masscan
mitmproxy
masscan | mitmproxy | |
---|---|---|
66 | 162 | |
23,984 | 37,791 | |
0.4% | 1.4% | |
3.1 | 9.7 | |
about 2 months ago | 4 days ago | |
C | Python | |
GNU Affero General Public License v3.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
masscan
-
Scanners Beware: Welcome to the Network from Hell
It's a nice dream of "owning" the attackers but it doesn't have a real security value.
[1] https://github.com/robertdavidgraham/masscan
-
What You Get After Running an SSH Honeypot for 30 Days
A lot of these seem to use zmap (https://github.com/zmap/zmap) or massscan (https://github.com/robertdavidgraham/masscan) for the initial scan.
Often with default parameters such as zmap setting ip id to 54321, having tcp initial window at 65535, having no SACK bit set and masscan with no SACK bit either, tcp initial window at 1024, tcp maximum segment size 1460 (which is strange to put below initial window size!), (older versions having fixed src port 61000 or 60000 from documentation examples and no MSS set), all of which are extremly uncommon in legitimate traffic and thus easily identified.
Even those so called "legitimate" scanners (emphasis on the "") seem to use these tools with little or no extra configuration.
- Why so many bots?
-
Mass Scanning
Can I get banned for mass scanning with https://github.com/robertdavidgraham/masscan or does it slow down any other vms from other persons?
-
Has anyone ever had their homelab or network hacked? What happened?
Nope, this doesn't work any more. Shodan checks all ports (so any attackers using data from Shodan already know which ports you have open), and tools like masscan (https://github.com/robertdavidgraham/masscan) let you portscan the entire IPv4 address space in less than 10 minutes.
-
Private server intruded
https://github.com/LogoiLab/mcsl https://github.com/robertdavidgraham/masscan
-
My home server is frustrating me. Please help me, home server wizards.
Changing the default port does nothing for security. It only prevents some basic brute force or default password scripts. Anyone is able to scan for it in no time anyway (https://github.com/robertdavidgraham/masscan).
-
Should I be Concerned?
But it should blow away the far-too-common belief that no-one's after you because you're not interesting enough. IPv4 is smaller than we think. It is not difficult to scan the entire ipv4 space in minutes. And every single one of those is going to knock your door on the way past.
-
Ask HN: Looking for an Old Article
I'm not sure about the article, but the blazingly-fast IP scanner sounds a lot like Masscan. It can scan the entire Internet in 5 minutes and has received a lot of press: https://github.com/robertdavidgraham/masscan . https://rushter.com/blog/how-masscan-works/ is one of many articles about it.
-
Is my Synology getting port-scanned?
Here's an except from the masscan docs:
mitmproxy
-
I turned GitHub Copilot into OpenAI API compatible provider
Enter mitmproxy - this beautiful Python program can act as a proxy and logs all network requests. It even comes with a devtool like web UI. Just what I needed.
-
Sniffnet – monitor your Internet traffic
Years ago, I set up https://mitmproxy.org on a Raspberry Pi and used it to get logs of every site that my kids would visit. I should be clear that monitoring/spying != parenting, but it definitely made me feel a little better to have some idea of what the kids are using the internet for.
From a technical perspective, it did exactly what you want. I had logs of full urls (not just domains). So, for example, I could view what they googled and when, if I wanted to anyway.
It did involve installing a certificate on the computer that they use, but there are how-to guides so setting everything up was simply a matter of following instructions.
The biggest drawback is that it noticeably slowed their internet. I imagine if I had run this on a more powerful computer it may have been better.
-
When Postgres index meets Bcrypt
The bug issue was reproducible in the production setup, the logs/metrics were not so useful with the clues for the cause. So, I cloned the project code to my laptop and launched a Postgres instance via Docker Compose. Additionally, I started mitmproxy to be able to intercept and inspect HTTP requests on my machine, and created a template of the request to the Internal service API with my own SSN in Postman. My debugging setup was ready, so it was time to run and test the app.
-
How I automated my fitness goals
So time to over-engineer this simple problem: since my gym uses EGym / Netpulse, it has Member Card NFC check-ins, which can be accessed via a private API that is called within their App. Using mitmproxy allowed me to quickly identify the check-in related endpoints and the auth mechanism.
-
MitmProxy2Swagger: Automagically reverse-engineer REST APIs
Isn't that the point of mitmproxy? https://github.com/mitmproxy/mitmproxy
-
Reverse engineering GraphQL persistedQuery extension
For exactly this use case, a perfect tool exists: mitmproxy, an open-source Python library that intercepts requests made by your own devices, websites, or apps and allows you to modify them with simple Python scripts.
-
Release Radar · October 2024: Major updates from the open source community
Featured in the GitHub Release Radars for [October 2022], [March 2022], and the launch of version 1.0 back in July 2021, mitmproxy has become a loved project with almost 40K Stars. It's an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. The newest update supports transparent HTTP/3 proxying, added support for Python 3.13, and lots more. Check out the changelog for all the details.
-
Mitmproxy 11: Full HTTP/3 Support
Unfortunately there is still the issue[1] of fingerprinting. Until it can spoof the TLS handshake of a typical browser, you get these "Just a quick check..." or "Sorry, it looks like you're a bot" pages on about 80% of the web.
[1]: https://github.com/mitmproxy/mitmproxy/issues/4575
- Apple's M4 Has Reportedly Adopted the ARMv9 Architecture
- Ask HN: Fiddler Alternatives
What are some alternatives?
RustScan - 🤖 The Modern Port Scanner 🤖
Wireshark - Read-only mirror of Wireshark's Git repository at https://gitlab.com/wireshark/wireshark. ⚠️ GitHub won't let us disable pull requests. ⚠️ THEY WILL BE IGNORED HERE ⚠️ Upload them at GitLab instead.
zmap - ZMap is a fast single packet network scanner designed for Internet-wide network surveys.
grml - Grmls core configuration files for zsh, vim, screen…
amass - In-depth attack surface mapping and asset discovery
MITMf - Framework for Man-In-The-Middle attacks
zgrab2-configurations - A repository for possible zgrab2 configurations
IOXY - MQTT intercepting proxy
nuclei - Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
perf-tools - Performance analysis tools based on Linux perf_events (aka perf) and ftrace
SQLMap - Automatic SQL injection and database takeover tool
NumPy - The fundamental package for scientific computing with Python.