X-Scan by XFocus – Basic Free Network Vulnerability Scanner


X-Scan is a general scanner for scanning network vulnerabilities for specific IP address range or stand-alone computer by multi-threading method, plug-ins are supported. This is an old tool (last update in 2005), but some people still find it useful and there are certain situations where it can be useful (especially in those jurassic companies using old kit).

It supports Nessus NASL plugins for vulnerability scanning – which makes it pretty useful. It also has both a GUI and command line version for scripting.

The following items can be scanned:

  • Remote OS type and version detection,
  • Standard port status and banner information,
  • SNMP information,
  • CGI vulnerability detection,
  • IIS vulnerability detection,
  • RPC vulnerability detection,
  • SSL vulnerability detection,
  • SQL-server,
  • FTP-server,
  • SMTP-server,
  • POP3-server,
  • NT-server weak user/password pairs authentication module,
  • NT server NETBIOS information,
  • Remote Register information, etc.

The results of the scan are saved in /log directory, and are title index_ip_address.htm (if you used the GUI) or ip_address if you used the command line option. These can be directly browsed by any normal Web Browser.

Basic user and password lists are supplied to carry out a basic attack on certain services, (above), if found enabled on the host.

You can download XScan v3.3 here:

X-Scan-v3.3-en.rar

Or read more here.

Posted in: Hacking Tools, Networking Hacking

, ,


Latest Posts:


Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.
BloodHound - Hacking Active Directory Trust Relationships BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment.
SecLists - Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.


2 Responses to X-Scan by XFocus – Basic Free Network Vulnerability Scanner

  1. Zion3R November 24, 2011 at 12:39 am #

    Create: 2005-07-18
    Very old!

  2. JKTor November 24, 2011 at 8:36 pm #

    Still efficient if correctly customised (NASL and cgi.lst)