Kportscan | 3.0

For system administrators, it replaces the need to memorize Nmap command-line switches for quick checks. For security consultants, it offers a stealthy, export-friendly scanner that integrates into professional workflows. For students, it provides a safe, local tool to understand how port scanning and networking work at a pragmatic level.

KPortScan is not perfect. A notable bug was reported in the WineHQ Bug Tracker (Bug 42793) regarding the multi-threading stability:

Traditional scanners often use synchronous "Connect" scanning, which completes the full TCP three-way handshake (SYN, SYN-ACK, ACK). This method consumes significant system resources and time. KPortScan 3.0 optimizes thread management to launch thousands of socket connection attempts concurrently, tracking states efficiently to determine port availability without bottlenecking the local operating system's network stack. 3. Result Filtering kportscan 3.0

kportscan -t 192.168.1.0/24 -p 1-10000 --rate 10000 -o results.json

Unlike its predecessors which relied solely on TCP Connect scans, KPortScan 3.0 supports: For system administrators, it replaces the need to

To understand its position, it is useful to see how KPortScan 3.0 compares to administrative standard utilities: Capability / Feature KPortScan 3.0 Advanced Port Scanner Hacking Forums / Pen-testers Security Engineers System Administrators Scanning Speed Extremely Fast / Aggressive Configurable (Slow to Fast) Stealth Features Minimal (Noisy signature) High (Decoys, Fragmented packets) Low (Standard connections) OS Fingerprinting Advanced Scripting Engine (NSE) Licensing Freeware / Dubious origins Open Source (GPL) Free / Closed Source Detection and Security Telemetry

By using KPortScan 3.0 to construct a clean inventory of live internal hosts, actors can systematically deploy stolen credentials (such as Domain Admin accounts) via RDP to jump from machine to machine, eventually staging enterprise-wide ransomware. Comparing Port Scanners: KPortScan vs. Industry Standards KPortScan is not perfect

In November 2021, cybersecurity researchers uncovered a sophisticated campaign conducted by the Iranian-backed threat actor known as PHOSPHORUS. The actors exploited Microsoft Exchange vulnerabilities to gain initial access to target networks. After establishing a foothold, the attackers used stolen domain admin credentials to conduct internal port scanning using KPortScan 3.0. This scanning activity enabled them to identify additional systems, move laterally to backup systems and domain controllers via Remote Desktop Protocol (RDP), and deploy Impacket's wmiexec tool on at least one domain controller. This incident demonstrates how KPortScan 3.0 served as a critical reconnaissance tool within a sophisticated, state-sponsored attack chain.

: Because KPortScan 3.0 uses raw sockets and sends crafted packets, many AV engines (Microsoft Defender, McAfee, Norton) may quarantine it as “hacktool:portscanner”. This is a false positive. Add the installation folder to your AV exclusion list.

If the community supports the project, 3.0 may eventually include a distributed scanning mode where multiple agents across a WAN coordinate to scan large address spaces.

Looking for systems exposed to Remote Desktop services.