logo

Portspoof

PortSpoof is a security tool that obfuscates open ports on a server by making all ports appear open and emulating fake services to confuse attackers.

How PortSpoof Plays the Ultimate Game of 'Guess Who?' with Hackers

PortSpoof is a tool designed to enhance the security of a server by obfuscating open ports. It works by making it difficult for attackers to discover real services on a system because it can respond to every TCP port request with a fake service. This is done by dynamically generating random service signatures that make every port on a server appear open and emulating thousands of fake services. The primary purpose of PortSpoof is to confuse and slow down attackers, who will waste time scanning thousands of ports. It can also serve as a deterrent by making the task of distinguishing between real and fake services too time-consuming and complex.



Guide to installing Portspoof on Debian or Ubuntu, with a simple script.

Download or simply type this command if you have already installed all the necessary tools (script at the end of the page).

>portfake
Reading package lists... Done
Building dependency tree... Done
Reading state information..........



Files move to /etc/portspoof:
portspoof.conf	portspoof_signatures

add iptables
sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 1:65535 -j REDIRECT --to-ports 4444
to delete that rule
sudo iptables -t nat -D PREROUTING -p tcp -m tcp --dport 1:65535 -j REDIRECT --to-ports 4444

to run, simply type
portspoof -c /etc/portspoof/portspoof.conf -s /etc/portspoof/portspoof_signatures
alias=startfakep

After installation, it prompts whether you want to initiate Portspoofing, adds the IPtables rule, and starts automatically.

Files move to /etc/portspoof:
portspoof.conf	portspoof_signatures

Do you want to start Portspoof now? [y/n] y
-> Using user defined configuration file /etc/portspoof/portspoof.conf
-> Using user defined signature file /etc/portspoof/portspoof_signatures
 ip address show | grep inet | grep -v "inet6" | grep -v "127.0.0.1" | awk '{print $2}' | cut -f1 -d'/'
10.0.8.10




On kali linux

From kali we can verify this executing a simple nmap scan. 

❯ nmap 10.0.8.10
Starting Nmap 7.94SVN ( https://nmap.org ) 
Nmap scan report for 10.0.8.10
Host is up (0.00028s latency).
Not shown: 999 closed tcp ports (conn-refused)
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds

After Portspoof is executed:

nmap 10.0.8.10
Starting Nmap 7.94SVN ( https://nmap.org ) 
Nmap scan report for 10.0.8.10
Host is up (0.00012s latency).

PORT      STATE SERVICE
1/tcp     open  tcpmux
3/tcp     open  compressnet
4/tcp     open  unknown
6/tcp     open  unknown
7/tcp     open  echo
9/tcp     open  discard
13/tcp    open  daytime
17/tcp    open  qotd
19/tcp    open  chargen
20/tcp    open  ftp-data
21/tcp    open  ftp
22/tcp    open  ssh

.... a lot here ....


60443/tcp open  unknown
61532/tcp open  unknown
61900/tcp open  unknown
62078/tcp open  iphone-sync
63331/tcp open  unknown
64623/tcp open  unknown
64680/tcp open  unknown
65000/tcp open  unknown
65129/tcp open  unknown
65389/tcp open  unknown

❯ nmap -p- --open 10.0.8.10 | grep "open" | wc -l

65535




And that's all; you can copy or download the script from here.

To begin the work, please follow the steps, which will explain in detail how to manage the project beginning.

Code Example with Copy Functionality 
#!/bin/bash

# Lista de paquetes a instalar
paquetes=("git" "make" "g++" "iptables")

# Función para verificar si un paquete está instalado (Debian/Ubuntu/Kali)
paquete_instalado_apt() {
    dpkg -l "$1" | grep -q '^ii'  
}

# Función para verificar si un paquete está instalado (CentOS/RHEL)
paquete_instalado_yum() {
    yum list installed "$1" &> /dev/null
}

# Función para verificar si un paquete está instalado (Fedora)
paquete_instalado_dnf() {
    dnf list installed "$1" &> /dev/null
}

# Función para verificar si un paquete está instalado (Arch Linux)
paquete_instalado_pacman() {
    pacman -Qi "$1" &> /dev/null
}

# Detectar el sistema operativo
if [ -f /etc/os-release ]; then
    . /etc/os-release
    OS=$ID
fi

# Instalar paquetes basados en el sistema operativo
for paquete in "${paquetes[@]}"; do
    case $OS in
        "debian"|"ubuntu"|"kali")
            if ! paquete_instalado_apt "$paquete"; then
                echo "Instalando el paquete $paquete..."
                sudo apt-get install -y "$paquete"
            fi
            ;;
        "centos"|"rhel")
            if ! paquete_instalado_yum "$paquete"; then
                echo "Instalando el paquete $paquete..."
                sudo yum install -y "$paquete"
            fi
            ;;
        "fedora")
            if ! paquete_instalado_dnf "$paquete"; then
                echo "Instalando el paquete $paquete..."
                sudo dnf install -y "$paquete"
            fi
            ;;
        "arch")
            if ! paquete_instalado_pacman "$paquete"; then
                echo "Instalando el paquete $paquete..."
                sudo pacman -S --noconfirm "$paquete"
            fi
            ;;
        *)
            ;;
    esac
done




# Clonar el repositorio de Portspoof
git clone https://github.com/drk1wi/portspoof.git
cd portspoof/

# Compilar e instalar Portspoof
./configure
make
sudo make install
#sudo make installcheck
make cleanls

# Crear directorio para la configuración de Portspoof y mover archivos
sudo mkdir -p /etc/portspoof
sudo mv tools/portspoof.conf /etc/portspoof/
sudo mv tools/portspoof_signatures /etc/portspoof/

# Verificar el movimiento de los archivos
echo "Files move to /etc/portspoof:"
ls /etc/portspoof
echo ""

echo -e "\n\033[1;31m_____________SSH will stop working after stopping Portspoof.____________________________\033[0m\n"

# Ask the user if they want to start Portspoof
read -p "Do you want to start Portspoof now? [y/n] " answer

# Check if the user's answer is 'y' or 'Y'
if [[ "$answer" == "y" || "$answer" == "Y" ]]; then
    # Execute commands to start Portspoof
    sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 1:65535 -j REDIRECT --to-ports 4444
    portspoof -c /etc/portspoof/portspoof.conf -s /etc/portspoof/portspoof_signatures
fi

echo -e "\n\033[1;34m_________________________________________________________\033[0m\n"

echo "Iptables rules to add or remove:"
echo "sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 1:65535 -j REDIRECT --to-ports 4444"
echo "To delete the rule next command: (SSH might not work if it's enabled.)"
echo "sudo iptables -t nat -D PREROUTING -p tcp -m tcp --dport 1:65535 -j REDIRECT --to-ports 4444"
echo ""
# Instructions for running Portspoof
echo "to run, simply type"
echo "portspoof -c /etc/portspoof/portspoof.conf -s /etc/portspoof/portspoof_signatures"
echo "alias to start portspoof=iniciafakep"
echo -e "\n\033[1;34m_________________________________________________________\033[0m\n"

cd ~
rm -rf portspoof
  • Download