{"id":13531032,"url":"https://github.com/ivre/masscanned","last_synced_at":"2025-04-05T09:06:11.055Z","repository":{"id":38938701,"uuid":"436183270","full_name":"ivre/masscanned","owner":"ivre","description":"Let's be scanned. A low-interaction honeypot focused on network scanners and bots. It integrates very well with IVRE to build a self-hosted alternative to GreyNoise.","archived":false,"fork":false,"pushed_at":"2025-03-28T00:57:51.000Z","size":3408,"stargazers_count":119,"open_issues_count":10,"forks_count":15,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-29T08:07:48.442Z","etag":null,"topics":["hacktoberfest","honeypot","ipv4","ipv6","ivre","low-interaction","low-interaction-honeypot","network","network-monitoring","network-security","networking","security","tcp","udp"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ivre.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-08T09:08:38.000Z","updated_at":"2025-03-14T18:03:15.000Z","dependencies_parsed_at":"2023-09-29T20:33:22.186Z","dependency_job_id":"4599b4ef-2766-4739-843f-acbfb3320c0c","html_url":"https://github.com/ivre/masscanned","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivre%2Fmasscanned","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivre%2Fmasscanned/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivre%2Fmasscanned/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivre%2Fmasscanned/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ivre","download_url":"https://codeload.github.com/ivre/masscanned/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247312077,"owners_count":20918344,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","honeypot","ipv4","ipv6","ivre","low-interaction","low-interaction-honeypot","network","network-monitoring","network-security","networking","security","tcp","udp"],"created_at":"2024-08-01T07:00:59.226Z","updated_at":"2025-04-05T09:06:11.011Z","avatar_url":"https://github.com/ivre.png","language":"Rust","funding_links":[],"categories":["Rust","security","Honeypots"],"sub_categories":[],"readme":"[![Build masscanned](https://github.com/ivre/masscanned/actions/workflows/test.yml/badge.svg?branch=master)](https://github.com/ivre/masscanned/actions/workflows/test.yml?branch=master)\n\n# Masscanned\n\n**Masscanned** (name inspired, of course, by [masscan](https://github.com/robertdavidgraham/masscan))\nis a network responder. Its purpose is to provide generic answers to as many protocols as possible,\nand with as few assumptions as possible on the client's intentions.\n\n\u003e *Let them talk first.*\n\nJust like [masscan](https://github.com/robertdavidgraham/masscan), **masscanned** implements its own,\nuserland network stack, similarly to [honeyd](http://honeyd.org/). It is designed to interact\nwith scanners and opportunistic bots as far as possible, and to support as many protocols as possible.\n\nFor example, when it receives network packets:\n\n* **masscanned** answers to `ARP who is-at` with `ARP is-at` (for its IP addresses),\n* **masscanned** answers to `ICMP Echo Request` with `ICMP Echo Reply`,\n* **masscanned** answers to `TCP SYN` (any port) with `TCP SYN/ACK` on any port,\n* **masscanned** answers to `HTTP` requests (any verb) over `TCP/UDP` (any port) with a `HTTP 401` web page.\n\n![demo](doc/img/demo.gif)\n\n## Overview\n\n**Masscanned** currently supports most common protocols at layers 2-3-4, and a few application\nprotocols.