MPscan logo Logo
Multi Purpose Scanner Home Page
MP scan menu

This is a very simply scanner coded in C language, it starts a MAXIP number of child process (one for each ip), it connects to the given ips readed from file then read the first MAXCHAR characters sent from the host and exits, if the host contacted doesn't send anything but have the port open the child process dies after TIMEOUT. Scan result is written in a file or on stdout.


written by miasma


Mpscan 0.04-testing-2 released,

corrected some code error, new command line options (-c ), added ip geneadded ip generation status info.


Note that mpscan has changed his name (from mp-scan to mpscan), i do this cause the "-" can create some problem, i suggest to delete the old mp-scan from your system and after install the new mpscan version.


0.04-testing-2, 2002-07-09,

- added -c option,

- fixed some code error,

- added ip generation status.

0.04-testing, 2002-07-07,

- code clenup,

- better info on connection error,

- added simply bash scripts to generate ip list file,

- added -S option look help for more info,

- added -R option look help for more info,

- some bug fix.

0.03, 2002-05-24,

- added T and I option( look the help for more info),

- added changelog,

- added rpm rules;

- added debian rules,

- added man page,

- Makefile created.

0.02, 2002-05-22,

- added many option.

0.01, 2002-05-20,

- initial release.

  The Scanner suppor many option and have a man page that give (I hope) a good help. Below there is an example of the output of the scanner:
$ mpscan -e -p 25 -t 15 -r 100 -T 20 -R
Fast mp-scan 0.04-testing ...
Total ip: 11
        11/11 91%
Generated 11 ip in 0.199 seconds
Ip range parsed... 11 ip found
Scan on 25 started...
0: -> Network is unreachable
3: -> Connection refused
2: -> Connection refused
1: -> 220 ESMTP Postfix (Debian/GNU)
6: -> No route to host
5: -> connected but no data retrived within 7 sec
4: -> No route to host
8: -> connect timeout after 15
7: -> No route to host
9: -> No route to host
10: -> No route to host
Waiting for child dead...
Scanned 10 ip in 3.14821 seconds
Scan ended... enjoy the result

The output is not in order because for each there is a single indipendent process that try the connection, then each child can require more or less time then the other to print out the result.

All MPscan version can be downloaded from:

mirror location: pakage type
Savannah hackers
debian pakage
tar.gz source
rpm pakage
My pc(if i'm on line)
friend's mirror

Note: to download from sourceforge follow the link with your browser then you can chose a sourceforge mirror and download the file with your preferred downloader like wget.

The rpm pakage is alienized from debian pakage, if it doesn't work fine pls tell me;


mp-scan: Suggest Ideas:

Have an idea for a new features or a change that would make mp-scan better? Tell me now! Please send me an email.

  Man page:
mpscan(1)                              mpscan(1)

       mpscan - Multi Purpose scanner

       mpscan  [-] [e] [d] [p port] [t timeout] [r maxchar] [T maxthread] [I maxips] 
                         [i input_file] [R iprange] [o output_file] [S string]

       mp-scan starts maxthread number of child process (one for each ip), 
       it connects to the given  ips  readed from  input_file  then  read  the first maxchar 
       characters sent from the host and exits, if the host contacted doesn't send 
       anything but have the port open the child process dies after timeout.  
       Scan result is written in output_file or on stdout.

       -e write "connection error" to the output file;
       -d  enable debugging mode, simply print debug info;
       -h display the help;
       -p port to scan, supperted value: all integer between 0 and 2147483647;
       -t set the connection timeout in second, if not set the default is 7 sec;
       -c set how mutch wait data when connected, if not set the default is 7 sec;
       -r set the the num of char can be retrieved, if not set the default is 100;
       -T set the num of threads that the scanner must run, the deafult is 15;
       -I set the num of ips that must be read from input file, 
          by default prog consider all ip in file;
       -i input file name;
       -R set the ip range to scan, for example 192.168.0-1.0-255;
       -o output file name, if not set the default is stdout;
       -S  set the string to send to scanned host,it change \n, \r or \t 
              into its relative mean, use \\ to print a \, \\n to print \n;
       example: mpscan -e -p 80 -t 10 -c 5 -r 100 -T 20 -R 
                          -o scanout -S "GET / HTTP/1.0\n\n"

       -The program read the ips from the input file, this file should be a list of ip, one per line.

       Input file example:

       $cat ip_list etc...

Fabio Borraccetti               0.04                mpscan(1)

For more help feel free to mail me.

- There are some problem scanning telnet and bind port

- The microseconds difference from begin to end of scan for example is wrong


For now I'm working on four particular features:

  • Add IPv6 support;
  • Add udp support;
  • Modify all mpscan to make it more faster, once an ip is generated or readed it should be scanned istantly;
  • Obviously correct bugs;
  • Code cleanup;


Contact <- This home page <- MPscan homepage <- MPscan homepage at savannah <- MPscan savannah hackers homepage <- my email

Developers & thanks

Fabio borraccetti aka miasma (or miasma-);

Thanks to Asus and Morpaus for code help, features ideas, bugs and so on;

MPscan is tested and developed by me on debian sid system with 2.4.17.