Footprinting and scanning tools

This is a selection of footprinting and scanning tools you may wish to install in your MIS Lab machine in order to do the course assignments. You should be very careful in using these tools outside of the Lab. Network administrators do not take lightly the probing of their networks and may respond aggressively to your attempts to gain information about them by using some of these tools. Please note that I am emphasizing Windows tools, but we will see Linux/UNIX tools later.

  1. Sam Spade

    Download Sam Spade from this web site and install it. Sam Spade is also a graphical tool which allows you to do DNS interrogation and many other things. The features which make Sam Spade a key security tool are:

    Sam Spade also does whois, traceroute, finger and dns lookup.

  2. Pinger

    Download Pinger from its ftp location and install it. Pinger is a very fast ping sweeper as shown in class. Once you obtain the IP block of the target organization, you use pinger to see what hosts are active.
  3. SuperScan

    Download SuperScan from its new location and install it. SuperScan allows you to scan a range of IP addresses and do TCP port scanning. It can check all ports, or the ones you select. It is a very fast and powerful tool. Once you obtain the active hosts using Pinger you can cut in the time SuperScan will find which ones have active ports.
  4. WUPS

    Download WUPS from its Web site and install it. WUPS allows you to check UDP ports, to complement your study of hosts with active ports (TCP plus UDP). WUPS can only do one host at a time, but you can also select what ports to look for. You can see here a list of TCP and UDP ports, but be aware that hackers have been using some unnamed ports for Trojans, backdoors, etc.
  5. TcpView

    TcpView is a free tool for Windows that enables you to monitor all open TCP and UDP ports on the local computer. You can download it here. As you can see in this image it shows the open ports, is it litening or a connection is established. If a connection is established with a remote host you can see the remote host IP number, and you can close the connection using it. TCPView is not a Intrusion Detection System, but provides a picture of what is going on in your computer regarding to ports.

We will see, later in the course, how to set IDS and firewall software to attempt to protect your hosts. But, if you cannot wait you can use for your home computers and workstations an individual, free, firewall: ZoneAlarm. Please note that the free version is only for personal and not for profit use, but the commercial (Plus) version is also not expensive at $40. Finally, you can also have free Anti-virus software from Avast.

This page is maintained by Al Bento who can be reached at This page was last updated on February 2, 2012. Although we will attempt to keep this information accurate, we can not guarantee the accuracy of the information provided.