• Ethical_Hacker

Port Scanning with Unicornscan.

Updated: Jan 17



We can use Unicornscan for information gathering purpose along with for port scanning. Unicornscan has the following features:

  • Asynchronous stateless TCP port scanning

  • Asynchronous stateless TCP banner grabbing

  • Asynchronous UDP port scanning

  • Active and passive remote OS and application identification

  • Asynchronous stateless TCP scanning with all variations of TCP Flags.

  • Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response).

  • Active and Passive remote OS, application, and component identification by analyzing responses.

  • PCAP file logging and filtering.

  • Relational database output.

  • Custom module support.

  • Customized data-set views. Source: http://www.unicornscan.org/

Unicornscan Help

This comes pre-installed into Kali. Let’s start off with the simple commands, to get the help menu, type in:

unicornscan –help

TCP syn scan



unicornscan  -v -I [IP ADDRESS]

-v Is verbose output

-i is an immediate mode



unicornscan -v -I -mT [IP ADDRESS]

  • This scan mode, tcp (syn) scan is default, U for UDP T for TCP `sf’ for TCP connect scan and A for ARP

UDP SCAN

unicornscan -v -I -mT [IP ADDRESS]

Entire network


  • unicornscan -r500 -mT -v -I [IP ADDRESS]/24


Specific Port Scan

  • unicornscan -r500 -mT -v -I [IP ADDRESS]/24:22

  • As per your requirement, you can choose the SSH port


Nmap equivalent scans for Unicornscan


  • unicornscan -mT -v -I [IP ADDRESS]

ACK scan


  • unicornscan -mTsA -v -I [IP ADDRESS]

  • The ‘s’ and ‘A’ is for the ACK arguments

XMAS scan

  • nicornscan -mTsFPU -v -I [IP ADDRESS]


Unicornscan Cheat Sheet For the most common scanning, please find a cheat sheet below to help you.

SYN                                       :    -mT

ACK scan                              :    -mTsA

Fin scan                                :    -mTsF

Null scan                              :    -mTs

Xmas scan                            :    -mTsFPU

Connect Scan                       :    -msf -Iv

Full Xmas scan                     :    -mTFSRPAU

scan ports 1 through 5        :   (-mT) host:1-5

To spoof your IP use -s followed by the IP address.

To use another OS fingerprint use the -W switch followed by the numeric value of the OS.

0=Cisco (default)    1=openbsd   2= Windows XP 3= p0fsendsyn 4=FreeBSD   5= nmap

0 views
  • Instagram
  • Facebook Social Icon
  • LinkedIn Social Icon

©2020 by Dr. Tech.