CyberScan: Hackers Favourite ToolKit

This article is from Hakin9 OPEN – Open Source Tools edition, which is available for download for free.

Although it might seem that there are tons of similar tools, most of them serve a particular need, or offer complex technical features for a cybersecurity measurement requirement. In this article, we present Cyberscan, an easy to use tool that ensures together features of tools such as Nmap, Zenmap, Wireshark, etc. But, CyberScan is very simple and compact. It is an open source toolkit for pentesting and ethical hacking.

For instance, CyberScan port scanner prevents intrusions by showing you the status of your network exposure by scanning the network to monitor open services and ports that can be exploited by exogenous traffic. Furthermore, it provides basic views of how the network is lead out in order to help identifying unauthorised hosts or applications and network host configuration errors that can cause serious security vulnerabilities.

Moreover, CyberScan Tool Kit is able to send and capture packets of several protocols, forging and decoding them to be used for most network tasks such as scanning, testing connectivity through probing and attacks ( Attacker ROI, DDOS Attack, SYN Flood, etc.)

In addition, it has some features like geolocation and deep packet inspection.

PS : This Workshop Is For Educational Purpose only, I am not responsible for your actions.

Figure 1: Sample usage of CyberScan

As shown in Figure 1, Cyberscan is part of BlackArch  OS Tools. It is developed by BEN ALI Mohamed from ESPRIT School of Engineering, Tunisia. Written in Python language, it requires at least version 2.7 of Python.

It is noteworthy that Python is available by default installed  in Mac OS, BlackArch, and derivatives.

In the following paragraphs, we detail features of our toolkit.

  1. Supported Operating Systems

CyberScan works on different operating systems.  Those we have tested are:

  • Windows XP/7/8/8.1/10

  • GNU/Linux

  • MacOSX

  1. Installation

One  can download CyberScan  from /archive/ or by using the following commands:

git clone

cd CyberScan

python -v

CyberScan works out of the box with Python version 2.6.x and 2.7.x . One interesting note is that there is no need to install extra tools or libraries.

  1. The CyberScan Module Usage

In order to make sure you have CyberScan in your machine, you can launch the same command as shown in Figure 2.

Figure 2: Checking CyberScan version and its help

This figure shows how to verify the available version of CyberScan. It also demonstrates how to list available options through its help manual.

In the following subsections, we describe briefly features offered by our tool.

3.1) Test Network Connectivity

One can perform ping active probe using several protocol’s measurement (ICMP, TCP, UDP, ARP, etc.).

a) LAN Hosts Discovery

The fastest way to discover hosts of a local Ethernet network is to use ARP. CyberScan uses ARP broadcasts used by hosts to resolve IP addresses in discovering connected machines and corresponds between couples of IP and MAC addresses.

Figure 3 illustrates this use case of CyberScan.

Figure 3: CyberScan ARP Host Discovery

b) ICMP Ping

In this case, one knows the network address or domain name of the host, it can test its connectivity thanks to an ICMP base of ping.

Figure 4: CyberScan ICMP Ping

Figure 4 highlights usage of our ICMP ping functionality.

c) TCP  & UDP Ping

As it is known, some hosts and routers  block ICMP echo reply requests on their interfaces for security reasons:

Another alternative is to use TCP active probing approach. As depicted in Figure 5, as TCP and UDP segments do not necessarily obtain the same processing at intermediate routers due to traffic engineering configurations, one can imagine also using UDP active probing to measure Round-Trip time (RTT) encountered when using real-time applications. CyberScan, as shown in Figure 6, allows using a UDP ping to specific destination.

Figure 5: CyberScan TCP Ping


Figure 6: CyberScan UDP Ping


3.2) Network Scanning

Another interesting tool of CyberScan is network scanning because it can be considered as being an entry point to a machine, or computer (box) that is connected to the internet.

a) Port Scanner

Port Scanning is one of the initial steps that a Penetration Tester (Ethical Hacker) will take to determine how secure a network or web application is from black hat hacker attacks.

Figure 7: CyberScan Port Scanner

Figure 7 shows a sample usage of the port scanning feature of our tool.

b) IP GeoLocation

CyberScan can find the physical location of an IP address. It helps, for example, an forensic investigator tracking down a suspect who wrote a threatening email or hacked someone's company.

Figure 8: CyberScan Geolocation

One can verify the results of CyberScan tool, comparing them to those given by the website

As shown in figure 8 and figure 9, both of them give the same result when testing a Google DNS whose address is

Figure 9 : Testing VS CyberScan Geolocation Result

3.3) Analyzing packet headers

The basic unit of network communication is the packet. CyberScan analyzes packets at different layers by the layers (IP, TCP, ICMP, UDP, etc.) and then corresponding to datagrams of each layers.

It corresponds to the third layer of  the OSI model.

a) Ethernet Headers

One use of CyberScan (see Figure 11) could show header fields such as Mac address and EtherType.

Figure 10: Getting CyberScan Ethernet Headers

b) IP Headers

An IP Header is header information at the beginning of an IP packet that contains information about IP version, source and destination IP address, time-to-live, etc.

This is layer 3 protocol in the OSI model.

Figure 11: Getting CyberScan IP Headers

c) TCP & UDP  Headers

TCP provides reliable, ordered and error-checked delivery of stream of octets between applications running on hosts communicating by an IP Network or major applications such as World Wide Web (WWW), email, remote administration and file transfer rely on TCP.

Applications that do not require reliable data stream service may use  UDP, which provides a connectionless datagram service that emphasizes reduced latency over reliability.

Figure 12: CyberScan TCP Headers


Figure 13:  CyberScan UDP Headers

Figures 11 and 12 illustrate usage of CyberScan to respectively decorticate TCP and UDP fields of a received IP packet.


CyberScan is a open pentest tool. It can be used to analyse and decode packets and help to scan ports. It can also ping and track locations using IP Address.

If anyone is interested in this work, please take a look at my GitHub Account [1]  as we have at least some public projects posted there.

If you have any needs or even just want to brainstorm, please feel free to connect.

About the Author


Mohamed BEN ALI is a student, currently at the fourth year  in IT engineering at ESPRIT School of Engineering [2] (, pentester, developer, ethical hacker, interested in CyberSecurity, Robotics, Image Processing, Machine Learning, mobile development and embedded systems. He has been an intern research student at MINOS research team at Esprit.





Did you liked the article? If you want to read more similar tutorials check the full free edition Hakin9 OPEN – Open Source Tools


May 14, 2019

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Notify of
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013