Security News > 2024 > March > Quicmap: Fast, open-source QUIC protocol scanner

Quicmap is a fast, open-source QUIC service scanner that streamlines the process by eliminating multiple tool requirements.

It effectively identifies QUIC services, the protocol version, and the supported ALPNs.

"As I started researching the QUIC protocol, I noticed that my favorite scanner had issues identifying QUIC-enabled services. This is not too surprising, as QUIC used UDP, and anyone who has scanned UDP services knows how difficult this is. I wanted to have a simple tool that can reliably scan for QUIC-enabled services and also pull out information that a penetration tester might need - such as the mentioned X.509 certificates but also supported protocols since QUIC supports much more than HTTP/3," Bojan Ždrnja, CTO at Infigo IS and co-author of the tool told Help Net Security.

Quicmap features Scan arbitrary hosts, IP addresses, networks, and ports and identify QUIC services.

"Quicmap is not only the simplest QUIC scanner to install and use, thanks to its Python foundation, which makes library integration easy, but it also shines with its capability to brute-force ALPN protocols through a built-in list and binary searching. This feature enables the detection of various services and protocols over QUIC, such as SMB or IRC. Its speed is notable, despite being Python-based, due to the customizable threading options that enhance scanning velocity," Ždrnja explained.

More thorough support for SMB over QUIC is coming soon.

News URL

https://www.helpnetsecurity.com/2024/03/18/quicmap-open-source-quic-protocol-scanner/