X-Scan by XFocus – Basic Free Network Vulnerability Scanner


X-Scan is a general scanner for scanning network vulnerabilities for specific IP address range or stand-alone computer by multi-threading method, plug-ins are supported. This is an old tool (last update in 2005), but some people still find it useful and there are certain situations where it can be useful (especially in those jurassic companies using old kit).

It supports Nessus NASL plugins for vulnerability scanning – which makes it pretty useful. It also has both a GUI and command line version for scripting.

The following items can be scanned:

  • Remote OS type and version detection,
  • Standard port status and banner information,
  • SNMP information,
  • CGI vulnerability detection,
  • IIS vulnerability detection,
  • RPC vulnerability detection,
  • SSL vulnerability detection,
  • SQL-server,
  • FTP-server,
  • SMTP-server,
  • POP3-server,
  • NT-server weak user/password pairs authentication module,
  • NT server NETBIOS information,
  • Remote Register information, etc.

The results of the scan are saved in /log directory, and are title index_ip_address.htm (if you used the GUI) or ip_address if you used the command line option. These can be directly browsed by any normal Web Browser.

Basic user and password lists are supplied to carry out a basic attack on certain services, (above), if found enabled on the host.

You can download XScan v3.3 here:

X-Scan-v3.3-en.rar

Or read more here.

Posted in: Hacking Tools, Networking Hacking Tools

, ,


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.


2 Responses to X-Scan by XFocus – Basic Free Network Vulnerability Scanner

  1. Zion3R November 24, 2011 at 12:39 am #

    Create: 2005-07-18
    Very old!

  2. JKTor November 24, 2011 at 8:36 pm #

    Still efficient if correctly customised (NASL and cgi.lst)