********************************************
****      COLITAS NETWORK SCANNER       ****
********************************************

	1. About colitas
	2. Usage
	3. Speed
	4. Author

********************************************
	1. ABOUT COLITAS
********************************************

Colitas is designed to be a very fast stateless network scanner. 
It can scan any ip and port range. It uses SYN packets for it's
scanning purposes. Current version is 0.5.

Root privilages are needed to use colitas due to raw sockets
which are necessery to create SYN packets. Colitas is very fast.
This is achieved by stateless scanning. This means that we send
packets and forget about them. Then we listen for incoming SYN/ACK
or SYN/RST packets. Based on seq_ack numbers we find replies to
our probes and from these packets we determine ip and port
numbers ofscanned hosts.

********************************************
	2. USAGE
********************************************

usage: colitas start_ip:end_ip [start_port:end_port] [options]

examples:
	
	$ colitas 214.44.5.0:214.44.255.255 25,110
	$ colitas 14.4.25.45 1:1024
	$ colitas 150.80.0.0-150.255.255.255 21-25,67,53,110,80

options:
  -f most common ports ( this is the default )
  	
	ports:
	
		7,11,19,21,22,23,25,42,43,53,66,79,80,81,88,109,
		110,111,118,119,135,139,143,179,256,389,396,407,443,513,514,515,524,
		799,1024,1080,1313,1352,1433,1494,1498,1524,1525,1527,1723,1745,2000,
		2001,2447,2998,3000,3300,3306,4001,4045,5631,5800,6000,6001,6666,6667,
		6668,6669,8000,8001,8002,8080,9001,12345,26000,32771,43188,65301
  
  -a all important ports
  
	ports:
		
