Skip Navigation
York University Redefine the possible.
space Prospective students Current students Faculty & staff Alumni Visitors York crest
Navigation Items Computing Connecting to the Internet Accounts Using Email Using the Internet Developing Webpages Software and Applications Using Campus Labs Telecommunications Instructional Technology Centre

Information Security
Unsupported Tools

(Fast) Vulnerability Scanner

nxscan.c - Detects MS06-040, 04-011, 04-007 Vulnerabilities
Last Update: Sep 9, 2006

(was 007scan, 011scan, noxscan...)

[Sep 9, 2006] nxscan released, containing the MS06-040 vulnerability check. Sorry for the delay but this was a major code overhaul - further updates should be much easier now. Meanwhile I've also added in some requested features such as random order scanning plus OS and NETBIOS name detection.
[Aug 15, 2005] noxscan released. As usual this is working for us but standard disclaimer applies. It is still fast enough for us - It should do a class-B network in well under 10 minutes. At this time it will report a lot of inconclusives for MS05-039 and I hope to improve that soon. Meanwhile, what it reports as vulnerable seems quite reliable for us - no false positives reported.

gcc -o nxscan nxscan.c

Should compile on most UNIX platforms, tested with gcc on Linux, FreeBSD and Solaris (with -lnsl -lsocket).

Usage help:
nxscan -h

Scanning a large list of IPs or IP ranges
just add them on the command line, OR:
- save list to file (one IP address or range per line)

cat  iplist | xargs nxscan > results.txt

On fast networks the default settings should work, but you may catch a few more if you increase the timeouts with -r and -c (to, say, 3000ms each) - obviously this slows down the overall scan.

Silent mode
Intended for use in self-scan or automated registration systems with vulnerability scanning. -s switch will only scan the first IP listed, with a positive return code if vulnerability detected, otherwise returns zero.

Note: although these tools work for us, they are unsupported and there is no guarantee of their performance or accuracy.

Questions may be directed to russel[at]
Y graphic
last modified:
[September 9, 2006]

graphic rule
Copyright 2002 © York University