Quicmap is a fast, open-source QUIC service scanner that streamlines the process by eliminating multiple tool requirements. It effectively identifies QUIC services, the protocol version, and the supported ALPNs.
“As I started researching the QUIC protocol, I noticed that my favorite scanner had issues identifying QUIC-enabled services. This is not too surprising, as QUIC used UDP, and anyone who has scanned UDP services knows how difficult this is. I wanted to have a simple tool that can reliably scan for QUIC-enabled services and also pull out information that a penetration tester might need – such as the mentioned X.509 certificates but also supported protocols (through Application Layer Protocol Negotiation brute forcing) since QUIC supports much more than HTTP/3,” Bojan Ždrnja, CTO at Infigo IS and co-author of the tool told Help Net Security.
Quicmap features
- Scan arbitrary hosts, IP addresses, networks, and ports and identify QUIC services
- Run an arbitrary number of threads (50 by default)
- Supports binary searching for ALPNs to speed up the process
“Quicmap is not only the simplest QUIC scanner to install and use, thanks to its Python foundation, which makes library integration easy, but it also shines with its capability to brute-force ALPN protocols through a built-in list and binary searching. This feature enables the detection of various services and protocols over QUIC, such as SMB or IRC. Its speed is notable, despite being Python-based, due to the customizable threading options that enhance scanning velocity,” Ždrnja explained.
Future plans and download
Currently, Ždrnja and tool co-creator Fran Čutura are doing more testing and plan to extend functionality. More thorough support for SMB over QUIC is coming soon.
Quicmap is available for free on GitHub.
Must read: 15 open-source cybersecurity tools you’ll wish you’d known earlier
More open-source tools to consider: