Skip to content

portscan module skip tags option#3118

Open
liquidsec wants to merge 1 commit into
devfrom
portscan-skip-tags
Open

portscan module skip tags option#3118
liquidsec wants to merge 1 commit into
devfrom
portscan-skip-tags

Conversation

@liquidsec
Copy link
Copy Markdown
Collaborator

@liquidsec liquidsec commented May 21, 2026
edited
Loading

Summary

Adds a skip_tags option to the portscan module. When configured (e.g. cdn,waf), events with matching tags are excluded from masscan, and speculate fills the gap by emitting its configured ports for those skipped events.

Closes the gap that #3075 was reaching for, without putting emission logic inside filter_event or making portscan synthesize ports itself. Design:

  • portscan only scans; never emits assumed-open ports.
  • speculate's emit decision becomes per-event: it always emits when no active portscanner exists (today's behavior), and additionally emits for events the active portscanner would skip.
  • speculate consults portscan.would_skip(event), which is a small public method on the portscan module. The relationship is the same shape as today's "is portscan enabled?" check, just sharpened to "is portscan going to scan this event?"

Default skip_tags="" means today's behavior is unchanged.

@liquidsec
add portscan skip_tags option
151d32c 
portscan rejects events whose tags match skip_tags (default empty).
speculate fills the gap on a per-event basis: when an active portscan
is enabled but would_skip(event) is True, speculate emits its configured
ports as if no portscanner were present.
@liquidsec
Copy link
Copy Markdown
Collaborator Author

liquidsec commented May 21, 2026

supercedes #3075

@liquidsec liquidsec mentioned this pull request May 21, 2026
Closed
@liquidsec liquidsec self-assigned this May 21, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 21, 2026

🚀 Performance Benchmark Report

⚠️ No current benchmark data available

This might be because:

  • Benchmarks failed to run
  • No benchmark tests found
  • Dependencies missing

@codecov
Copy link
Copy Markdown

codecov Bot commented May 21, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 96.92308% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 90%. Comparing base (0fbe70a) to head (151d32c).

Files with missing lines Patch % Lines
...t/test_step_2/module_tests/test_module_portscan.py 96% 2 Missing ⚠️
Additional details and impacted files 
@@          Coverage Diff          @@
##             dev   #3118   +/-   ##
=====================================
+ Coverage     90%     90%   +1%     
=====================================
  Files        445     445           
  Lines      38727   38786   +59     
=====================================
+ Hits       34653   34706   +53     
- Misses      4074    4080    +6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@liquidsec liquidsec

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@liquidsec