Forerunner : Fast & Extensible Network Scanning Library

The Forerunner library is a fast, lightweight, and extensible networking library created to aid in the development of robust network centric applications such as: IP Scanners, Port Knockers, Clients, Servers, etc.

In it’s current state, the Forerunner library is able to both synchronously and asynchronously scan and port knock IP addresses in order to obtain information about the device located at that endpoint such as: whether the IP is online, the physical MAC address, and etc.

The library is a completely object oriented and event based library meaning that scan data is contained within specially crafted “scan” objects which are designed to handle all data from results to exceptions.

Requirements

  • .NET Framework 4.6.1

Also Read – Minimalistic Offensive Security Tools

Features

MethodDescriptionUsage
ScanScan a single IP for informationScan("192.168.1.1");
ScanRangeScan a range of IPs for informationScanRange("192.168.1.1", "192.168.1.255")
ScanListScan a list of IPs for informationScanList("192.168.1.1, 192.168.1.2, 192.168.1.3")
PortKnockPing every port of a single IPPortKnock("192.168.1.1");
PortKnockRangePing every port in a range of IPsPortKnockRange("192.168.1.1", "192.168.1.255");
PortKnockListPing every port using a list of IPsPortKnockList("192.198.1.1, 192.168.1.2, 192.168.1.3");
IsHostAlivePing a host N times for X millisecondsIsHostAlive("192.168.1.1", 5, 1000);
GetAveragePingResponseGet average ping response for a hostGetAveragePingResponse("192.168.1.1", 5, 1000);
IsPortOpenPing individual ports via TCP & UDPIsPortOpen("192.168.1.1", 45000, new TimeSpan(1000), false);

Examples

IP Scanning

Scanning a network is a commonplace task in this digital age and so I have taken the liberty to make this as simple as possible for any future programmer whom may wish to do such a thing in an easy way. The Forerunner library is completely object oriented, thus making it ideal for plug and play situations; the object for IP scanning is called an IPScanObject and it actually contains quite a few properties:

  • Address (String)
  • IP (IPAddress)
  • Ping (Long)
  • Hostname (String)
  • MAC (String)
  • isOnline (Bool)
  • Errors (Exception)

With the object in mind, let’s try and create a new object and perform a scan using it. There are multiple ways to go about this, however, the simplest way to get started is to first create a new Scanner object so we can access our scanning methods. Next, create an IPScanObject and then set it to the Scan method with the IP you would like to enumerate; for example:

  • Synchronous
using System;
using Forerunner; // Remember to import our library.

namespace Example
{
    class Program
    {
        static void Main(string[] args)
        {
            // Our IP we would like to scan.
            string ip = "192.168.1.1";

            // Create a new scanner object.
            Scanner s = new Scanner();

            // Create a new scan object and perform a scan.
            IPScanObject result = s.Scan(ip);

            // Output that we have finished the scan.
            if (result.Errors != null)
                Console.WriteLine("[x] An error occurred during the scan.");
            else
                Console.WriteLine("[+] " + ip + " has been successfully scanned!")

            // Allow the user to exit at any time.
            Console.Read();
        }
    }
}

Another way, which is my preferred method of operation, is to create a Scanner object and subscribe to the Event Handlers of things like ScanAsyncProgressChanged or ScanAsyncComplete, that way I have full control over my async methods; I can control how they’re progress states affect my application and so on; for example:

  • Asynchronous
using System;
using Forerunner; // Remember to import our library.

namespace Example
{
    class Program
    {
        static void Main(string[] args)
        {
            // Our IP we would like to scan.
            string ip = "192.168.1.1";

            // Create a new scanner object.
            Scanner s = new Scanner();

            // Create a new scan object and perform a scan.
            PKScanObject result = s.PortKnock(ip);

            // Output that we have finished the scan.
            if (result.Errors != null)
                Console.WriteLine("[x] An error occurred during the scan.");
            else
                Console.WriteLine("[+] " + ip + " has been successfully scanned!")

