pcascan is a pcAnywhere host scanner.
This program scans a remote network for open pcAnywhere clients. We query the pca "status" port on 5632/udp and do the best we can to parse the responses and identify what's open. An open pcAnywhere client might suggest an insecurity to be exploited by other tools.
pcAnywhere can perform these queries on its own as well if given a class C broadcast address as the target IP (X.X.X.255), but this requires Windows for the platform. It's not scriptable as far as we know, and it's not possible to run on networks other than class C.
When the program runs, it sends out pcAnywhere status queries, and it reports them in some detail when received. These are mainly for developer use to identify new responses, but in any case, when the full scan has finished, a summary of all remote hosts is displayed.
$ pcascan www.target-victim.com/24
--> Name Response: 192.168.1.135 = MXXXXXXX [AHM]
--> Name Response: 192.168.1.201 = TXXXXXXX [AHM]
--> Name Response: 192.168.1.207 = JXXXXXXX [AHM]
--> Name Response: 192.168.1.203 = KXXXXXXX [AHM]
--> Name Response: 192.168.1.231 = LXXXXXXX [AHM]
--> Name Response: 192.168.1.238 = KXXXXXXX [AHM]
--> Status: 192.168.1.135 0 1 Available
--> Status: 192.168.1.201 0 1 Available
--> Status: 192.168.1.207 0 1 Busy
--> Status: 192.168.1.203 0 1 Available
--> Status: 192.168.1.231 0 1 Available
--> Status: 192.168.1.238 0 1 Available
192.168.1.135: MXXXXXXX [AHM] Available
192.168.1.201: TXXXXXXX [AHM] Available
192.168.1.203: KXXXXXXX [AHM] Available
192.168.1.207: JXXXXXXX [AHM] Busy
192.168.1.231: LXXXXXXX [AHM] Available
192.168.1.238: KXXXXXXX [AHM] Available
This shows size stations responding to pcAnywhere status queries, though one of them is currently "in session" and won't accept another.
This scanner test does not show whether the station is also listening on the pcAnywhere session port (it might be blocked by a firewall) or if any kind of password protection is applied to the Host. That's for another tool.
Usage: ./pcascan [options] target [targets...]
--help show this help listing
--verbose show a bit more debugging about what's going on inside
--port=## use UDP port ### instead of the default 5632. It's not
clear why anybody would actually want to use this.
--timeout=## wait at most this many seconds after all queries have been
sent for replies from remotes. Default = 2 seconds.
--wtime=##.# after each write, pause for this much time (in seconds, but
in floating point) to avoid running out of bandwidth over a
limited channel. Default = 0.01 seconds.