IP4scout was born from the need of having a real-time feed of open ports. Instead of scanning Internet in one shot, it takes a ports list and probe random hosts at a predefined rate.
Scanning at 5kps for 10 ports, statistically has an average of 2 weeks between 2 hosts.
Leaks are random, so is this!
- SYN/ACK scanning
- Blacklist support
- Low memory/CPU footprint
- Rate limiting
ip4scout random -h
Displays help for the random command (only implementation atm)
Flag | Description | Example |
---|---|---|
--blacklist-file | Loads a list of network (CIDR format) from a file | ip4scout random --blacklist-file=blacklist.txt |
--source-port | Use this port a source for the SYN packets | ip4scout random --source-port=12345 |
--ports | List of ports to randomly send SYN packets to | ip4scout random --port=21,23,443 |
--rate-limit | Maximum number of packet per seconds | ip4scout random --rate-limit=1000 |
--disable-recommended | Disable ip4scout's built-in list of non-recommended networks | ipscout random --disable-recommended |
libpcap is required to run this software, check your distribution's package manager.
The installation is easy. You can download the pre-built binaries for your platform from the Releases page.
▶ apt-get install -y libpcap0.8
▶ chmod +x ip4scout-linux-64
▶ mv ip4scout-linux-64 /usr/local/bin/ip4scout
You're going to need libpcap's headers and go1.14+ to built ip4scout.
▶ apt-get install -y libpcap-dev
▶ GO111MODULE=on go get -u -v github.com/LeakIX/ip4scout/cmd/ip4scout
▶ ${GOPATH}/bin/ip4scout random -h
▶ ip4scout random -p 3304-3308,9200-9210 -r 10000 -b blacklist.txt
ip4scout speaks l9format which is a JSON schema targeted at network recon.
l9filter allows translation between this format and plenty others.
▶ ip4scout random --ports=3306,9200,6379|tee results.json|l9filter transform -i l9 -o human
Will display human-readable results on stdout
while saving the scan results to results.json
▶ ip4scout random -p 3304-3308,9200-9210|tee results.json|l9filter transform -i l9 -o hostport
Will display host:port
results on stdout
while saving the scan results to results.json