Portspoof

Portspoof is a Kali Linux tool designed to improve operating system security through deceptive techniques that mislead attackers and port scanners. Instead of revealing closed or filtered ports, it makes every TCP port respond as if it is open, complicating reconnaissance efforts. This package includes a service that must be configured before use, as noted in the documentation.

Use cases include hardening systems against port scanning during penetration testing or defensive security operations. By emulating services on all ports, it forces attackers to spend more time probing each port, potentially exposing their activities. The tool relies on iptables for its functionality and requires root privileges to operate.

Configuration is essential, with guidance provided in /usr/share/doc/portspoof/README.Debian. The service can be started with portspoof-start and stopped with portspoof-stop, but adaptation to the specific environment is necessary for proper deployment.

Portspoof uses iptables to intercept all incoming TCP connection attempts across all 65535 ports. For every SYN packet received, it responds with SYN+ACK regardless of the port state, making all ports appear open to scanners. It maintains a large database of dynamic service signatures to emulate realistic services on open ports, generating fake banners that mimic real services and deceive tools like Nmap.