Screenshots:

Installation

Fingerprinting

ARP Discovery

20.000 Hosts parallel

DHCP segfault subnet

ICMP against SuSE
From the README: [0x01] What is THC-RUT: RUT (aRe yoU There, pronouced as 'root') is your first knife on foreign network. It gathers informations from local and remote networks. It offers a wide range of network discovery utilities like arp lookup on an IP range, spoofed DHCP request, RARP, BOOTP, ICMP-ping, ICMP address mask request, OS fingerprinting, high-speed host discovery, ... THC-RUT comes with a OS host Fingerprinter which determines the remote OS by open/closed port characteristics, banner matching and nmap fingerprinting techniques (T1, tcpoptions). The fingerprinter has been developerd to quickly (10mins) categorize hosts on a Class B network. Information sources are (amoung others) SNMP replies, telnetd (NVT) negotiation options, generic Banner Matching, HTTP-Server version, DCE request and tcp options. It is compatible to the nmap-os-fingerprints database and comes in addition to this with his own perl regex capable fingerprinting database (thcrut-os-fingerprints). Example (OS fingerprinting): # ./thcrut discover -O 192.168.0.1-192.168.255.254 128321 packets received by filter, 0 packets dropped by kernel Completed in 8 minutes, 38 seconds. Latest THC-RUT: thc-rut latest (2003-05-22) Latest Fingerprint database (also in the above tar.gz)
Support THC-RUT and add a fingerprint to the Database: Either use the form below or send it to anonymous@segfault.net
Example:
-----BEGIN THCRUT FINGERPRINT-----
135T=?%139T=O%445T=C%22T=O%137T=C%2001T=C%
135U=?%
21B="220 nsa.gov FTP server (Version wu-2.4.2-"
25B="220 220 jazzband.ncsc.mil ESMTP receive mailer ready at Sat, 21"
22B="SSH-1.99-OpenSSH_2.3.0p1"
80W=" Apache/1.3.24 (Unix)  (Red-Hat/Linux) mod_ssl/2.8.7 OpenSSL/0."
161="3com technology Version 5.0" 
-----END THCRUT FINGERPRINT

Optional comments:
The host is running Red Hat Linux 4.1 on some 3com hardware.
The host IP is 192.168.0.1. The following TCP ports are open:
31337, 79, 113.
I also found this banner on port 143:
* OK Courier-IMAP ready. Copyright 1998-2001 Double Precision, Inc

bye, yetanotherthcrutuser.
Last 10 supporters:
Nick
#
jc16
rd6
gamma4
gaius2
skyper1
<empty>0
<empty>0
Yours sincerely, The Hackers Choioce http://www.thc.org