\n\n### Network protocols\n\n* ARP (answers to ARP requests)\n* ICMP (answers to ping) \n* ICMPv6 (answers to ND NS) \n* TCP (answers to SYN and PUSH)\n\n### Application protocols\n\n* HTTP (answers to all verbs)\n* SSH (answers to the client banner)\n* STUN (answers to binding requests)\n* SMB\n* DNS (answers to IN/A queries)\n\n## Try it locally\n\n### On your host\n\n1. Build **masscanned**\n```\n$ cargo build\n```\n2. Create a new net namespace\n```\n# ip netns add masscanned\n```\n3. Create veth between the two namespaces\n```\n# ip link add vethmasscanned type veth peer veth netns masscanned\n# ip link set vethmasscanned up\n# ip -n masscanned link set veth up\n```\n4. Set IP on local veth to have a route for outgoing packets\n```\n# ip addr add dev vethmasscanned 192.168.0.0/31\n```\n5. Run **masscanned** in the namespace\n```\n# ip netns exec masscanned ./target/debug/masscanned --iface veth -v[vv]\n```\n6. With another terminal, send packets to **masscanned**\n```\n# arping 192.168.0.1\n# ping 192.168.0.1\n# nc -n -v 192.168.0.1 80\n# nc -n -v -u 192.168.0.1 80\n...\n```\n\n### In a Docker\n\n1. Install docker:\n```\n# apt install docker.io\n```\n1. Build docker container:\n```\n$ cd masscanned/docker \u0026\u0026 docker build -t masscanned:test .\n```\n1. Run docker container:\n```\n$ docker run --cap-add=NET_ADMIN masscanned:test\n```\n1. Send packets to **masscanned**\n```\n# arping 172.17.0.2\n# ping 172.17.0.2\n# nc -n -v 172.17.0.2 80\n# nc -n -v -u 172.17.0.2 80\n...\n```\n\n## Use it\n\nA good use of **masscanned** is to deploy it on a VPS with one or more public IP addresses.\n\nTo use the results, the best way is to capture all network traffic on the interface **masscanned** is listening to/responding on.\nThe pcaps can then be analyzed using [zeek](https://zeek.org/) and the output files can typically be pushed in an instance of **IVRE**.\n\nA documentation on how to deploy an instance of **masscanned** on a VPS is coming (see [Issue #2](https://github.com/ivre/masscanned/issues/2)).\n\n### Supported options\n\n```\nNetwork answering machine for various network protocols (L2-L3-L4 + applications)\n\nUsage: masscanned [OPTIONS] --iface \u003ciface\u003e\n\nOptions:\n  -i, --iface \u003ciface\u003e\n          the interface to use for receiving/sending packets\n  -m, --mac-addr \u003cmac\u003e\n          MAC address to use in the response packets\n      --self-ip-file \u003cselfipfile\u003e\n          File with the list of IP addresses handled by masscanned\n      --self-ip-list \u003cselfiplist\u003e\n          Inline list of IP addresses handled by masscanned, comma-separated\n      --remote-ip-deny-file \u003cremoteipdenyfile\u003e\n          File with the list of IP addresses from which masscanned will ignore packets\n      --remote-ip-deny-list \u003cremoteipdenylist\u003e\n          Inline list of IP addresses from which masscanned will ignore packets\n  -v...\n          Increase message verbosity\n  -q, --quiet\n          Quiet mode: do not output anything on stdout\n      --format \u003cformat\u003e\n          Format in which to output logs [default: console] [possible values: console, logfmt]\n  -h, --help\n          Print help information\n  -V, --version\n          Print version information\n```\n\n## Supported protocols - details\n\n### Layer 2\n\n#### ARP\n\n`masscanned` answers to `ARP` requests, for requests that target an `IPv4` address\nthat is handled by `masscanned` (*i.e.*, an address that is in the \nIP address file given with option `-f`).\n\nThe answer contains the first of the following possible `MAC` addresses:\n\n* the `MAC` address specified with `-a` in command line if any,\n* the `MAC` address of the interface specified with `-i` in command line if any,\n* or the `masscanned` default `MAC` address, *i.e.*, `c0:ff:ee:c0:ff:ee`.\n\n#### Ethernet\n\n`masscanned` answers to `Ethernet` frames, if and only if the following requirements are met:\n\n* the destination address of the frame should be handled by `masscanned`, which means:\n    \n    * `masscanned` own `MAC` address,\n    * the broadcast `MAC` address `ff:ff:ff:ff:ff:ff`,\n    * a multicast `MAC` address corresponding to one of the `IPv4` addresses handled by `masscanned` ([RFC 1112](https://datatracker.ietf.org/doc/html/rfc1112)),\n    * a multicast `MAC` address corresponding to one of the `IPv6` addresses handled by `masscanned` ;\n\n* `EtherType` field is one of `ARP`, `IPv4` or `IPv6`.\n\n**Note:** even for a non-multicast IP address, `masscanned` will respond to L2 frames addressed to the corresponding multicast `MAC` address.\nFor instance, if `masscanned` handles `10.11.12.13`, it will answer to frames addressed to `01:00:5e:0b:0c:0d`.\n\n### Layer 3\n\n#### IPv4/IPv6\n\n`masscanned` answers to `IPv4` and `IPv6` packets, only if:\n\n* no `IP` address is specified in a file (*i.e.*, no `-f` option is specified or the file is empty),\n\n**or**\n\n* the destination IP address of the incoming packet is one of the IP addresses handled by `masscanned`.\n\nAn additionnal requirement is that the next layer protocol is supported - see below.\n\n#### IPv4\n\nThe following L3+/4 protocols are supported for an `IPv4` packet:\n\n* `ICMPv4`\n* `UDP`\n* `TCP`\n\nIf the next layer protocol is not one of them, the packet is dropped.\n\n#### IPv6\n\nThe following L3+/4 protocols are supported for an `IPv6` packet:\n\n* `ICMPv6`\n* `UDP`\n* `TCP`\n\nIf the next layer protocol is not one of them, the packet is dropped.\n\n### Layer 3+/4\n\n#### ICMPv4\n\n`masscanned` answers to `ICMPv4` packets if and only if:\n\n* the `ICMP` type of the incoming packet is `EchoRequest` (`8`),\n* the `ICMP` code of the incoming packet is `0`.\n\nIf these conditions are met, `masscanned` answers with an `ICMP` packet of type `EchoReply` (`0`), \ncode `0` and the same payload as the incoming packet, as specified by [RFC 792](https://datatracker.ietf.org/doc/html/rfc792).\n\n#### ICMPv6\n\n`masscanned` answers to `ICMPv6` packets if and only if:\n\n* the `ICMP` type is `NeighborSol` (`135`) **and**:\n    * no IP (v4 or v6) was speficied for `masscanned`\n    * **or** the target address of the Neighbor Solicitation is one of `masscanned`\n\n*In that case, the answer is a `Neighbor Advertisement` (`136`) packet with `masscanned` `MAC` address*\n\n**or**\n\n*  the `ICMP` type is `EchoRequest` (`128`)\n\n*In that case, the answer is a `EchoReply` (`129`) packet.*\n\n#### TCP\n\n`masscanned` answers to the following `TCP` packets:\n\n* if the received packet has flags `PSH` and `ACK`, `masscanned` checks the **SYNACK-cookie**, and if valid answers at least a `ACK`, or a `PSH-ACK` if\na supported protocol (Layer 5/6/7) has been detected,\n* if the received packet has flag `ACK`, it is ignored,\n* if the received packet has flag `RST` or `FIN-ACK`, it is ignored,\n* if the received packet has flag `SYN`, then `masscanned` tries to imitate the behaviour\nof a standard Linux stack - which is:\n    * if there are additional flags that are not among `PSH`, `URG`, `CWR`, `ECE`, then the `SYN` is ignored,\n    * if the flags `CWR` and`ECE` are simultaneously set, then the `SYN` is ignored,\n    * in any other case, `masscanned` answers with a `SYN-ACK` packet, setting a **SYNACK-cookie** in the sequence number.  \n\n#### UDP\n\n`masscanned` answers to an `UDP` packet if and only if the upper-layer protocol\nis handled and provides an answer.\n\n### Application protocols\n\n#### HTTP\n\n`masscanned` answers to any `HTTP` request (any **valid** verb) with a `401 Authorization Required`.\nNote that `HTTP` requests with an invalid verb will not be answered.\n\nExample:\n\n```\n$ curl -X GET 10.11.10.129\n\u003chtml\u003e\n\u003chead\u003e\u003ctitle\u003e401 Authorization Required\u003c/title\u003e\u003c/head\u003e\n\u003cbody bgcolor=\"white\"\u003e\n\u003ccenter\u003e\u003ch1\u003e401 Authorization Required\u003c/h1\u003e\u003c/center\u003e\n\u003chr\u003e\u003ccenter\u003enginx/1.14.2\u003c/center\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n$ curl -X OPTIONS 10.11.10.129\n\u003chtml\u003e\n\u003chead\u003e\u003ctitle\u003e401 Authorization Required\u003c/title\u003e\u003c/head\u003e\n\u003cbody bgcolor=\"white\"\u003e\n\u003ccenter\u003e\u003ch1\u003e401 Authorization Required\u003c/h1\u003e\u003c/center\u003e\n\u003chr\u003e\u003ccenter\u003enginx/1.14.2\u003c/center\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n$ curl -X HEAD 10.11.10.129\nWarning: Setting custom HTTP method to HEAD with -X/--request may not work the \nWarning: way you want. Consider using -I/--head instead.\n\u003chtml\u003e\n\u003chead\u003e\u003ctitle\u003e401 Authorization Required\u003c/title\u003e\u003c/head\u003e\n\u003cbody bgcolor=\"white\"\u003e\n\u003ccenter\u003e\u003ch1\u003e401 Authorization Required\u003c/h1\u003e\u003c/center\u003e\n\u003chr\u003e\u003ccenter\u003enginx/1.14.2\u003c/center\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n$ curl -X XXX 10.11.10.129\n[timeout]\n```\n\n#### STUN\n\nExample:\n\n```\n$ stun 10.11.10.129\nSTUN client version 0.97\nPrimary: Open\nReturn value is 0x000001\n```\n\n#### SSH\n\n`masscanned` answers to `SSH` `Client: Protocol` messages with the following `Server: Protocol` message:\n\n```\nSSH-2.0-1\\r\\n\n```\n\n#### SMB\n\n`masscanned` answers to `Negotiate Protocol Request` packets in order for the\nclient to send a `NTLMSSP_NEGOTIATE`, to which `masscanned` answers with a challenge.\n\nExample:\n\n```\n##$ smbclient -U user \\\\\\\\10.11.10.129\\\\shared\nEnter WORKGROUP\\user's password: \n```\n\n#### DNS\n\n`masscanned` answers to `DNS` queries of class `IN` and type `A` (for now).\nThe answer it provides always contains the IP address the query was sent to.\n\nExample:\n\n```\n$ host -t A masscan.ned 10.11.10.129\nUsing domain server:\nName: 10.11.10.129\nAddress: 10.11.10.129#53\nAliases: \n\nmasscan.ned has address 10.11.10.129\n$ host -t A masscan.ned 10.11.10.130\nUsing domain server:\nName: 10.11.10.130\nAddress: 10.11.10.130#53\nAliases: \n\nmasscan.ned has address 10.11.10.130\n$ host -t A masscan.ned 10.11.10.131\nUsing domain server:\nName: 10.11.10.131\nAddress: 10.11.10.131#53\nAliases: \n\nmasscan.ned has address 10.11.10.131\n$ host -t A masscan.ned 10.11.10.132\nUsing domain server:\nName: 10.11.10.132\nAddress: 10.11.10.132#53\nAliases: \n\nmasscan.ned has address 10.11.10.132\n\n```\n\n## Internals\n\n### Tests\n\n#### Unit tests\n\n```\n$ cargo test\n   Compiling masscanned v0.2.0 (/zdata/workdir/masscanned)\n    Finished test [unoptimized + debuginfo] target(s) in 3.83s\n     Running unittests (target/debug/deps/masscanned-f9292f8600038978)\n\nrunning 92 tests\ntest client::client_info::tests::test_client_info_eq ... ok\ntest layer_2::arp::tests::test_arp_reply ... ok\ntest layer_2::tests::test_eth_empty ... ok\ntest layer_2::tests::test_eth_reply ... ok\ntest layer_3::ipv4::tests::test_ipv4_reply ... ok\ntest layer_3::ipv4::tests::test_ipv4_empty ... ok\ntest layer_3::ipv6::tests::test_ipv6_empty ... ok\ntest layer_3::ipv6::tests::test_ipv6_reply ... ok\ntest layer_4::icmpv4::tests::test_icmpv4_reply ... ok\ntest layer_4::icmpv6::tests::test_icmpv6_reply ... ok\ntest layer_4::icmpv6::tests::test_nd_na_reply ... ok\ntest layer_4::tcp::tests::test_synack_cookie_ipv6 ... ok\ntest layer_4::tcp::tests::test_tcp_fin_ack_wrap ... ok\ntest proto::dns::cst::tests::class_parse ... ok\ntest layer_4::tcp::tests::test_tcp_fin_ack ... ok\ntest layer_4::tcp::tests::test_synack_cookie_ipv4 ... ok\ntest proto::dns::cst::tests::type_parse ... ok\ntest proto::dns::header::tests::parse_byte_by_byte ... ok\ntest