Sunday, March 1, 2015

iOS Security Tools - Fing

Fing - FREE

Developer: Overlook Soft

Fing is a highly configurable network scanner which can be leveraged for private networks, but can also be used to scan external hosts. One of Fing's best features is that it will remember networks you've already scanned and retain the names and additional information you've put in for discovered hosts. Fing has a built in MAC vendor database to help identify targets of interest from the discovered hosts. When you first launch Fing, it will detect the network you're on with a scan button in the upper right corner. Depending upon the size of the network, the scan can be fairly quick for a /24 bit subnet, or fairly long for say, an airport running a /16 bit network.

In the above, I cancelled the scan on after a minute or two because it was a /16 bit network and I really didn't need a full scan. One limitation of Fing is that you have to wait till a scan is completed or cancel it to be able to do more detailed scans on discovered hosts. Once you have your list of discovered hosts, you can perform additional scans to determine which services are running on them. For this article, I'm going to choose the HP printer listed at the top as my target for a deeper dive.

After tapping on the host, you have a few options such as Scan Services, Ping Device, Delete from the List, Show Log and Wake on LAN. I'm going to Scan Services and show you that next.

You can see from the results above that there are a number of interesting services running on the host. Fing allows you to tap on the service and attempt to connect with an appropriate app. For http and https, that's your default browser for instance. If the host is a computer, you might see things like FTP or NETBIOS which will leverage your FTP app or file browser app. Let's check out port 8080 to see if we can get a live webpage.

Ouch, it looks like our printer is an HP LaserJet M1536dnf MFP and it doesn't have an admin password set. If I was a mean co-worker, I could change a few settings here and have a nice MFP all to myself. If you remember in the beginning of this article, I said Fing remembers networks you've scanned and additional information you put in about a discovered host. Let's go ahead and put in some info about this host.

Now we've got a more descriptive name than NPI23xxxx and I've annotated that the web interface on port 8080 is wide open and physically where the printer is located. One benny is that the information you type in is searchable from the main screen when you tap the search button on the bottom left. Below you can see the search result from the comment I put in about port 8080 being wide open.

If you'd like to scan an external host, you can do that from the main screen by tapping the pen and paper icon on the bottom row.

The ubiquitos send to icon in iOS allows you to send the information to other apps or via email which includes any additional info you put in about the host.

In the settings, you can modify things like what services to scan for and even add your own. You can also spoof your MAC address if need be.

Fing is a nicely put together network scanner to help locate potentially insecure devices on your network and the ability to remember previously scanned networks and any additional information you put in really sets this app apart from others. One last note, You can sign up for a free FingBox account which will sync and backup your customizations.