Skip to content

Scanning Engine v2 - Module - Portscan

Overview

The portscan scanning module performs port scans of TCP and UDP services. Unless explicitly disabled in the configuration of the bootstrap module for a job, the portscan module will be implicitly added to all jobs that contain module invocations with a non-empty ports key. The scanning engine attempts to minimize the number of port scans necessary to satisfy all module invocations.

Targeting

The ports key of any module invocation, even module invocations that are not for portscan, can cause the portscan module to scan all targets on the declared ports. More infomation can be found here.

Configuration

Only the publicly-available configuration keys that can be set in a job's module invocations will be described below. Additional configuration keys may exist, but not be shown here because they are restricted to specific users or because they are permanently set as a static value. If no keys have (required) after their names then invocations of this module need not contain a config key.

Named Keys

cooldown

How long to wait for responses after all probes have been sent, in seconds.

  • Type: integer
  • Default: 4

debug

Run module with a debugging configuration.

  • Type: boolean

max-targets

Limit the number of targets scanned, randomly chosen.

  • Type: integer

portscanner

Use the specified portscanner.

  • Type: string
  • Default: auto

Values for this configuration key must be one the following:

  • auto
  • be
  • noop

probe

Probe to send when scanning UDP ports.

  • Type: string

qsize

The scan max queue size.

  • Type: integer
  • Default: 10000

seed (required)

uint32 that defines the traversal of targets.

  • Type: integer

shards (required)

Range is from [1,255].

  • Type: integer

Schemas

The schema for the body object of all results generated with .task.module_name equal to portscan can be found here. The schema for results is available both in standalone and bundled form.

Examples

These are examples of the .body object for results with .task.module_name equal to x11.

GitHub Single TCP Port

This example was generated with GitHub by scanning a single TCP port.

{
  "dport": 36034,
  "saddr": "140.82.114.4",
  "window": 65408
}

GitHub All TCP Ports

This example was generated with GitHub by scanning all TCP ports.

{
  "status": "open",
  "reason": "syn-ack",
  "ttl": 63
}

Google Public DNS

This example was generated with Google Public DNS by scanning a single UDP port.

{
  "address": "8.8.8.8",
  "port": 53,
  "src_port": 16808,
  "src_addr": "[REDACTED]",
  "proto": "udp",
  "status": "open",
  "reason": "udp-response",
  "timestamp": 1725904946319
}

Changelog

  • YYYY-MM-DD: Initial public release of documentation.