Scanning Engine v2 - Module - Portscan¶
Overview¶
The portscan
scanning module performs port scans of TCP and UDP services. Unless explicitly disabled in the configuration of the bootstrap
module for a job, the portscan
module will be implicitly added to all jobs that contain module invocations with a non-empty ports
key. The scanning engine attempts to minimize the number of port scans necessary to satisfy all module invocations.
Targeting¶
The ports
key of any module invocation, even module invocations that are not for portscan
, can cause the portscan
module to scan all targets on the declared ports. More infomation can be found here.
Schemas¶
The schema for the body
object of all results generated with .task.module_name
equal to portscan
can be found here. The schema for results is available both in standalone and bundled form.
Examples¶
These are examples of the .body
object for results with .task.module_name
equal to x11
.
GitHub Single TCP Port¶
This example was generated with GitHub by scanning a single TCP port.
{
"dport": 36034,
"saddr": "140.82.114.4",
"window": 65408
}
GitHub All TCP Ports¶
This example was generated with GitHub by scanning all TCP ports.
{
"status": "open",
"reason": "syn-ack",
"ttl": 63
}
Google Public DNS¶
This example was generated with Google Public DNS by scanning a single UDP port.
{
"address": "8.8.8.8",
"port": 53,
"src_port": 16808,
"src_addr": "[REDACTED]",
"proto": "udp",
"status": "open",
"reason": "udp-response",
"timestamp": 1725904946319
}
Changelog¶
v2.0.0 (2025-07-02)¶
- Portscan Rewrite in Go:
- Complete rewrite from Python to Go for improved performance and maintainability.
- Implemented modular scanner architecture supporting multiple scanning engines (zmap, masscan, beportscan).
- Added comprehensive target indexing system for enhanced result correlation.
- Improved error handling and result processing with structured logging.
- Added extensive test coverage for all scanner implementations.
v1.0.0 (2025-05-05)¶
- Initial release of versioning for each module. All modules are being tagged with version number
1.0.0
. Going forward: - Major version should be changed when there are changes that impact consumers or clients of the modules.
- Minor version should be changed when there are additions which enrich or enhance the module but shouldn't affect consumers or clients.
- Patch version should be changed when there are bugfixes.