zdns
zmap
zdns | zmap | |
---|---|---|
3 | 2 | |
962 | 5,591 | |
1.2% | 0.9% | |
9.4 | 8.5 | |
3 days ago | 27 days ago | |
Go | C | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
zdns
- Stanford tool resolves all IPv4 addresses in 12 hours
- Masscan: Scan the entire Internet in under 5 minutes
-
Dns Reverse Lookup
Should you be in the mood to script doing a lot of lookups, you can feed dig a file of domain names (one per line) to look up (dig -f names.txt > dig.out). But if you're heading off in that direction you probably want https://github.com/zmap/zdns (and carefully read the "Running ZDNS" section of README.md before you make your recursive resolver sick).
zmap
-
What You Get After Running an SSH Honeypot for 30 Days
A lot of these seem to use zmap (https://github.com/zmap/zmap) or massscan (https://github.com/robertdavidgraham/masscan) for the initial scan.
Often with default parameters such as zmap setting ip id to 54321, having tcp initial window at 65535, having no SACK bit set and masscan with no SACK bit either, tcp initial window at 1024, tcp maximum segment size 1460 (which is strange to put below initial window size!), (older versions having fixed src port 61000 or 60000 from documentation examples and no MSS set), all of which are extremly uncommon in legitimate traffic and thus easily identified.
Even those so called "legitimate" scanners (emphasis on the "") seem to use these tools with little or no extra configuration.
-
Masscan: Scan the entire Internet in under 5 minutes
If masscan is of interest to you, be sure to check out zmap [0] as well. It can scan the entire IPv4 address space in around 45 minutes.
0: https://github.com/zmap/zmap
What are some alternatives?
masscan_as_a_service - masscan as a service
masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
netscan - A fast TCP port scanner
RustScan - 🤖 The Modern Port Scanner 🤖
esp8266_deauther - Affordable WiFi hacking platform for testing and learning
iptables-autobanner
cowrie - Cowrie SSH/Telnet Honeypot https://docs.cowrie.org/
endlessh - SSH tarpit that slowly sends an endless banner
UninvitedActivity - An attempt at creating some kind of auto-updating IP address blocklist