udp-proto-scanner is a perl script which discovers UDP services by sending triggers to a list of hosts


$ udp-proto-scanner.pl -f ips.txt
$ udp-proto-scanner.pl
$ udp-proto-scanner.pl -p ntp -f ips.txt

The probe names (for -p) are defined in udp-proto-scanner.conf. List probe names using the -l option:

$ udp-proto-scanner.pl -l

What’s it used for?

It’s used in the host-discovery and service-discovery phases of a pentest.

It can be helpful if you need to discover hosts that only offer UDP services and are otherwise well firewalled – e.g. if you want to find all the DNS servers in a range of IP addresses. Alternatively on a LAN, you might want a quick way to find all the TFTP servers.

Not all UDP services can be discovered in this way (e.g. SNMPv1 won’t respond unless you know a valid community string). However, many UDP services can be discovered, e.g.:

  • DNS
  • TFTP
  • NTP
  • NBT
  • SunRPC
  • MS SQL
  • DB2
  • SNMPv3

It’s Not a Portscanner

It won’t give you a list of open and closed ports for each host. It’s simply looking for specific UDP services.


It’s most efficient to run udp-proto-scanner.pl against whole networks (e.g. 256 IPs or more). If you run it against small numbers of hosts it will seem
quite slow because it waits for 1 second between each different type of probe.

One cool feature of udp-proto-scanner is that it doesn’t load the whole host list into memory. Therefore if you want to scan 17 million IPs, you can. It’ll take a while, but you won’t run out of memory.


The UDP probes are mainly taken from amap, nmap and ike-scan. Inspiration for the scanning code was drawn from ike-scan. Net::Netmask by David Muir Sharnoff is included in this tool.

Udp-proto-scanner-1.1 Tar
18.4 KiB
MD5 hash: 4c35d38196ebabbaeb3d4f33af067b86
Udp-proto-scanner-1.0 Tar
18.4 KiB
MD5 hash: b173ea99499c75bb314f618408310939
Udp-proto-scanner-0.9 Tar
14.6 KiB
MD5 hash: 75afb06f5e33363f5600da6a0bcf7725

Request to be added to the Portcullis Labs newsletter

We will email you whenever a new tool, or post is added to the site.

Your Name (required)

Your Email (required)