fsebugoutzone.org:9999

       Post AMp7kXY9KXvOmrPhHk by ScottMortimer@infosec.exchange
 (DIR) More posts by ScottMortimer@infosec.exchange
 (DIR) Post #AMp7kXY9KXvOmrPhHk by ScottMortimer@infosec.exchange
       2022-08-23T15:21:31Z
       
       0 likes, 0 repeats
       
       ~Open Source Security Tool of the Day~#osstotdSmapSmap is a port scanner built with shodan.io&#39;s free API. It takes same command line arguments as Nmap and produces the same output which makes it a drop-in replacament for Nmap.Features-   Scans 200 hosts per second-   Doesn&#39;t require any account/api key-   Vulnerability detection-   Supports all nmap&#39;s output formats-   Service and version fingerprinting-   Makes no contact to the targetshttps://github.com/s0md3v/smap
       
 (DIR) Post #AMp7kY5TKea0SD0JE0 by bananarama@mstdn.social
       2022-08-23T15:26:05Z
       
       0 likes, 0 repeats
       
       @ScottMortimer TIL about Shodan. Time to find all their ips and drop them.
       
 (DIR) Post #AMq1XdlcUxSJjp8jLc by rysiek@mastodon.technology
       2022-08-23T15:23:38Z
       
       0 likes, 0 repeats
       
       @ScottMortimer so it replaces nmap -- run locally, providing results based on what&#39;s actually observable from where it&#39;s being run -- with queries to a centralized, proprietary service, reporting results as the proprietary service in question chooses to report them?That... does not seem very useful.
       
 (DIR) Post #AMq1XeFkgvYhFHEnJY by ScottMortimer@infosec.exchange
       2022-08-23T15:25:36Z
       
       0 likes, 0 repeats
       
       @rysiek If I wrote the actual info from the Github page, I would have written &quot;supplement&quot; not replace.
       
 (DIR) Post #AMq1Xem0kzMYrKKYb2 by rysiek@mastodon.technology
       2022-08-23T15:27:15Z
       
       0 likes, 0 repeats
       
       @ScottMortimer &gt; Since Smap simply fetches existent port data from shodan.io...Yup, it&#39;s just a query interface for a proprietary service.
       
 (DIR) Post #AMq1XfGquK26OylBfU by ScottMortimer@infosec.exchange
       2022-08-23T15:32:51Z
       
       0 likes, 0 repeats
       
       @rysiek And your point is?
       
 (DIR) Post #AMq1XfebU121ads9gm by rysiek@mastodon.technology
       2022-08-23T15:36:28Z
       
       0 likes, 0 repeats
       
       @ScottMortimer my point is that:1. it is not a port scanner, it&#39;s a CLI interface to a proprietary port scanning service;2. it does not &quot;scan&quot; anything, it queries said service to retrieve results of scans previously performed by it;3. it is not a replacement for nmap, it&#39;s a completely different tool that happens to have a similar output and can, under certain conditions, provide similar information.
       
 (DIR) Post #AMq1Xg2i2OJWnP9PGK by ScottMortimer@infosec.exchange
       2022-08-23T15:41:06Z
       
       0 likes, 0 repeats
       
       @rysiek Yes, you are completely correct. However, it&#39;s not without value as it&#39;s a passive and silent means to obtain port scan data that could be helpful in the reconnaissance stage of a pentest.
       
 (DIR) Post #AMq1XgXYBiz4L3a2Km by rysiek@mastodon.technology
       2022-08-23T15:43:17Z
       
       1 likes, 0 repeats
       
       @ScottMortimer sure, it might have its uses.But framing it the way it&#39;s framed in your toot (&quot;open source security tool&quot;), and on the GitHub page, is misleading.It equates a stand-alone FLOSS tool with a thin client of a proprietary service.Calling it an &quot;open source security tool&quot; just feels... wrong. While technically it applies (it&#39;s &quot;a tool&quot; and the license of it is open), it does *nothing* without the proprietary service (with its own EULA) backing it.