           // Display our results.
           foreach (PKServiceObject port in result.Services)
           {
                Console.WriteLine("[+] IP: " + port.IP + " | " +
                                  "Port: " + port.Port.ToString() + " | " +
                                  "Protocol: " + port.Protocol.ToString() + " | " +
                                  "Status: " + port.Status.ToString());
           }

           // Allow the user to exit at any time.
           Console.Read();
        }
    }
}

Port Knocking

I know what you’re thinking. Port knocking? Yes, and no. The term doesn’t mean port knocking in the traditional sense of connecting through a predefined set of ports, but rather just checking if any ports are actually open. It’s literally “knocking” on a port in every sense of the word by trying to connect to each port and sending data. Just like with IP scanning, port knocking uses a custom object which is called a “Port Knock Scan Object” or PKScanObject for short. The PKScanObject actually contains a list of PKServiceObjects which in turn hold our port data; the service object contains the following properties:

  • IP (String)
  • Port (Int)
  • Protocol (PortType)
  • Status (Bool)

Port knocking is in similar fashion with IP scanning. First, create a Scanner object. Next, create a new PKScanObject and set it to the PortKnock method with the IP of your choosing, then display your results; for example:

  • Synchronous
using System;
using Forerunner; // Remember to import our library.

namespace Example
{
    class Program
    {
        static void Main(string[] args)
        {
            // Our IP we would like to scan.
            string ip = "192.168.1.1";

            // Create a new scanner object.
            Scanner s = new Scanner();

            // Create a new scan object and perform a scan.
            PKScanObject result = s.PortKnock(ip);

            // Output that we have finished the scan.
            if (result.Errors != null)
                Console.WriteLine("[x] An error occurred during the scan.");
            else
                Console.WriteLine("[+] " + ip + " has been successfully scanned!")

           // Display our results.
           foreach (PKServiceObject port in result.Services)
           {
                Console.WriteLine("[+] IP: " + port.IP + " | " +
                                  "Port: " + port.Port.ToString() + " | " +
                                  "Protocol: " + port.Protocol.ToString() + " | " +
                                  "Status: " + port.Status.ToString());
           }

           // Allow the user to exit at any time.
           Console.Read();
        }
    }
}

Lastly, I will show you a simple example of port knocking asynchronously. It is essentially the same as port knocking synchronously except for the fact that you can use events to your advantage. You can get progress updates without having to worry about UIs crashing or systems being in a locked state; for example:

  • Asynchronous
using System;
using System.Threading.Tasks;
using Forerunner; // Remember to import our library.

namespace Example
{
    class Program
    {
        static void Main(string[] args)
        {
            // Our IP we would like to scan.
            string ip = "192.168.1.1";

            // Setup our scanner object.
            Scanner s = new Scanner();
            s.PortKnockAsyncProgressChanged += new PortKnockAsyncProgressChangedHandler(PortKnockAsyncProgressChanged);
            s.PortKnockAsyncComplete += new PortKnockAsyncCompleteHandler(PortKnockAsyncComplete);

            // Start a new scan task with our ip.
            TaskFactory task = new TaskFactory();
            task.StartNew(() => s.PortKnockAsync(ip));

            // Allow the user to exit at any time.
            Console.Read();
        }

        static void PortKnockAsyncProgressChanged(object sender, PortKnockAsyncProgressChangedEventArgs e)
        {
            // Display our progress so we know the ETA.
            if (e.Progress == 99)
            {
                Console.Write(e.Progress.ToString() + "%...");
                Console.WriteLine("100%!");
            }
            else
                Console.Write(e.Progress.ToString() + "%...");
        }

        static void PortKnockAsyncComplete(object sender, PortKnockAsyncCompleteEventArgs e)
        {
            // Tell the user that the port knock was complete.
            Console.WriteLine("[+] Port Knock Complete!");

            // Check if we resolved an error.
            if (e.Result == null)
                Console.WriteLine("[X] The port knock did not return any data!");
            else
            {
                // Check if we have any ports recorded.
                if (e.Result.Services.Count == 0)
                    Console.WriteLine("[!] No ports were open during the knock.");
                else
                {
                    // Display our ports and their details.
                    foreach (PKServiceObject port in e.Result.Services)
                    {
                        Console.WriteLine("[+] IP: " + port.IP + " | " +
                                          "Port: " + port.Port.ToString() + " | " +
                                          "Protocol: " + port.Protocol.ToString() + " | " +
                                          "Status: " + port.Status.ToString());
                    }
                }
            }
        }
    }
}
R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

19 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

19 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

3 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago