Hummingbird 1.8 review

Hummingbird is an Asychronous Scanning Engine. Hummingbird is a module-based asynchronous scanning engine

License: GPL (GNU General Public License) File size: 0K Developer: Mike Schiffman

0

Hummingbird is an Asychronous Scanning Engine.

Hummingbird is a module-based asynchronous scanning engine. It is a generic platform useful for scanning large sets of target devices in very short periods of time. So we can get better acquainted, let's qualify some of those terms:

- Scan: to construct and send packets or frames across a network and decode and record the responses (or lack thereof)
Large sets: Targets on the order of several hundred to several hundred thousand devices
- Target devices: IPv4, IPv6 or Ethernet devices
- Short periods of time: Packet injection and capturing is split into different threads of execution enabling complete asynchronous execution (the above example took two seconds to scan 53 hosts because hummingbird had to wait for the responses before exiting -- if it didnt wait, the program would send its packets and exit long before all of the responses would have had a chance to trickle in. Trust me, this scales much better for large target sets)

Scanning Modules

A scanning module is comprised of eight functions:

1. The configuration file parsing function
Parses the relevant section in the configuration file to process and load options into either the listener or injector contexts. This has to be module specific since each module can have different user-defined data sections with different options.
2. The listener user-defined data creation function
3. The injector user-defined data creation function
4. The listener user-defined data initialization function
5. The injector user-defined data initialization function
Create and Initialize the user-defined data structures. For any given scanner, there will some information that needs to be specific to the scan, either statistical results that the listener will need to track, or monotonicly incrementing variables that the injector will need to update. This information is initialized here. The pcap filter, which is dependent on the scan type is stored here as well.
6. The builder function
Builds the packet or frames. Is called through every iteration by the injector.
7. The decoder function
Decodes the responses from the listener.
8. The logfile reporting function
Reads the results of the statistics from both contexts and appends this information to the end of the logfile.

Built on top of libnet (use libnet-1.1.3-RC-01.tar.gz or newer) and libpcap and libxml2.