Skip to content

New Module: Portfilter#2135

Merged
TheTechromancer merged 7 commits into
devfrom
portfilter
Jan 12, 2025
Merged

New Module: Portfilter#2135
TheTechromancer merged 7 commits into
devfrom
portfilter

Conversation

@TheTechromancer

@TheTechromancer TheTechromancer commented Jan 6, 2025

Copy link
Copy Markdown
Contributor

This PR adds a module portfilter which filters out unwanted open ports from CDNs, etc. This moves the logic out of portscan where it was previously, into its own dedicated module.

By default, any open port with a cdn-* tag that's not either 80 or 443 is filtered out. No special configuration is needed to enable the feature, only -m portfilter.

@Sh4d0wHunt3rX are these sensible defaults?

EDIT: Also added the --exclude-cdn CLI option.

@codecov

codecov Bot commented Jan 6, 2025

Copy link
Copy Markdown

Codecov Report

Attention: Patch coverage is 97.53086% with 2 lines in your changes missing coverage. Please review.

Project coverage is 93%. Comparing base (b33e384) to head (5d201ef).
Report is 14 commits behind head on dev.

Files with missing lines Patch % Lines
bbot/modules/portfilter.py 91% 2 Missing ⚠️
Additional details and impacted files
@@          Coverage Diff          @@
##             dev   #2135   +/-   ##
=====================================
- Coverage     93%     93%   -0%     
=====================================
  Files        372     374    +2     
  Lines      28936   29001   +65     
=====================================
+ Hits       26735   26774   +39     
- Misses      2201    2227   +26     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Sh4d0wHunt3rX

Copy link
Copy Markdown
Contributor

@TheTechromancer Thanks a lot 🙏 I guess this will fix the ignoring cdn ports in scan wide.

For example on Naabu tool, it's possible to skip them with:
-exclude-cdn, -ec skip full port scans for CDN/WAF (only scan for port 80,443)

@TheTechromancer

Copy link
Copy Markdown
Contributor Author

For example on Naabu tool, it's possible to skip them with:
-exclude-cdn, -ec skip full port scans for CDN/WAF (only scan for port 80,443)

Rgr, yeah this would probably make sense as a CLI flag.

@liquidsec

Copy link
Copy Markdown
Collaborator

Have you thought about making this an internal module?

@TheTechromancer

Copy link
Copy Markdown
Contributor Author

I don't think it should be default behavior. At least until we have a more robust system for distinguishing between cloud and CDN.

@TheTechromancer
TheTechromancer merged commit 696d9da into dev Jan 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants