It is true that larger organizations have economies of scale but smaller groups and individuals have more flexibility and can pivot easily.
I dont think access to tech is any different (significantly that is) at the top than itnis at the bottom. Feature sets are more austere (8 out of the 10 functions maybe that they really need) for individuals and small groups, but less wasteful, at the top they're richer but more wasteful (hundreds of features maybe but you only really need 10). The bigger you are the worst value for money because you pay for a lot of stuff you dont need which cancels out the economies of scale in my opinion because you have to pay so much for such a small edge.
Getting more out of less is better than getting less out of more.
Depends on whether you want to be in it. A ladder might be enough to peek over the top and rip it off. Do it better. Which seems to be what is happening.
That only works for China's domestic market. As long as the IP they are "taking inspiration from" is protected in the target markets, they effectively lock themselves out by doing that.
In the case of technology like RISC, pretty much all the value add is unprotected, so they can sell those products in the US/EU without issue.
The US is probably ahead but they're so obsessed with moats, IP and safety that their lagginess is self imposed.
China has nothing to lose and everything to gain by releasing stuff openly.
Once China figures put how to make high performance FPGA chips really cheap, its game over for the US. The only power the US has is over GPU supply...and even then its pretty weak.
Not to mention NVIDIA crippling its own country with low VRAM cards. China is taking older cards, stripping the RAM and upgrading other older cards.
I regularly use tools like NMAP and masscan for scanning prospective customer networks to perform simple audits to get an idea of the things they're running as quickly as I can, but I find doing this a bit clunky and not as quick as I'd like. So I built AngryEther. It can scan a /24 in around 20 seconds and banner grabs important stuff. It can also be set to perform an ARP sweep to pick up devices that otherwise don't response to a typical ICMP/TCP sweep. The tool can also spit out a nice JSON file with all the information in that can be used to push the data back to a server somewhere for later use.
this is pretty nice. if u need to scan tons of places for large ranges (discovery all pvt ranges every timeframe) this can be really nice.
the problem i have with such scanners is accuracy though. but i suppose thats hard to tackle from scanner perspective (hard to see routing tricks etc.). for asset/vuln mgmt its good to have full disco scans to compare other sources and see if they cover everything with targeted scans. personally i wouldnt care much about banners in this case as other tools will do more aggressive fingerprinting.
a push back on scanning full 10./8 or such ranges was for me always time needed / bandwidth (idiots running full feature scan instead of pings... -_-)
with that landscape in mind id say maybe position yourself clearly in the discovery bucket, not finger printing, or make it clear different scan profiles.
if u start about banner grabbing ppl might either expect slowdowns or expect full banners for everything.
maybe its nice to make little scripts. your json into ansible inventory. RackTables maybe and NetBox? or in some format those accept. it will help adoption a lot.
Yeah, I often need a bit more than a ping sweep, but not a full feature scan. I've been around in tech long enough that I can look the output of my tool and know if a box is Windows or Linux or whatever...fingerprinting isn't that important for me.
The situation I'm usually in where I need this tool is I've been called in somewhere, their techie has left or been fired and I don't have a lot of documentation (if any) and I need to find important boxes and work out how to connect to them...an early version of this tool had an OUI lookup built in to do vendor ID, but that slowed it down a bit too much and including an OUI database with the app seemed excessive, implementing a "cloud" lookup wasn't feasible because I often need to do these scans on networks where I don't necessarily have internet access. I have a custom hardware device that I build out of a Radxa 3E with a POE hat that I can just jack into a network switch (if it has POE) and it automatically grabs everything it can for me, then dumps everything to the device (or if an internet connection is present, spits it at me over Pushbullet). With that device, I can go from knowing nothing, to knowing a reasonable amount in under 5 minutes.
It's a device that I would like to make a proper solution out of, but it's so esoteric that I think it would end up being pretty niche...it kind of relies on the engineer using it to think exactly like I do and being able to just "know" stuff...so it's the sort of thing that would generate more git issues and usability complaints than anything else!
Yes, the JSON output is precisely because I like to make scripts to push data into dashboards and the like...I stopped at just spitting out JSON because I have other tools/scripts that do that for me. I prefer to leave things as a JSON file because it's the greatest amount of flexibility, the cost though is that you have to be able to do something with the JSON once you have it.
The accuracy of this tool depends on the timeout you set and the performance of the network you scan. By default it has a 500ms timeout, which is enough for most networks, but increasing it to 1000ms on slower networks yields better accuracy...flicking on ARP adds even more accuracy...obviously both come at the cost of the time required to finish the scan though!
Further to this, ARP is off be default because you need root/sudo to be able to do an ARP sweep...you don't need special permissions to be able to run this app with it's default settings...which was a bugbear of mine with masscan.
