Port Scanning and Randomizer

Deeeeeeee

I know there are warning on using this feature, as its use could get one banned because an ISP sees this as behavior of potential-malware. And of course, I'd rather not have that, if preventable.

Is this correct so far...?

If so, is there a randomizer that can just keep track of ports scanned instead of going sequentially?  Or, is it already like this?

I know Sven is a wizard and needs no help, but just for the sake of conversation, you could programmatically just use two lists, one for scanned, another for un-scanned, ports, rather than a counter, (if that's how it's, indeed, done) and then use a random number generator that dynamically eliminates already-tested ports by excluidng them in each new draw.

Maybe even scan multiple IPs or a range at once, as well?

And, a time-randomizer, if one chooses not to hammer IPs, but rather do so at some random, ever-changing, tempo?

Sven

It does this already (randomize ports) But it still tries to work on one IP till it's done.

But then again, you can use a proxy here as well and e.g. use 127.0.0.1:8080 and the software would use it's own random proxy for each scan.

Deeeeeeee

"But then again, you can use a proxy here as well and e.g. use 127.0.0.1:8080 and the software would use it's own random proxy for each scan."

Very cool. I am kind of wary to explore this feature but with a proxy is it then OK?

Sven

should be ok...but also keep in mind that with a proxy it all gets slow + the proxies are not known to be the most stable...you might miss some scans.

Deeeeeeee

"you might miss some scans."

Quite true.  Does the "loop" toggle (when selected)  then make GSA-PS go through the selected IPs and port ranges again and again until stopped, to ensure that there are potentially fewer misses?? If not, what's it for? Thx!

Sven

yes, loop will scan again once finished...but thats more for a very wide range. Using like xxx.xxx.xxx.* as IP range would make not much sense.

Also don't scan all possible ports, just the most conman ones.

Deeeeeeee

"Also don't scan all possible ports"

OK.  I didn't know this. I haven't scanned anything yet.

Are there seldom proxies at uncommon ports? Ever?

andrzejek

@Deeeeeeee
https://pastebin.com/9dvys3t2

You dont want to scan univerisities and public care. Also security and goverment...

Deeeeeeee

"You dont want to scan univerisities and public care. Also security and goverment... "

Def understood!!   But doesn't that apply more to IP ranges, rather than ports?

Also, what is the pastebin list? Sorry; I have a lot of Qs.

andrzejek

@Deeeeeeee
pastebin is a common ip ranges that u do not want to scan, i found it somewhere on the github
@Sven
maybe sven can add that as a default to the software,

Deeeeeeee

there is already  a detailed txt in one of the folders...

Sven

yes there is already a list added in default installation with explanations to it why not to scan. If you can give me yours with some more details on each line, I can add it as well.

Deeeeeeee

So just doing a single IP full port scan is NOT recommended, then?

I understand if not using proxies it may look suspicious, hitting them all, but with proxies, that issue seems resolved.

So I guess it's just a matter of...why waste time/resources on ports that are never/seldom used? Is that right? Thanks!

I like finding anomalous stuff. In everything... Like coin minting errors, odd rocks, etc.

I've seldom seen public proxies with usernames and PWs, or proxies resolved by domain (some weird long web address), but when I do, it's cool. 

Sven

yes correct...scanning each and every port on one IP makes little sense.