A Python script that will detect port scanning and log the information. Inspired by John Lin's pyscanlogger found here.
Can be installed with pip
- dpkt
- pypcap
- netifaces
- Detects which type of scan was performed
- Detects interfaces with ip address (ignores loopback and vm interfaces)
- Can listen to multiple interfaces using multiprocessing
- Detects ip address change
- Detects interface change
- Can perform whois lookup on attacker
- Platform independent
`sudo python pyscanloggerv2.py`
-h, --help show this help message and exit
-v, --verbose Prints scan detections to stdout
-f, --logfile Desired path of log file
-w, --whois Runs whois against scanner's ip
## Logging
- Logs to /var/log/pyscan.log by default- Triggers when 20 ports have been hit in 3 minutes from same ip address. The threshold can be changed at the top of the script for more/less sensitive triggering.