Scenario: You want to confirm that port 443 (HTTPS) is reachable from an internal segment to a DMZ server.
| Component | Technology | Function | |-----------|------------|----------| | Sender Engine | Raw sockets + AF_XDP (Linux) / WinDivert (Windows) | Generates and injects probe packets at line rate | | Receiver Engine | eBPF + Zero-copy ring buffers | Captures responses with microsecond timestamps | | Packet Scheduler | Token bucket + adaptive rate control | Avoids network flood & IDS thresholds | | ML Classifier | Lightweight ONNX model (Random Forest) | Differentiates open/filtered/closed from ambiguous responses | | Storage | SQLite (embedded) / ClickHouse (distributed) | Local or fleet-wide scan results | kportscan 3.0
kportscan [targets] [options]
Gone are the days of generic "HTTP" or "SSH" labels. kportscan 3.0 introduces a robust fingerprinting module. Instead of just grabbing the banner, 3.0 sends specific probes to identify: Scenario : You want to confirm that port