X-Scan by XFocus – Basic Free Network Vulnerability Scanner


X-Scan is a general scanner for scanning network vulnerabilities for specific IP address range or stand-alone computer by multi-threading method, plug-ins are supported. This is an old tool (last update in 2005), but some people still find it useful and there are certain situations where it can be useful (especially in those jurassic companies using old kit).

It supports Nessus NASL plugins for vulnerability scanning – which makes it pretty useful. It also has both a GUI and command line version for scripting.

The following items can be scanned:

  • Remote OS type and version detection,
  • Standard port status and banner information,
  • SNMP information,
  • CGI vulnerability detection,
  • IIS vulnerability detection,
  • RPC vulnerability detection,
  • SSL vulnerability detection,
  • SQL-server,
  • FTP-server,
  • SMTP-server,
  • POP3-server,
  • NT-server weak user/password pairs authentication module,
  • NT server NETBIOS information,
  • Remote Register information, etc.

The results of the scan are saved in /log directory, and are title index_ip_address.htm (if you used the GUI) or ip_address if you used the command line option. These can be directly browsed by any normal Web Browser.

Basic user and password lists are supplied to carry out a basic attack on certain services, (above), if found enabled on the host.

You can download XScan v3.3 here:

X-Scan-v3.3-en.rar

Or read more here.

Posted in: Hacking Tools, Networking Hacking Tools

, ,


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


2 Responses to X-Scan by XFocus – Basic Free Network Vulnerability Scanner

  1. Zion3R November 24, 2011 at 12:39 am #

    Create: 2005-07-18
    Very old!

  2. JKTor November 24, 2011 at 8:36 pm #

    Still efficient if correctly customised (NASL and cgi.lst)