Adaptive Outbound SYN Timing to optimize speed of scanning

[inainazumakun]

Due to the scanner already being able to scan all 65k ports in an absurdly short amount of time, the key to optimizing the speed and efficiency of the application without causing client/server issues is to control the timing and delay between outbound packets to prevent the server from being overwhelmed.

A good start would be to actively track and calculate the averages between a SYN/ACK response and have the application automatically adjust the timing/delay based off of this average, and possibly have further controls to allow quicker or slower outbound packets based on the situation.

May also have further optimization by analyzing and checking the target OS's networking capabilities, possibly different OS have a better tolerance for faster responses.

[issue-label-bot]

Issue-Label Bot is automatically applying the label feature_request to this issue, with a confidence of 0.88. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

[bee-san]

@all-contributors please add @SmackHack for ideas, examples :)

[allcontributors]

@brandonskerritt

This project's configuration file has malformed JSON: .all-contributorsrc. Error:: Unexpected token : in JSON at position 609

[bee-san]

HAHAHAH rip okay sorry buddy I'll try to fix it :P

[bee-san]

@all-contributors please add @SmackHack for ideas, examples :)

[allcontributors]

@brandonskerritt

I've put up a pull request to add @SmackHack! 🎉

[bee-san]

@bergabman Heres the related issue

[4FunAndProfit]

@bee-san hello!
Any news on this issue ? :) would be great
I see that the issue referenced is closed but not this one That's why I'm wondering if it's already available or not? And whether it will ever be implemented?
Thanks a lot for your amazing tool :)

[bee-san]

Hey hey! @4FunAndProfit annoyingly right now my the contract I have with my company is very strict on open source. It's basically "do not do it at all or we will own your project" because they can't prove I didn't work on it during company time.

For days like today (I am on vacation) I can contribute things, but it's still awkward :(

There are some active contributors like @PsypherPunk and @BrendanGlancy , but most of the time right now I just review commits.

I do still plan to do this, and I am currently talking with HR to let me work on RustScan in my spare time since I think it's a beautiful idea and we can build something really cool 😅

Apologies for the delay, but you might like that we've finally adding fingerprinting for UDP which is a really cool feature. I'm also looking to revamp our CI so it's faster to iterate on, and bring back our speed tests in CI (to ensure rustscan is always fast) :D

[4FunAndProfit]

@bee-san you don't have to apologize for anything!!!!

Your tool is amazing, it serves thousands of pentesters and provides a real service,

So sorry for you (and for us) that your company won't let you work on it :)

It's true that this functionality is really what this tool is missing to be able to really be used on any type of target, but maybe @PsypherPunk or @BrendanGlancy will solve that for us!

And I totally agree with you on everything you say, in my opinion if you launch a petition to give to your users for your company to convince them we'll all sign up! :D

[PsypherPunk]

I've been looking at this a little: I may be entirely wrong but I'm not sure this is possible with the current stack. As per comments on #129, I don't know if we'd need to replace the current TCP stack entirely to achieve this. That said, I don't know if a switch to tokio might give is more than the current async-std crate.