Cybersecurity

In previous articles, we discussed the design principles of Masscan and the engineering practices of Naabu. Today, we dive into the code level and use the Go language and Google’s powerful gopacket library to build a simple SYN Scanner with our own hands. Why Not Just Use net.Dial? In Go, the simplest way to check a port is to use net.Dial("tcp", "ip:port"). This corresponds to the OS’s Connect Scan: System sends SYN. Target replies SYN+ACK. System automatically replies ACK (handshake complete). Application layer Dial returns success. Application layer calls Close, sending FIN/RST. Disadvantages of this method: ...

Masscan is a classic and extremely high-speed network scanner. This article starts from implementation details to analyze how Masscan sends and receives packets directly at the user level, how it distinguishes responses generated by itself, as well as its target randomization and high-performance network card access technologies. 1. Masscan’s User-Level Sending/Receiving (libpcap) Masscan does not use the operating system’s full protocol stack, but instead sends and receives raw data packets directly on Linux based on libpcap. This brings several important impacts and limitations: ...

Project Origin One day, a classmate threw a GitHub repository link for PoCs into the group chat, containing many PoC markdown documents. I saved it immediately. Recently, building knowledge bases with vector databases has become very convenient, so I thought, why not use tools like AnythingLLM to directly construct a knowledge base? AnythingLLM even supports creating documents directly from GitHub repositories. The effect is as follows: “What are the vulnerabilities of X-OA?” Answer: ...

Introduction SYN Cookies were originally proposed to solve SYN Flood attacks. In high-concurrency network scanning, how to distinguish between TCP packets belonging to the scanner and normal traffic is a critical issue. Scanners (such as Masscan, ZMap) borrow the principle of Syncookies to verify responses without maintaining massive connection states, thereby improving scanning efficiency and reliability. This article will explain the application of Syncookies technology in scanning, combined with the implementation of Masscan. ...

Most people who know about network scanners should have heard the name Nmap. If we were to select the most excellent scanning tool, or the top hacker weapon, Nmap would definitely be on the list. Nmap is a free, open-source scanning tool with excellent network asset scanning capabilities. In addition to common port scanning, Nmap also supports operating system detection and service identification. Through its built-in probes and fingerprint library, it can accurately identify the fingerprints of most operating systems and application services. ...