proto::dns::header::tests::repl_id ... ok\ntest proto::dns::header::tests::repl_opcode ... ok\ntest proto::dns::header::tests::repl_ancount ... ok\ntest proto::dns::header::tests::repl_rd ... ok\ntest proto::dns::query::tests::parse_in_a_all ... ok\ntest proto::dns::header::tests::parse_all ... ok\ntest proto::dns::query::tests::repl ... ok\ntest proto::dns::query::tests::reply_in_a ... ok\ntest proto::dns::rr::tests::parse_all ... ok\ntest proto::dns::rr::tests::parse_byte_by_byte ... ok\ntest proto::dns::query::tests::parse_in_a_byte_by_byte ... ok\ntest proto::dns::tests::parse_qd_all ... ok\ntest proto::dns::tests::parse_qd_byte_by_byte ... ok\ntest proto::dns::rr::tests::build ... ok\ntest proto::dns::tests::parse_qd_rr_all ... ok\ntest proto::dns::tests::parse_qr_rr_byte_by_byte ... ok\ntest proto::dns::tests::parse_rr_byte_by_byte ... ok\ntest proto::dns::tests::parse_rr_all ... ok\ntest proto::dns::tests::reply_in_a ... ok\ntest proto::http::tests::test_http_request_line ... ok\ntest proto::http::tests::test_http_request_no_field ... ok\ntest proto::http::tests::test_http_request_field ... ok\ntest proto::http::tests::test_http_verb ... ok\ntest proto::rpc::tests::test_probe_nmap ... ok\ntest proto::rpc::tests::test_probe_nmap_split1 ... ok\ntest proto::rpc::tests::test_probe_portmap_v4_dump ... ok\ntest proto::rpc::tests::test_probe_nmap_split2 ... ok\ntest proto::rpc::tests::test_probe_nmap_udp ... ok\ntest proto::smb::tests::test_smb1_session_setup_request_parse ... ok\ntest proto::smb::tests::test_smb1_protocol_nego_parsing ... ok\ntest proto::smb::tests::test_smb1_protocol_nego_reply ... ok\ntest proto::smb::tests::test_smb1_session_setup_request_reply ... ok\ntest proto::smb::tests::test_smb2_protocol_nego_parsing ... ok\ntest proto::smb::tests::test_smb2_protocol_nego_reply ... ok\ntest proto::smb::tests::test_smb2_session_setup_request_reply ... ok\ntest proto::smb::tests::test_smb2_session_setup_request_parse ... ok\ntest proto::ssh::tests::ssh_1_banner_cr ... ok\ntest proto::ssh::tests::ssh_1_banner_crlf ... ok\ntest proto::ssh::tests::ssh_1_banner_lf ... ok\ntest proto::ssh::tests::ssh_1_banner_space ... ok\ntest proto::ssh::tests::ssh_2_banner_cr ... ok\ntest proto::ssh::tests::ssh_1_banner_parse ... ok\ntest proto::ssh::tests::ssh_2_banner_parse ... ok\ntest proto::ssh::tests::ssh_2_banner_lf ... ok\ntest proto::ssh::tests::ssh_2_banner_crlf ... ok\ntest proto::stun::tests::test_change_request_port_overflow ... ok\ntest proto::stun::tests::test_proto_stun_ipv4 ... ok\ntest proto::stun::tests::test_change_request_port ... ok\ntest proto::ssh::tests::ssh_2_banner_space ... ok\ntest proto::stun::tests::test_proto_stun_ipv6 ... ok\ntest proto::tcb::tests::test_proto_tcb_proto_state_http ... ok\ntest proto::tests::dispatch_dns ... ok\ntest proto::tcb::tests::test_proto_tcb_proto_state_rpc ... ok\ntest proto::tcb::tests::test_proto_tcb_proto_id ... ok\ntest proto::tests::test_proto_dispatch_http ... ok\ntest proto::tests::test_proto_dispatch_ssh ... ok\ntest proto::tests::test_proto_dispatch_ghost ... ok\ntest proto::tests::test_proto_dispatch_stun ... ok\ntest smack::smack::tests::test_anchor_end ... ok\ntest smack::smack::tests::test_multiple_matches_wildcard ... ok\ntest smack::smack::tests::test_multiple_matches ... ok\ntest smack::smack::tests::test_anchor_begin ... ok\ntest smack::smack::tests::test_http_banner ... ok\ntest synackcookie::tests::test_clientinfo ... ok\ntest synackcookie::tests::test_ip4 ... ok\ntest synackcookie::tests::test_ip4_dst ... ok\ntest synackcookie::tests::test_ip4_src ... ok\ntest synackcookie::tests::test_ip6 ... ok\ntest synackcookie::tests::test_key ... ok\ntest synackcookie::tests::test_tcp_dst ... ok\ntest synackcookie::tests::test_tcp_src ... ok\ntest