Scanning Target Hosts with unicorn scan

Scanning a hosts most of the time multiple hosts for open ports and services discovery is one of first thing most of the penetration testers do , so in this post I am going to show you how to use unicorn scan and how to perform scan against single and multiple targets .

PLEASE NOTE : For demonstration purpose , I’ll be using kali Linux as my primary os and ubuntu and windows virtual machines as target hosts with running several service .



  • Asynchronous stateless TCP scanning with all variations of TCP Flags.
  • Asynchronous stateless TCP banner grabbing
  • Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response).
  • Active and Passive remote OS, application, and component identification by analyzing responses.
  • PCAP file logging and filtering
  • Relational database output
  • Custom module support
  • Customized data-set views


Lets see how to perform simple scan , Basic TCP SYN scan

[email protected]:~# unicornscan

Sample Output :

[email protected]:~# unicornscan
TCP open                http[   80]     from  ttl 128 
TCP open               epmap[  135]     from  ttl 128 
TCP open         netbios-ssn[  139]     from  ttl 128 
TCP open        microsoft-ds[  445]     from  ttl 128 

Unicorn Scan

UDP Scan

[email protected]:~# unicornscan -mU -r200 -I


 -mU              :    is mode UDP 
 -I               :    Display Immediately    :    target IP  
  :53             :    port number 
 -r200            :    200 Packets per second 

Sample Output

UDP open  ttl 128
UDP open              domain[   53]     from  ttl 128

TCP Scan

[email protected]:~# unicornscan -r500 -mT,443,445,339


 -mT                 :    is mode TCP    :    target network range ( block )   
  :80,443,445        :    ports 
 -r500               :    500 Packets per second 

Many Other options you can pass , for example for ACK use -mTsA

SYN                     :    -mT
ACK scan                :    -mTsA
Fin scan                :    -mTsF
Null scan               :    -mTs
Xmas scan               :    -mTsFPU
Connect Scan            :    -msf -Iv
scan with all options   :    -mTFSRPAUEC
Syn + osdetect          :    -eosdetect -Iv (-mT)
scan ports 1 through 5  :   (-mT) host:1-5

Practical Use Case

scanning for mysql with http and https ports

[email protected]:~# unicornscan -r200 -Iv -eosdetect  -mT,80,443


TCP open  ttl 64
ST 1 IP TTL 64 TOS 0x00 [DF] TCP WS 65535 urg_ptr 0000
TCP open  ttl 64
sender statistics 197.8 pps with 3 packets sent total
listener statistics 6 packets received 0 packets droped and 0 interface drops
TCP open                http[   80]     from  ttl 64 OS `' 
TCP open               mysql[ 3306]     from  ttl 64 OS `'

unicorn scan

HomePage :
Getting Started :

Tagged With : - -