		1,2,3,5,7,9,11,13,17,18,19,20,21,22,23,24,25,27,29,31,
		33,35,37,38,39,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,
		59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,
		82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,
		103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,
		120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,
		137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,
		154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,
		171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,
		188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,
		205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,
		222,223,242,243,244,245,246,256,257,258,259,260,261,262,263,280,281,
		282,309,344,345,346,347,348,349,350,351,371,372,373,374,375,376,377,
		378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,
		395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,
		412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,
		429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,
		446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,
		463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,
		480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,
		497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,
		514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,
		531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,
		548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,
		606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,633,634,
		635,636,637,666,667,668,669,670,671,672,673,674,704,705,709,710,729,
		730,731,741,742,744,747,748,749,750,751,752,753,754,758,759,760,761,
		762,763,764,765,767,769,770,771,772,773,774,775,776,780,786,800,801,
		886,887,888,911,991,995,996,997,998,999,1000,1001,1023,1024,1025,
		1027,1030,1031,1032,1047,1048,1058,1059,1067,1068,1080,1083,1084,
		1089,1110,1123,1155,1212,1222,1248,1313,1314,1345,1346,1347,1348,
		1349,1350,1351,1352,1353,1354,1355,1356,1357,1358,1359,1360,1361,
		1362,1363,1364,1365,1366,1367,1368,1369,1370,1371,1372,1373,1374,
		1375,1376,1377,1378,1379,1380,1381,1382,1383,1384,1385,1386,1387,
		1388,1389,1390,1391,1392,1393,1394,1395,1396,1397,1398,1399,1400,
		1401,1402,1403,1404,1405,1406,1407,1408,1409,1410,1411,1412,1413,
		1414,1415,1416,1417,1418,1419,1420,1421,1422,1423,1424,1425,1426,
		1427,1428,1429,1430,1431,1432,1433,1434,1435,1436,1437,1438,1439,
		1440,1441,1442,1443,1444,1445,1446,1447,1448,1449,1450,1451,1452,
		1453,1454,1455,1456,1457,1458,1459,1460,1461,1462,1463,1464,1465,
		1466,1467,1468,1469,1470,1471,1472,1473,1474,1475,1476,1477,1478,
		1479,1480,1481,1482,1483,1484,1485,1486,1487,1488,1489,1490,1491,
		1492,1493,1494,1495,1496,1497,1498,1499,1500,1501,1502,1503,1504,
		1505,1506,1507,1508,1509,1510,1511,1512,1513,1514,1515,1516,1517,
		1518,1519,1520,1521,1522,1523,1524,1525,1526,1527,1528,1529,1530,
		1531,1532,1533,1534,1535,1536,1537,1538,1539,1540,1541,1542,1543,
		1544,1545,1546,1547,1548,1549,1550,1551,1552,1553,1554,1555,1556,
		1557,1558,1559,1560,1561,1562,1563,1564,1565,1566,1567,1568,1569,
		1570,1571,1572,1573,1574,1575,1576,1577,1578,1579,1580,1581,1582,
		1583,1584,1585,1586,1587,1588,1589,1590,1591,1592,1593,1594,1595,
		1596,1597,1598,1599,1600,1601,1602,1603,1604,1605,1606,1607,1608,
		1609,1610,1611,1612,1613,1614,1615,1616,1617,1618,1619,1620,1621,
		1622,1623,1624,1625,1636,1637,1638,1639,1640,1641,1642,1643,1644,
		1645,1646,1647,1648,1649,1650,1651,1652,1653,1654,1655,1656,1657,
		1658,1659,1660,1661,1662,1663,1664,1665,1666,1667,1668,1669,1670,
		1671,1672,1673,1674,1675,1676,1677,1678,1679,1680,1681,1682,1683,
		1684,1685,1686,1687,1688,1689,1690,1691,1692,1693,1694,1695,1696,
		1697,1698,1699,1700,1701,1702,1703,1704,1705,1706,1707,1708,1709,
		1710,1711,1712,1713,1714,1715,1716,1717,1718,1719,1720,1721,1722,
		1723,1724,1725,1726,1727,1728,1729,1730,1731,1732,1733,1734,1735,
		1736,1737,1738,1739,1740,1741,1742,1743,1744,1745,1746,1747,1748,
		1749,1750,1751,1752,1753,1754,1755,1756,1757,1758,1759,1760,1761,
		1762,1763,1764,1765,1766,1767,1768,1769,1770,1771,1772,1773,1774,
		1776,1777,1778,1779,1780,1781,1782,1783,1784,1785,1786,1787,1788,
		1789,1790,1791,1792,1793,1794,1795,1796,1797,1798,1799,1800,1801,
		1802,1803,1804,1805,1806,1807,1808,1809,1810,1811,1812,1813,1814,
		1815,1818,1819,1820,1821,1822,1823,1824,1901,1902,1903,1904,1905,
		1906,1907,1908,1909,1911,1912,1913,1914,1915,1916,1917,1918,1919,
		1920,1944,1945,1946,1947,1948,1949,1950,1951,1973,1985,1986,1987,
		1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,
		2001,2002,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,
		2015,2016,2017,2018,2019,2020,2021,2022,2023,2024,2025,2026,2027,
		2028,2030,2032,2033,2034,2035,2038,2040,2041,2042,2043,2044,2045,
		2046,2047,2048,2049,2065,2067,2102,2103,2104,2105,2201,2202,2213,
		2221,2222,2223,2232,2233,2234,2235,2236,2237,2238,2239,2241,2279,
		2280,2281,2282,2283,2284,2285,2286,2287,2288,2301,2307,2401,2500,
		2501,2564,2583,2592,2700,2784,2785,2786,2787,2788,2789,2801,2908,
		2909,2910,2911,2912,3000,3001,3002,3010,3011,3047,3048,3049,3128,
		3141,3142,3143,3144,3145,3264,3333,3421,3454,3455,3456,3457,3883,
		3900,3984,3985,3986,4008,4009,4132,4133,4134,4321,4343,4444,4445,
		4446,4447,4448,4449,4450,4451,4452,4453,4454,4500,4501,4672,5000,
		5001,5002,5003,5004,5005,5010,5011,5020,5021,5050,5145,5150,5190,
		5191,5192,5193,5236,5300,5301,5302,5303,5304,5305,5400,5401,5555,
		5631,5632,5678,5679,5713,5714,5715,5716,5717,5729,5742,5745,5755,
		5757,5766,5767,5800,5900,6000,6110,6111,6112,6123,6141,6142,6143,
		6144,6145,6146,6147,6148,6149,6253,6389,6455,6456,6558,6588,6670,
		6672,6673,6831,6969,7000,7001,7002,7003,7004,7005,7006,7007,7008,
		7009,7010,7099,7100,7121,7174,7200,7201,7395,7491,7511,7777,7781,
		7999,8000,8010,8032,8080,8450,8888,8889,8890,8891,8892,8893,8894,
		9000,9100,9535,9876,9992,9993,9994,9995,9996,9997,9998,9999,10000,
		11000,12345,12753,13223,17007,18000,20001,20024,21554,21845,21846,
		21847,21848,21849,22273,22347,22555,22800,22951,23456,25000,25001,
		25002,25003,25004,25005,25006,25007,25008,25009,25793,25867,26000,
		26208,30303,47557,47806,47808,54320,65000
  
