masscan vs leakIX and others

[RU-Mayhem]

How does it fit to have access to data like LeakIX, which tells you which servers are vulnerable and to what vulnerability, or engines like Shodan that tell you open ports?

How does this fit with the use of masscan?

Are they mutually exclusive? Its masscan too old for the tools/engines we have today?

Can they be combined to obtain something really useful when locating initial vectors?
Is the "market" for brute force, for example in RDP, saturated?

 

[Pi4en1k]

So leakIX\Shodan\Censys all just scan the internet for open ports and then allow you to query it.
Masscan\nmap lets you scan for open ports yourself. If you are interested in a specific IP, you should also scan it yourself using masscan\nmap.
But if you are looking for just random vulnerable targets - you should definitely use OSINT search engines like LeakIX.

Others I personaly like are Shodan, Zoomeye and Fofa.

 

[Pi4en1k]

And of course you should also use these search engines if you are interested in a specific IP as well as scanning it manualy.
They can find you ports that maybe you didn't.

Also it's way easier to use because you can see all of the interesting info about the target\open ports.

 

[nickzfam]

Use shodan or censys\ fofa

 

[RU-Mayhem]

So leakIX\Shodan\Censys all just scan the internet for open ports and then allow you to query it.
Masscan\nmap lets you scan for open ports yourself. If you are interested in a specific IP, you should also scan it yourself using masscan\nmap.
But if you are looking for just random vulnerable targets - you should definitely use OSINT search engines like LeakIX.

Others I personaly like are Shodan, Zoomeye and Fofa.

Thanks for the tips. Make complete sense.

Currently I don't need to focus on a specific goal, rather something that allows me to practice, so I think I'll start with search engines.

Likewise, when I gain a little more ease I will start with something more specific so as not to lose good manners .