I good friend of mine Lavren has been working on a "Killer Network Security Scanner", I personally use it daily, it stands strong against nmap and should be one of the top scanners on insecure.org in the future.
Info from Lavren:
Abyss is a diverse network tool designed for unix/linux with both scanning, and passive capabilities. It performs various types of portscans, with remote OS detection, and uses a multi-threaded model for fast simultaneous network
Abyss also has sniffing capabilities based on complex BPF filters that display packet information, decode the payload, and perform passive OS detection.
You can get more updated information from here
It is still in early development, and all documentation reguarding the Abyss
project will be maintained on this webpage. Any feedback, and suggestions
are appreciated. All of the base code is written, so adding on additional features
is very easy at this point. -lavren
Currently abyss performs different 6 types of portscans. First there is
the nonblocking socket portscan which is always used when scanning multiple hosts in a multi-threaded fashion, and used by default when scanning a single host. When scanning single hosts you may also use the SYN stealth scan, the UDP scan, and other stealth scans like XMAS Tree scan, FIN scan, and NULL scan. NOTE: These last three stealth scans were added on august 20th, and will be present in Abyss version 0.9.5 Beta which will be released positively on august 25th 2007. Other various bug fixes, and some more subtle features have been added as well! .
AbysS performs portscans based on different services file like those found in
/etc/. Abyss uses /abyss/services/abyss.services which by default is based on the nmap-services file. There are several other services files which are located in the directory including abyss.services.alt which is the same as the nessus services file. You may use whichever services file you wish as long as it is in the standard format, and you name it abyss.services.
* OS detection *
Currently AbysS has a limited tcp/ip stack fingerprint database, somewhere around 27 OS fingerprints. If abyss does not know what operating system a host is running, and you know what the exact OS, and version # is... run abyss with -v
That will print the fingerprints in the correct order. Calculating the initial ttl is
not neccessary with abyss (see test.c). Append the OS name to the end of fingerprint using the ':' symbol as the delimiter, and add it to the .fingerprint/os.prints file. Please email any fingerprints to email@example.com
The passive OS detection analyzes both the SYN, and the SYN/ACK packets
in my development version, but only the SYN/ACK in the version here for download. I have not yet gathered enough fingerprints for SYN packets yet.
* Compile *
AbysS Compiles on Linux, and FreeBSD. It is POSIX compliant, and should
work on other unix varients running on x86.
1. Download from the link below
2. Unpack the tar ball - tar zxvf abyss-v9.0-beta.tar.gz
3. Compile - type make
The README-NOW file is very descriptive, and should give full instructions
on using AbysS
(Scan all the live hosts on a class C range: Open ports, remote OS detection)
./abyss -p target.net/24 192.168.1.2 -o iplist
./abyss -f iplist
(Sniff all data in tcp traffic, with default passive OS detection)
./abyss -O eth0 -b tcp -h -o logfile
(Sniff ftp usernames, and passwords)
./abyss -O eth0 -b tcp and dst port 21 -h -o logfile
You can grab a copy here