  -r raw output in the form: ip port
  	
	makes colitas output results in a very simple form 
	example: 213.180.120.102 25
  
  -n don't resolve hostnames
  
  	by default colitas resolves hostnames of found ips
	use this option if you don't need this feature
  
  -e show negative replies
  	
	by default only positive responses will be shown ( SYN/ACK ), 
	if you also want to see the negative ones use this
  
  -E show only negative replies
  	
	will make colitas show only negative responses
  
  -p scan all ports on single host then move to next host
     by default all hosts are scanned then the next port is checked
	 
	default scanning order:
	 
	$ colitas 213.180.1.1-213.180.255.255 21,22,23,25,53,80,110,443,995
	 
		213.180.1.1 21
		213.180.1.2 21
		213.180.1.3 21
		213.180.1.4 21
		213.180.1.5 21
		213.180.1.6 21
		213.180.1.7 21
		213.180.1.8 21
		213.180.1.9 21
		213.180.1.10 21
		213.180.1.11 21
		213.180.1.12 21
		213.180.1.13 21
		213.180.1.14 21
		213.180.1.15 21
		213.180.1.16 21
		213.180.1.17 21
		
	with -p:
	
	$ colitas 213.180.1.1-213.180.255.255 21,22,23,25,53,80,110,443,995 -p
	
		213.180.1.1 21
		213.180.1.1 22
		213.180.1.1 23
		213.180.1.1 25
		213.180.1.1 53
		213.180.1.1 80
		213.180.1.1 110
		213.180.1.1 443
		213.180.1.1 995
		213.180.1.2 21
		213.180.1.2 22
		213.180.1.2 23
		213.180.1.2 25
		213.180.1.2 53
		213.180.1.2 80
		213.180.1.2 110

  -s seconds to wait after sending last packet, by default 3
  	
	due to the nature of colitas we should wait a given number of seconds
	after sending out the last probe, by default this value is 3 which
	is sufficient for most networks
  
  -t delay between scanning packets in microseconds, by default 5

********************************************
	3. SPEED
********************************************

We keep no record ('state') of the scan progress, we just send our
probes and check for replies. This makes colitas the fastes scanner
on the planet. Some speed statistics generated on a ADSL with 512kb
down stream 128 up stream bandwith.

***Test 1***
Checking some basic services on a C class network:

$ colitas 213.180.130.1-213.180.130.255 21,22,23,25,53,80,110,443,995

scanning 255 hosts and 9 ports on each host ( total of 2295 ports )
this can take up to approx. 61 seconds ( 0.017090 hours )

[cut]

scanning completed in 28 seconds

That's almost 82 ports per second. Pretty fast.



***Test 2***
A search for smtp servers in a B class network:

$ colitas 150.180.1.1-150.180.255.255 25
scanning 65025 hosts and 1 ports on each host ( total of 65025 ports )
this can take up to approx. 1661 seconds ( 0.461427 hours )

[cut]

scanning completed in 654 seconds

That's over 99 ports per second. Is that fast or what ?

********************************************
	4. AUTHOR
********************************************

Lukasz Tomicki <tomicki@o2.pl>
Newest version available at http://tomicki.net/
