My favorites | Sign in
Project Home Downloads Wiki Issues Source
Project Information


CHScanner is an ARP, IPv4 and IPv6 network scanner with 31 scan methods: it scans for open ports, protocols, NetBIOS informations and Windows shares, SNMP information, and WMI (WBEM) information. It also have the ability to turn on (using Wake-On-LAN) and to shutdown or reboot a remote Windows host. Features an automatic (scriptable) working mode, a hunt mode, a passive mode and the normal scanning mode.

Some details

The main differences between CHScanner and other similar tools are:

  • CHScanner use an Operating System Mimic Technology;
  • CHScanner has a lot more scanning methods compared with many other scanners, starting from the Layer 2 of the OSI model. It does not only scans IPv4 addresses, it also uses ARP, IGMP, IPv6 and some higher level protocols like NetBIOS, SNMP and WMI;
  • It is very flexible, scanning being done based on user defined configuration files, and quite fast;
  • Besides the skinnable graphical interface, CHScanner can be used from command line to automate the scans.

CHScanner needs WinPcap version 4.0.2 or higher.

Scanning types

  • IGMP
  • ARP Ping
  • ICMP Ping sweep
  • DNS - Find DNS names (for both IP and IPv6 addresses)
  • TCP Syn
  • TCP Fin
  • TCP Null
  • TCP Xmas
  • TCP Ack
  • UDP Send
  • IP Protocols - Find what IP protocols a host is running
  • NetBIOS and Shares - Find NetBIOS information, public and hidden Windows shares
  • Wake On LAN
  • SNMP - Get basic SNMP information
  • Find DHCP Servers from your local network
  • Find Promiscuous Nodes
  • IPv4 "Ping Broadcast"
  • Neighbor Discovery
  • IPv6 "Ping Broadcast"
  • IPv6 Multicast Listener Discovery
  • IPv6 ICMP Ping Sweep
  • IPv6 TCP SYN
  • IPv6 TCP FIN
  • IPv6 TCP ACK
  • IPv6 TCP UDP Send
  • IPv6 Protocols - Find what IPv6 protocols a host is running
  • Windows Management Instrumentation (the Microsoft implementation of WBEM)
  • Shutdown or Restart for Windows hosts

Scanning modes

  • Normal mode: this is the common mode used by most of the scanners today;
  • Passive mode: in this mode NO packet is sent, CHScanner only listen to the network traffic and decodes the packets received, similar to a sniffer;
  • Hunt mode: introduced with version, in this mode CHScanner will scan any host that tries to communicate with the host machine. The scan is triggered by received one of the following packets destined to the local machine: ARP Request, ICMP ECHO Request, TCP SYN.

By using geolocation data provided by MaxMind you can find the country associated with a specific IPv4 Address;

  • Automatic, scriptable, mode: if instructed so, by command line parameters, CHScanner will do his job based on the configuration file supplied as one of the parameters, save the result and close.

Operating System Mimic Technology short description

Basically, this means that the packets it sends emulates the behavior of various operating systems and/or their native tools (where is the case). Currently it emulates the following :

  • Windows XP Professional SP2
  • Windows 2003 Server
  • Linux kernel 2.4 (Adamantix based)
  • Linux kernel 2.6 (Fedora Core based)
  • Solaris 8
  • OpenSolaris (Nevada 35)
There is also a "random" mode where the packets have the identification data random generated. The Solaris 8 emulation may not be continued and emulation for OpenSolaris (Nevada 35) may be added.

Powered by Google Project Hosting