Skip to content

Port Scanning and Randomizer

I know there are warning on using this feature, as its use could get one banned because an ISP sees this as behavior of potential-malware. And of course, I'd rather not have that, if preventable.

Is this correct so far...?

If so, is there a randomizer that can just keep track of ports scanned instead of going sequentially?  Or, is it already like this?

I know Sven is a wizard and needs no help, but just for the sake of conversation, you could programmatically just use two lists, one for scanned, another for un-scanned, ports, rather than a counter, (if that's how it's, indeed, done) and then use a random number generator that dynamically eliminates already-tested ports by excluidng them in each new draw.

Maybe even scan multiple IPs or a range at once, as well?

And, a time-randomizer, if one chooses not to hammer IPs, but rather do so at some random, ever-changing, tempo?

Comments

  • SvenSven www.GSA-Online.de
    It does this already (randomize ports) But it still tries to work on one IP till it's done.
    But then again, you can use a proxy here as well and e.g. use 127.0.0.1:8080 and the software would use it's own random proxy for each scan.
    Thanked by 1Deeeeeeee
  • DeeeeeeeeDeeeeeeee the Americas
    "But then again, you can use a proxy here as well and e.g. use 127.0.0.1:8080 and the software would use it's own random proxy for each scan."

    Very cool. I am kind of wary to explore this feature but with a proxy is it then OK?
  • SvenSven www.GSA-Online.de
    should be ok...but also keep in mind that with a proxy it all gets slow + the proxies are not known to be the most stable...you might miss some scans.
  • DeeeeeeeeDeeeeeeee the Americas
    edited June 2019
    "you might miss some scans."

    Quite true.  Does the "loop" toggle (when selected)  then make GSA-PS go through the selected IPs and port ranges again and again until stopped, to ensure that there are potentially fewer misses?? If not, what's it for? Thx!
  • SvenSven www.GSA-Online.de
    yes, loop will scan again once finished...but thats more for a very wide range. Using like xxx.xxx.xxx.* as IP range would make not much sense.

    Also don't scan all possible ports, just the most conman ones.
  • DeeeeeeeeDeeeeeeee the Americas
    edited July 2019
    "Also don't scan all possible ports"
    OK.  I didn't know this. I haven't scanned anything yet.

    Are there seldom proxies at uncommon ports? Ever?
  • andrzejekandrzejek Polska
    edited July 2019
    @Deeeeeeee
    https://pastebin.com/9dvys3t2

    You dont want to scan univerisities and public care. Also security and goverment...
  • DeeeeeeeeDeeeeeeee the Americas
    edited July 2019
    "You dont want to scan univerisities and public care. Also security and goverment... "

    Def understood!! ;)  But doesn't that apply more to IP ranges, rather than ports?

    Also, what is the pastebin list? Sorry; I have a lot of Qs.
  • andrzejekandrzejek Polska
    edited July 2019
    @Deeeeeeee
    pastebin is a common ip ranges that u do not want to scan, i found it somewhere on the github
    @Sven
    maybe sven can add that as a default to the software,
    Thanked by 1Deeeeeeee
  • DeeeeeeeeDeeeeeeee the Americas
    edited July 2019
    there is already  a detailed txt in one of the folders...
  • SvenSven www.GSA-Online.de
    yes there is already a list added in default installation with explanations to it why not to scan. If you can give me yours with some more details on each line, I can add it as well.
    Thanked by 1Deeeeeeee
  • DeeeeeeeeDeeeeeeee the Americas
    edited July 2019
    So just doing a single IP full port scan is NOT recommended, then?

    I understand if not using proxies it may look suspicious, hitting them all, but with proxies, that issue seems resolved.

    So I guess it's just a matter of...why waste time/resources on ports that are never/seldom used? Is that right? Thanks! :)


    I like finding anomalous stuff. :) In everything... Like coin minting errors, odd rocks, etc.

    I've seldom seen public proxies with usernames and PWs, or proxies resolved by domain (some weird long web address), but when I do, it's cool.  :p


  • SvenSven www.GSA-Online.de
    yes correct...scanning each and every port on one IP makes little sense.
    Thanked by 1Deeeeeeee
Sign In or Register to comment.