Search...

Hackers abusing online Nmap Port Scanning service

2012-12-28T06:05:00

ID THN:C988479BC780D7B94AA6976FE9EEDEC8
Type thn
Reporter Mohit Kumar
Modified 2013-01-11T18:02:28

Description

Most of you knows the power of Nmap, When used properly, Nmap helps protect your network from invaders. One of the best tool for hackers, penetration testers and Security researchers. Officially Nmap a desktop tool, can be used as web version but should be under some limitations.

When someone does Nmap scan against a target to find out the open ports, enumerating system details and installed services versions, most obvious if used improperly, Nmap can get you sued, fired, expelled, jailed, or banned by your ISP for scanning a target under hacking attempt.

Hacker can be tracked back via the IP address from where one perform the scanning, but what if a web version of Nmap available on a website, where one just need to enter the target IP/website address and that website will do a free scan against your target ? Seems easy and one can use Proxy to access that website and which will do a simple and fast scan for you !

Yes, a service called "ScanPlanner" (http://scanplanner.com/) is such website, that allow anyone to scan any website for free and according to our recent analysis many hackers have start using this website for initial information gathering tool as "safe planner" << Yes I really mean it!

Is Unauthorized Port Scanning a Crime? Actually it depends upon what you target. If target is your own website or you are authorized to scan that, then it is considered to be legal process. But if one is scanning someone else server without authorization and it would be considered as an attempt to hack or find loopholes, in that case Yes, Its a Crime!

How hackers are abusing "ScanPlanner" service ? Officially ScanPlanner is a service for webmaster to scan their server to find out loop holes in security. There are two plans - Free and paid. Under paid scan, scanplanner will scan your website regularly. Whereas the Free scanning option is available on website as a demo for new users.

But Free scanning process, is not verifying that one who requesting a scan against website.com , either he actually own this website.com or not ! So anyone can scan any server/website without authentication.

You just need to open scanplanner website, Enter the URL of your target and Scan ! On the very next page you will get Results like this:

In case you are receiving message "Scan has not started yet.", that means , your scan in Queue and other hackers are currently using the free service for hacks. There is no information available on the website, that who own this service.

We has a word with Mikko Hypponen (CRO at F-Secure) about legality of this service two weeks before via a tweet and his reply was, "@TheHackersNews Oh boy. This service will be abused heavily. You can expect scanplanner․com to go offline in a day or two.".

Such types of services should first verify that either the user really own target website or not. For this purpose they can use Meta-Tag verification process or some other way. For now many Cyber criminals are misusing this service because my "Scan has not started yet."

JSON Vulners Source

Initial Source

{"id": "THN:C988479BC780D7B94AA6976FE9EEDEC8", "type": "thn", "bulletinFamily": "info", "title": "Hackers abusing online Nmap Port Scanning service", "description": "[![](http://4.bp.blogspot.com/-VbrGLah1J9c/UN3L8irZSBI/AAAAAAAAQdw/6S23UZfQSvE/s640/Scanplanner.png)](<http://4.bp.blogspot.com/-VbrGLah1J9c/UN3L8irZSBI/AAAAAAAAQdw/6S23UZfQSvE/s1600/Scanplanner.png>)\n\nMost of you knows the power of Nmap, When used properly, Nmap helps protect your network from invaders. One of the best tool for hackers, penetration testers and Security researchers. Officially Nmap a desktop tool, can be used as web version but should be under some limitations.\n\n \n\n\nWhen someone does Nmap scan against a target to find out the open ports, enumerating system details and installed services versions, most obvious if used improperly, Nmap can get you sued, fired, expelled, jailed, or banned by your ISP for scanning a target under hacking attempt.\n\n \n\n\nHacker can be tracked back via the IP address from where one perform the scanning, but what if a web version of Nmap available on a website, where one just need to enter the target IP/website address and that website will do a free scan against your target ? Seems easy and one can use Proxy to access that website and which will do a simple and fast scan for you !\n\n \n\n\nYes, a service called \"**_[ScanPlanner](<http://scanplanner.com/>)_**\" (http://scanplanner.com/) is such website, that allow anyone to scan any website for free and according to our recent analysis many hackers have start using this website for initial information gathering tool as \"**_safe planner_**\" << Yes I really mean it!\n\n \n\n\n**Is Unauthorized Port Scanning a Crime?** Actually it depends upon what you target. If target is your own website or you are authorized to scan that, then it is considered to be legal process. But if one is scanning someone else server without authorization and it would be considered as an attempt to hack or find loopholes, in that case Yes, Its a Crime!\n\n \n\n\n**How hackers are abusing \"ScanPlanner\" service ?** Officially ScanPlanner is a service for webmaster to scan their server to find out loop holes in security. There are two plans - Free and paid. Under paid scan, scanplanner will scan your website regularly. Whereas the Free scanning option is available on website as a demo for new users. \n\n \n\n\nBut Free scanning process, is not verifying that one who requesting a scan against website.com , either he actually own this website.com or not ! So anyone can scan any server/website without authentication. \n \nYou just need to open scanplanner website, Enter the URL of your target and Scan ! On the very next page you will get Results like this:\n\n[![](http://2.bp.blogspot.com/-QQjRUfkvDtA/UN3T0OH3FcI/AAAAAAAAQfc/4mxx-XcnjeE/s640/fsecure.png)](<http://2.bp.blogspot.com/-QQjRUfkvDtA/UN3T0OH3FcI/AAAAAAAAQfc/4mxx-XcnjeE/s1600/fsecure.png>)\n\n \n\n\nIn case you are receiving message \"**_Scan has not started yet._**\", that means , your scan in Queue and other hackers are currently using the free service for hacks. There is no information available on the website, that who own this service. \n \n \n\n\nWe has a word with Mikko Hypponen (CRO at F-Secure) about legality of this service two weeks before via a [tweet](<https://twitter.com/TheHackersNews/status/280647135869927424>) and his [reply was](<https://twitter.com/mikko/status/280650082683080704>), \"_[@TheHackersNews](<https://twitter.com/TheHackersNews>) Oh boy. This service will be abused heavily. You can expect scanplanner\u2024com to go offline in a day or two._\".\n\n \nSuch types of services should first verify that either the user really own target website or not. For this purpose they can use Meta-Tag verification process or some other way. For now many Cyber criminals are misusing this service because my \"**_Scan has not started yet._**\"\n", "published": "2012-12-28T06:05:00", "modified": "2013-01-11T18:02:28", "cvss": {"vector": "NONE", "score": 0.0}, "href": "http://thehackernews.com/2012/12/hackers-abusing-online-nmap-port.html", "reporter": "Mohit Kumar", "references": [], "cvelist": [], "lastseen": "2017-01-08T18:01:27", "history": [], "viewCount": 1, "enchantments": {"score": {"vector": "NONE", "value": 5.0}, "vulnersScore": 5.0}, "objectVersion": "1.4", "_object_type": "robots.models.thn.ThnBulletin", "_object_types": ["robots.models.thn.ThnBulletin", "robots.models.base.Bulletin"]}