smack::smack::tests::test_wildcard ... ok\ntest smack::smack::tests::test_proto ... ok\ntest smack::smack::tests::test_pattern ... ok\n\ntest result: ok. 92 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.41s\n```\n\n#### Functional tests\n\n```\n# ./test/test_masscanned.py\nINFO    test_arp_req......................................OK\nINFO    test_arp_req_other_ip.............................OK\nINFO    test_ipv4_udp_dns_in_a............................OK\nINFO    test_ipv4_udp_dns_in_a_multiple_queries...........OK\nINFO    test_ipv4_tcp_ghost...............................OK\nINFO    test_ipv4_tcp_http................................OK\nINFO    test_ipv4_tcp_http_segmented......................OK\nINFO    test_ipv4_tcp_http_incomplete.....................OK\nINFO    test_ipv6_tcp_http................................OK\nINFO    test_ipv4_udp_http................................OK\nINFO    test_ipv6_udp_http................................OK\nINFO    test_ipv4_tcp_http_ko.............................OK\nINFO    test_ipv4_udp_http_ko.............................OK\nINFO    test_ipv6_tcp_http_ko.............................OK\nINFO    test_ipv6_udp_http_ko.............................OK\nINFO    test_icmpv4_echo_req..............................OK\nINFO    test_icmpv6_neighbor_solicitation.................OK\nINFO    test_icmpv6_neighbor_solicitation_other_ip........OK\nINFO    test_icmpv6_echo_req..............................OK\nINFO    test_ipv4_req.....................................OK\nINFO    test_eth_req_other_mac............................OK\nINFO    test_ipv4_req_other_ip............................OK\nINFO    test_rpc_nmap.....................................OK\nINFO    test_rpcinfo......................................OK\nINFO    test_smb1_network_req.............................OK\nINFO    test_smb2_network_req.............................OK\nINFO    test_ipv4_tcp_ssh.................................OK\nINFO    test_ipv4_udp_ssh.................................OK\nINFO    test_ipv6_tcp_ssh.................................OK\nINFO    test_ipv6_udp_ssh.................................OK\nINFO    test_ipv4_udp_stun................................OK\nINFO    test_ipv6_udp_stun................................OK\nINFO    test_ipv4_udp_stun_change_port....................OK\nINFO    test_ipv6_udp_stun_change_port....................OK\nINFO    test_ipv4_tcp_empty...............................OK\nINFO    test_ipv6_tcp_empty...............................OK\nINFO    test_tcp_syn......................................OK\nINFO    test_ipv4_tcp_psh_ack.............................OK\nINFO    test_ipv6_tcp_psh_ack.............................OK\nINFO    test_ipv4_udp_empty...............................OK\nINFO    test_ipv6_udp_empty...............................OK\nINFO    Ran 41 tests with 0 errors\n```\n\nYou can also chose what tests to run using the `TESTS` environment variable\n```\nTESTS=smb ./test/test_masscanned.py\nINFO    test_smb1_network_req.............................OK\nINFO    test_smb2_network_req.............................OK\nINFO    Ran 2 tests with 0 errors\n```\n\n## Logging\n\n### Console Logger\n\n**Verbs**: \n* `init`\n* `recv`\n* `send`\n* `drop`\n\n#### ARP\n\n```\n$ts arp $verb   $operation $client_mac $client_ip  $masscanned_mac $masscanned_ip\n```\n\n#### Ethernet\n\n```\n$ts eth $verb   $ethertype  $client_mac $masscanned_mac\n```\n\n## To Do\n\n* Drop incoming packets if checksum is incorrect\n* Fix source address when answering to multicast packets.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivre%2Fmasscanned","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fivre%2Fmasscanned","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivre%2Fmasscanned/lists"}