
Ibis ver. 1.8 coded by LeVante^

Italian Broadcast Ip Scanner

WHAT IS THIS
Ibis ver. 1.8 coded by LeVante^   levante@manicomio.org  or  m.levante@gmail.com
This is a multithreaded broadcast address scanner for Windows
It's useful to discover any IP Address that gives you back one or more than one ping reply
and, as everybody knows, it can be used to get a list of smurf amplifiers; that's to say
it can be used with smurf/papasmurf/WinSmurf/Smurf2K/WSmurf... (as many as you know...so *murf*  ;-D)
Though I prefer to say it can also be used to discover which addresses respond to ICMP ECHO REQUEST and with how many replies.
Excluding Nmap (which is much much more than a broadcast scanner) on Windows I believe that there is only one 
broadcast scanner whose name is Ultimate Broadcast Scan coded by JC`zic. 
Even if they're both excellent programs I could not get nmap to work (maybe because on windows it requires some plugin 
or WinPcap libraries I don't know, I also tried to install WinPcap but got no result) and UBS is too fast for my 
CPU/connection (my system becomes very slow and my Internet connection too and after a few minutes I'm offline)
so I decided to code one by myself. That's Ibis (Italian Broadcast Ip Scanner).


MAIN FEATURES
With Ibis you can choose how fast must be your scan (setting a delay parameter), you can choose to save only those Ip
with a certain number of DUPs, you can save the output in 3 different ways, you can run it silently or displaying every
ping request/reply event, you can scan the whole Internet or a specific space of addresses.
Moreover Ultimate Broadcast Scan and many other broadcast scanners only ping addresses ending with 0 or 255, I believe 
that's not correct or not enough! There are a lot of Ip addresses that end with any other number and return many ICMP Echo Replies, anyway
you can always choose this way of scanning by setting the -big parameter.


REQUIREMENTS
Ibis is very personalizable (sorry for my English ;=P) so you don't need any special feature.
I only want to give a warning to Windows XP Service Pack 2 users. This program was only tested on Windows XP SP1
Ibis uses Raw Socket support which was native from the times of Windows NT. I heard that this feature was suppressed
in Service Pack 2 and I heard it was suppressed also for all Windows users who made the MS05-019 update. Anyway ONLY IF
YOU CANNOT GET IBIS TO WORK you can find information about how to re-enable the support at 
http://seclists.org/lists/nmap-hackers/2005/Apr-Jun/0001.htm.


HOW TO USE
The base use is:

	ibis.exe <own Ip Address> [Options]

Options are not mandatory and they can be used in any order

Options List:

-sa <xxx.xxx.xxx.xxx>
The -sa parameter must be followed by an Ip address which is the start address. This means that 
the scan will start exactly from the Ip you specified. The default start address is 0.0.0.1.

-ea <xxx.xxx.xxx.xxx>
The -ea parameter must be followed by an Ip address which is the end address. This means that 
the scan will stop exactly at the Ip you specified. The default end address is 254.255.255.255.

-d <delay>
The -d parameter must be followed by a positive integer value. The delay regulates the speed of the scan
since it is the amount of milliseconds that the program waits between an Ip and another so, the higher
the delay is the slower the scan and viceversa. A delay of 0 means that the scan will be the fastest possible.
The default delay value is 70. Pay attention: This is also useful if you are already running an application
that uses a certain amount of your broadband and you don't want to turn it off yet you want to scan.
Just set the appropriate delay to your needs.

-dup <minimum number of dups to save>
The -dup parameter must be folowed by a positive integer value which is the minimum number of DUPs that 
an Ip must have to be saved. For example, ad Ip that returns 2 ping reply ha 2 DUPs and if you specify 
"-dup 2" (without quotes) that Ip will be saved. The default minimum number of DUPs is 1 that means that
Ibis will save any Ip address responding to a ping request. For example this can be useful if you want to 
check which addresses in certain network space don't filter ICMP.

-big <0 | 1> 
The -big parameter must be followed either by 0 or by 1. When it's set to 0 (which is also the default value)
the scan will ping ANY Ip address while when it's set to 1, the scan will only ping Ip addresses ending with 
0 or 255, so the scan will be much faster but it'll jump a lot of addresses that could be useful. 

-ot <1 | 2 | 3>
The -ot parameter must be followed by 1 or 2 or 3 and it regulates the output. When set to 1, the output file
will contain a simple list of Ip addresses, one on each line. When set to 2, each line of the output file will
contain an Ip and its respective DUPs separated by a SPACE. When set to 3, each line of the output file will
contain an Ip and its respective DUPs separated by a TAB. The default -ot value is 1.

-of <path or filename to save the results>
The -of parameter is used to specify the file to save all the results of the scan. It can be
an absolute or relative path. The default -of value is C:\ibis.txt. if you specify a file
that already exits and isn't empty, you will lost any data contained in the old file.

-show <1 | 2 | 3>
The -show parameter must be followed by 1 or 2 or 3 and it regulates the way Ibis displays
any output on the screen. When set to 1 it displays everything, every messagge, ping requests and
replies. When set to 2 it will only display the ping reply events. When set to 3, nothing will come out;
it's silent mode.


EXAMPLES
(WARNING: 80.181.170.55 it's just an example, it was the Ip address I had when I wrote this help)

ibis.exe 80.181.170.55 -sa 61.120.0.0 -ea 65.255.255.255 -d 40 -dup 3 -ot 2

This will scan ANY Ip address from 61.120.0.0 to 65.255.255.255 with a delay of 40 milliseconds (quite fast!) and 
it will save any Ip with at least 3 replies. Results will be saved in default file C:\ibis.txt and each line in the 
file will contain the Ip and its respective DUPs separated by a SPACE. Every event will be displayed in the console.


ibis.exe 80.181.170.55 -sa 230.120.0.0 -d 100 -big 1 -of results.txt

This will scan only the Ip Addresses ending with 0 or 255 starting from 230.120.0.0. The scan will stop 
at 254.255.255.255 (default end address). Ibis will wait 100 milliseconds between two addresses (quite slow)
and the results will be saved in results.txt. The file will contain a simple list of Ip addresses and EVERY
request/reply event will be displayed on the console.


ibis.exe 80.181.170.55 -d 5 -big 1 -dup 5

This will scan the whole Internet yet only the addresses ending with 0 or 255 and with a delay of 
5 milliseconds (very fast!). The scan will save only the addresses with at least 5 ping replies in the default file
(C:\ibis.txt) and results will be a simple list of ip.

-LeVante^-