: Intel Pentium M 2.13Ghz
RAM: 1GB
Install Process:
- Obtain archive
- Extract archive
- ./configure *No custom config options used for any of the software*
- make
- make install
Tested via Python:
Test Script (Note: I can't get my lines to tab properly, so tab over the four lines following def test):
import time, os
def test ( prog ) :
startTime = time.time()
os.system( prog )
endTime = time.time()
print ( 'Execution Time: %f' % ( endTime - startTime ) )
Targets:
- vista - Vista Home Premium
- shell - Ubuntu 6.06.1 LTS (2.6.15-28-powerpc)
- minibox - OS X 10.4.11
- printer - HP LaserJet 4MV
- gateway - m0n0wall 1.231
Scan Notes:
- PortBunny requires an IP Address, it won't run against hostnames.
- PortBunny doesn't sort the results list.
- Unicornscan missed all ports on printer and gateway when scanning ports 1 - 65535.
- PortBunny missed a port on printer when scanning ports 1 - 65535.
- nmap missed 2 ports on printer when scanning with -T5 --max-retries 0.
Results:
Raw Data, including ports found, after the jump.
Raw Data:
UnicornScan (No Flags)
vista: 8.231500 (3 ports: 135, 139, 445)
shell: 9.165131 (1 port: 22)
minibox: 8.742175 (3 ports: 22, 139, 445)
printer: 8.247121 (1 port: 23)
gateway: 9.254548 (1 port: 443)
UnicornScan (target:1-65535)
vista: 13.311627 (14 ports: 135, 139, 445, 912, 990, 3300, 5243, 5357, 49152-49157)
shell: 12.618381 (2 ports: 22, 22222)
minibox: 23.914155 (3 ports: 22, 139, 445)
printer: 13.418802 ( No Results )
gateway: 25.703069 ( No Results )
nmap (No Flags)
vista: 14.247429 (5 ports: 135, 139, 445, 912, 990)
shell: 1.459821 (1 port: 22)
minibox: 12.813033 (3 ports: 22, 139, 445)
printer: 15.712642 (3 ports: 23, 515, 9100)
gateway: 13.748654 (2 ports: 53, 443)
nmap (-p 1-65535)
vista: 46.718391 (14 ports: 135, 139, 445, 912, 990, 3300, 5243, 5357, 49152-49157)
shell: 3.512229 (2 ports: 22, 22222)
minibox: 524.289407 (3 ports: 22, 139, 445)
printer: 520.515789 (4 ports: 23, 515, 9099, 9100)
gateway: 521.966512 (2 ports: 53, 443)
nmap (-T5 --max-retries 0)
vista: 0.738913 (5 ports: 135, 139, 445, 912, 990)
shell: 0.454034 (1 port: 22)
minibox: 1.111805 (3 ports: 22, 139, 445)
printer: 1.617320 (1 port: 23)
gateway: 1.374272 (2 ports: 53, 443)
nmap (-T5 --max-retries 0 -p 1-65535)
vista: 8.418148 (14 ports: 135, 139, 445, 912, 990, 3300, 5243, 5357, 49152-49157)
shell: 2.463647 (2 ports: 22, 22222)
minibox: 16.159884 (3 ports: 22, 139, 445)
printer: 19.497723 (1 port: 23)
gateway: 15.732872 (2 ports: 53, 443)
PortBunny (No Flags)
vista: 18.304994 (5 ports: 139, 990, 135, 445, 912)
shell: 0.671106 (1 port: 22)
minibox: 11.71634 (3 ports: 139, 445, 22)
printer: 27.348082 (3 ports: 515, 9100, 23)
gateway: 16.010657 (2 ports: 443, 53)
PortBunny (-p 1-65535)
vista: 642.486770 (14 ports: 135, 139, 445, 912, 990, 3300, 5243, 5357, 49152-49157)
shell: 3.037339 (2 ports: 22, 22222)
minibox: 496.809214 (3 ports: 139, 445, 22)
printer: 927.133742 (2 ports: 515, 23)
gateway: 597.609687 (2 ports: 443, 53)
Another scanner worth mentioning:
Scanrand Dissected: A New Breed of Network Scanner
http://www.secureworks.com/research/articles/scanrand
so do you have an opinion at the end of all that?
how did unicornscan do for UDP scanning against the other 2?
your results are kinda unclear, it might help to start with exactly what was open on those boxes to start with. and what ports were missed in each scan in red or something.
I tried to recreate this test in a small lab. You can compare our results here:
http://loquens-caesu.blogspot.com/2008/01/round-1-heads-up-portbunny-vs-nmap-vs.html
I also have nmap coming out on top for this type of test, but different numbers overall.
–Robert