What is this tool and is it malicious?

robertdavidgraham / masscan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

GNU Affero General Public License v3.0

23k stars 3.02k forks source link

What is this tool and is it malicious? #721

Closed breadtf closed 8 months ago

breadtf commented 1 year ago

My website was visited by your tool, leaving 3 requests logged in my nginx logs file, all on the same day. IP-ADDRESS - - [07/Jun/2023:12:10:27 +0100] "GET / HTTP/1.0" 200 5076 "-" "masscan/1.3 (https://github.com/robertdavidgraham/masscan)"

Came here from the useragent string and was just wondering if I should be concerned about these requests.

AdmiralNoisyBottom commented 1 year ago

I've seen the same thing in my logs. While there is nothing wrong with port scanning, it is what is done with found ports that trouble me. I think they are just looking for open ports, and therefore services they can look at more closely.

bfontaine commented 8 months ago

Have you tried reading the README?