Issue with Wildcard Filtering in Port Scan - All Ports Listed as Open

[remonsec]

Hello,

I'm experiencing an issue with jfscan when attempting to filter wildcard entries during a port scan. For some hosts, the scan outputs every port as open, which appears to be a misinterpretation rather than an accurate result. This affects the reliability of scan outputs, especially in situations where accurate port status is critical.

Steps to Reproduce:

• Run jfscan with wildcard filtering enabled on the affected hosts.

adoptech.co.uk
nominet.uk

• Observe the output, where every port is reported as open, regardless of the actual status.

Expected Behavior: The scan should properly filter out wildcard results, returning only genuinely open ports.
Actual Behavior: Every port is listed as open, leading to a bloated and inaccurate result set.

Additional Context:

I’ve attached a screenshot for reference, showing the output with all ports listed as open on affected hosts.

Screenshot:

Thanks for looking into this! Let me know if I can provide further details.

[nullt3r]

This is not an issue with JFScan; rather, it's related to the host's firewall, which responds to all ports (SYN packets) as if they are open (SYN-ACK).

[remonsec]

Thanks for the clarification. Is there any way to configure JFScan to recognize this kind of behavior—where the host's firewall responds with SYN-ACKs on all ports—and stop the scan when it detects this pattern? Implementing such a feature would enhance its integration within automation pipelines, as it could reduce unnecessary resource consumption. Alternatively, if you have any suggestions on handling this scenario efficiently, I'd appreciate it. Thanks!