The Internet Relay Chat Probe (IRCP) is a powerful, robust tool designed for large-scale reconnaissance on Internet Relay Chat (IRC) servers. Developed by Acidvegas, this Python-based utility aims to provide deep insights into the IRC protocol and its internal statistics, opening a new window into the world of internet communication.
The IRCP operates by scanning the entirety of the IPv4 range for common IRC ports, focusing specifically on ports 6660-6669, 6697, and 7000. Its primary function is to demonstrate how extensive information gathering on the IRC protocol can be both beneficial and potentially invasive to privacy1.
To use IRCP, users simply need to provide a direct path to a targets list, which should be a text file containing new-line separated targets. Targets can be valid IPv4 or IPv6 addresses, optionally suffixed with a port. Customizable settings in the ‘ircp.py’ script allow users to tailor the tool’s operation to their needs.
Upon execution, IRCP first attempts to establish an SSL/TLS connection, falling back to a standard connection if unsuccessful. The tool then gathers server information, sends various commands, registers nicknames, and joins every channel to issue more commands. All the data gathered is stored in a neatly organized JSON file, categorized based on numerics and events.
The tool’s design ensures stealthy operation to avoid detection, thanks to extensive research on IRC daemons, services, and common practices used by network administrators. Throttling settings help maintain the stealthy approach, allowing for adjustable delays between commands, connection attempts, and other operations.
However, this power comes with potential threats. The IRC protocol, while less favored in 2023, still hosts over 300,000 users and channels, opening up potential vulnerabilities. These include exploits in common IRC bots, zero-day vulnerabilities, and tracing users’ network/channel whereabouts.
Overall, the Internet Relay Chat Probe is a pioneering tool with considerable potential for internet reconnaissance, while also highlighting the need for improved security measures within the IRC community.
Please note that the IRCP tool also has a “do not scan” list that includes specific IRC servers and IP addresses, underlining its ethical use considerations.
