Local Network Port Scanner (Timing Attack)

Abusing the browser to scan private network boundaries.

root@c2-server:~# ./scan_local.sh

[*] Initializing timing attack engine...
[*] Warning: Strict timeout set to 1500ms.
[*] Click 'Start Scan' to begin.

Developer Notes

How it works: Browsers restrict reading cross-origin data (CORS), but they typically still allow the network request to be sent (opaque responses). By measuring exactly how long a fetch() takes to fail, we can infer the port status.

Active Rejection vs. Timeout: If a local port is open/active, it quickly rejects the cross-origin request (or returns an opaque response). If the IP doesn't exist or a firewall drops the packet silently, the request hangs until our manual 1500ms timeout kills it.

The Threat: Attackers can map your home network (routers, IoT devices, local dev servers) simply by having you visit their public webpage. This is often step 1 before a local CSRF exploit against a vulnerable router.

RBI / Zero Trust Protection: Enterprise Browsers and RBI solutions enforce strict network isolation. They run in a cloud container and are explicitly blocked from routing traffic to private IP ranges (192.168.x.x, 10.x.x.x, localhost). The scan completely fails.