Investigator Use
Scanless (Port Scan Scraper) is an open-source Python tool available on GitHub that performs port scanning using third-party online scanning services rather than generating direct traffic from the investigator's own machine. By routing scan requests through public online port scanning APIs (such as HackerTarget, Shodan, T1 Shopper, and others), it effectively anonymizes the source of the reconnaissance.
For OSINT investigators conducting authorized reconnaissance, Scanless addresses a practical operational security concern: when scanning a target's network infrastructure directly, the target's security monitoring may log and alert on connections from the investigator's IP address. By leveraging third-party scanning services, Scanless uses their IP addresses as the apparent scanner origin, providing a layer of indirection.
The tool supports multiple backend scanning services simultaneously, allowing investigators to cross-reference open port data from different sources. Discrepancies between services may indicate that certain ports are filtered based on source IP, or that scan results are cached rather than reflecting the current live state of the target.
Common investigative applications within authorized scope include: conducting initial port reconnaissance on authorized targets without revealing the investigation source IP, comparing port scan results from multiple external vantage points to identify inconsistent access controls, and quickly determining which ports are publicly accessible on a target host using available online scanning services.
Technical limitations are significant: third-party scanning services scan only a limited port range, have rate limits, and may return cached rather than live results. For comprehensive port scanning, dedicated tools like Nmap or Masscan run against authorized targets provide more complete data.
The dependency on external services means Scanless is subject to the availability, accuracy, and policies of those services. Investigators should verify results from Scanless against additional sources and treat outputs as reconnaissance leads rather than definitive findings.
As with all port scanning activity, legal authorization for the target is required. Document the tool used, backend service employed, target, and timestamp for all scan activity.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
CVE
Cyber Threat OSINT
CVE provides standardized vulnerability identifiers and references used in security research, triage, and threat intelligence workflows.
CVE Details
Cyber Threat OSINT
CVE Details aggregates vulnerability records, CVSS scores, and affected software lists for security analysis and patch prioritization.
Default Passwords
Cyber Threat OSINT
Find default passwords and credentials for routers, printers, servers, and network devices for authorized security auditing.
Exploit DB
Cyber Threat OSINT
The Exploit Database archives public exploits and proof-of-concept code for known vulnerabilities, used in penetration testing and research.
Honey DB
Cyber Threat OSINT
HoneyDB aggregates honeypot sensor data to identify malicious IP addresses, attacker tactics, and emerging threat patterns.
Hybrid analysis
Cyber Threat OSINT
Hybrid Analysis provides free malware sandboxing with Falcon Sandbox technology to analyze suspicious files and URLs for threat intelligence.