Skip to content

Scanning Engine v2 - Module - Portscan

Overview

The portscan scanning module performs port scans of TCP and UDP services. Unless explicitly disabled in the configuration of the bootstrap module for a job, the portscan module will be implicitly added to all jobs that contain module invocations with a non-empty ports key. The scanning engine attempts to minimize the number of port scans necessary to satisfy all module invocations.

Targeting

The ports key of any module invocation, even module invocations that are not for portscan, can cause the portscan module to scan all targets on the declared ports. More infomation can be found here.

Schemas

The schema for the body object of all results generated with .task.module_name equal to portscan can be found here. The schema for results is available both in standalone and bundled form.

Examples

These are examples of the .body object for results with .task.module_name equal to x11.

GitHub Single TCP Port

This example was generated with GitHub by scanning a single TCP port.

{
  "dport": 36034,
  "saddr": "140.82.114.4",
  "window": 65408
}

GitHub All TCP Ports

This example was generated with GitHub by scanning all TCP ports.

{
  "status": "open",
  "reason": "syn-ack",
  "ttl": 63
}

Google Public DNS

This example was generated with Google Public DNS by scanning a single UDP port.

{
  "address": "8.8.8.8",
  "port": 53,
  "src_port": 16808,
  "src_addr": "[REDACTED]",
  "proto": "udp",
  "status": "open",
  "reason": "udp-response",
  "timestamp": 1725904946319
}

Changelog

v2.0.0 (2025-07-02)

  • Portscan Rewrite in Go:
  • Complete rewrite from Python to Go for improved performance and maintainability.
  • Implemented modular scanner architecture supporting multiple scanning engines (zmap, masscan, beportscan).
  • Added comprehensive target indexing system for enhanced result correlation.
  • Improved error handling and result processing with structured logging.
  • Added extensive test coverage for all scanner implementations.

v1.0.0 (2025-05-05)

  • Initial release of versioning for each module. All modules are being tagged with version number 1.0.0. Going forward:
  • Major version should be changed when there are changes that impact consumers or clients of the modules.
  • Minor version should be changed when there are additions which enrich or enhance the module but shouldn't affect consumers or clients.
  • Patch version should be changed when there are bugfixes.