Portspoof Pro

See Portspoof Pro in Action

Real product. Real scans. Real integrations.

Command Center

Centralized view of all deception sensors. Real-time metrics, session activity, and fleet health at a glance.

Live Metrics

Active sessions, risk distribution, and total attacker time wasted

Session Timeline

24-hour activity graph tracking session patterns and high-risk spikes

Fleet Management

Multi-sensor enrollment, API keys, RBAC, and license tracking

Session Intelligence

Reconnaissance attempts tracked with full forensic detail: source IP, risk scoring, port enumeration, and probe duration.

Deception in Action

Real nmap scans against live Portspoof Pro sensors. Watch reconnaissance tools get flooded with polymorphic service emulation.

demo@attacker: ~/nmap_results
demo@attacker:~$ nmap -sV --top-ports 100 --open -Pn 10.200.1.1-10

Starting Nmap 7.93 ( https://nmap.org )

Nmap scan report for 10.200.1.1
PORT     STATE  SERVICE       VERSION
21/tcp   open   ftp           CrushFTP (IP banned)
26/tcp   open   irc           Crackalaka ircd
111/tcp  open   shell         FreeBSD rshd
Service Info: Host: qpxyeyb.iqyswjf.org; OS: Unix

Nmap scan report for 10.200.1.2
PORT       STATE  SERVICE     VERSION
548/tcp    open   afp
554/tcp    open   rtsp
2717/tcp   open   speechd     Speech Dispatcher text-to-speech
49152/tcp  open   unknown

Nmap scan report for 10.200.1.3
PORT      STATE  SERVICE        VERSION
389/tcp   open   ldap
445/tcp   open   microsoft-ds
990/tcp   open   ftp-proxy     Zscaler ftp proxy
5060/tcp  open   sip

Nmap scan report for 10.200.1.4
PORT       STATE  SERVICE       VERSION
139/tcp    open   netbios-ssn
1723/tcp   open   pptp
49154/tcp  open   unknown

Nmap scan report for 10.200.1.5
PORT       STATE  SERVICE       VERSION
139/tcp    open   netbios-ssn
144/tcp    open   telnet        BusyBox telnetd 1.14.0
544/tcp    open   kerberos-sec  MIT Kerberos
1755/tcp   open   nbd           Network Block Device 2.9.17
49152/tcp  open   smux          Linux SNMP multiplexer
Service Info: OS: Linux

Nmap scan report for 10.200.1.6
PORT      STATE  SERVICE    VERSION
990/tcp   open   hylafax   HylaFAX 4.2.0
5000/tcp  open   upnp      Pelco Spectra Mini IP webcam
Service Info: Device: webcam; OS: Linux

Nmap scan report for 10.200.1.7
PORT       STATE  SERVICE     VERSION
22/tcp     open   ssh        Neteyes C Series load balancer sshd
389/tcp    open   ldap       Cisco LDAP server
1433/tcp   open   ms-sql-s
1723/tcp   open   uucp       Taylor uucpd
10000/tcp  open   ndmp       BlueArc ndmp (NDMPv4)
Service Info: Device: load balancer

Nmap scan report for 10.200.1.8
PORT      STATE  SERVICE        VERSION
1720/tcp  open   h323q931
5666/tcp  open   daytime       American Dynamics EDVR security camera
Service Info: Device: webcam

Nmap scan report for 10.200.1.9
PORT      STATE  SERVICE        VERSION
13/tcp    open   daytime       Tardis 2000 daytime
88/tcp    open   kerberos-sec
3128/tcp  open   squid-http
6000/tcp  open   X11

Nmap scan report for 10.200.1.10
PORT       STATE  SERVICE     VERSION
23/tcp     open   telnet     Avaya Call Manager telnetd
993/tcp    open   imap       eXtremail IMAP server
32768/tcp  open   thinprint  ThinPrint print server
Service Info: Devices: PBX, print server

Nmap done: 10 IP addresses (10 hosts up) scanned in 219.37 seconds

Port Diversity: Polymorphic Network Emulation

10 different IPs, each with completely unique service signatures. Attackers must analyze every host individually. AI-driven reconnaissance tools choke on the variance. No two hosts look alike.

Enterprise Integration

Your cloud. Your SIEM. Your workflows. Portspoof Pro deploys natively and feeds your existing security stack.

Amazon Web Services

AWS

Deploy across VPCs with full subnet coverage. Events flow to Splunk, Elastic, Datadog, or Sumo Logic. Security Hub integration for compliance visibility.

Microsoft Azure

Microsoft Azure

Native Sentinel integration with KQL-queryable detection events. Analytics rules trigger automated response playbooks.

Google Cloud Platform

Google Cloud

Chronicle SecOps integration with automatic event parsing. Detection rules feed SOAR playbooks for automated response.

Elastic SIEM

Real-time dashboards with MITRE ATT&CK technique mapping, tool fingerprinting (Nmap 95.74%), geographic distribution, and behavioral pattern analysis. 3,608 sessions tracked, 2,184 unique attackers profiled.

OpenCTI Threat Intelligence

Enrich detection events with threat intelligence context. Track adversary campaigns and IOC relationships. 14 critical threat actors, 50 high-priority, 4.08K suspicious, auto-labeled with attacker-ip and network-reconnaissance tags.

Also Compatible With

SplunkMicrosoft SentinelGoogle ChronicleQRadarArcSightFortiSIEMSyslog/CEF

No Production Agents

Out-of-band sensor. No agents, plugins, or changes on production hosts.

Fits Your Stack

Works with your existing SIEM dashboards, alert rules, and SOAR playbooks.

Events in Minutes

Structured events flowing to your SIEM from day one. No baseline learning period.

Ready to Deploy?

See Portspoof Pro in your environment.

View Pricing