2010-09-14 - the slides from my recent (re-)presentation (with lots of extra bits) at SEC-T 2010, will soon be online! exploit code [...]

2009-12-18 - The slides from my recent presentation at CRESTCon 2009, the 'replacement' for CHECKCon, are now online! exploit code for the demonstrations [...]


how fast do you want to scan today?

"class A, to botnet, in under 7 minutes!."
"very fast, highly efficient, KDE free!."
"NATsmashing made trivial."


Synscan is a(the) fast(est) asynchronous half-open TCP portscanner. This tool will send TCP packets with the SYN flag set to an arbitrary block of destination addresses. Synscan endeavours to send traffic as fast as the host network interface and kernel can support. [http://www.bindshell.net/tools/synscan]

Synscan versions <=3.9b6 were based upon version 1.6 by psychoid/tCl (http://www.psychoid.lam3rz.de), however, Synscan version 5.0 is a complete rewrite of the codebase with the following changes:

  • A much, much, much, cleaner codebase!
  • Vast improvements in efficiency (approximately ~20-35%)
  • Fixes incorrectly computed IP header checksums (finally)
  • Scan timing adjustable via command line provide for much faster network scanning
  • Much simplified design will allow for future support for IPv6 (currently in beta)


Synscan is written and maintained by:


Synscan is known to compile cleanly on: linux (x86, x86-64, SPARC), xBSD (x86), Mac OS X (PPC, x86-64) and Solaris (SPARC).