trailofbits/twa

Add an option to disable port scans

woodruffw opened this issue · 2 comments

These can take quite a while (due to timeouts) and aren't always relevant, so a user should be allowed to disable them with a command-line option.

Something similar to what we do with testssl would probably be best.

Hi,
I got here because of the tag "good first issue".
I would like to help, but I would like to also know just a few things before.
By disabling port scans do you mean any call to the probe function or just the one using dev_ports (excluding 443) ?
Also, the default option should be to perform the "port scan" or not to perform it?

Hi there! Thanks for volunteering.

By disabling port scans do you mean any call to the probe function or just the one using dev_ports (excluding 443) ?

I meant specifically stage 7, which is here:

twa/twa

Line 794 in f0c5312

function stage_7_open_development_ports {

By disabling it I mean doing something like what stage 9 does, which is check for a variable and return early if it isn't set:

twa/twa

Line 953 in f0c5312

# Skip the test if the '-s' flag is missing

Also, the default option should be to perform the "port scan" or not to perform it?

I think the default option should be the current behavior, i.e. run port scans unless disabled.