git404hub

what is asyncscan-bof fr?

jakobfriedl/asyncscan-bof — explained in plain English

Analysis updated 2026-05-18

17CAudience · ops devopsComplexity · 4/5Setup · hard

tl;dr

An asynchronous TCP port scanner shipped as a Beacon Object File (BOF) for the Conquest C2 framework, used by red teamers from inside an existing agent.

vibe map

mindmap
  root((asyncscan-bof))
    Inputs
      IP ranges and CIDRs
      Port lists or ranges
      Pool size and timeout
    Outputs
      Open port reports
      Per-host summary
      Beacon wakeup events
    Use Cases
      Red team internal recon
      In-memory port scanning
      Conquest C2 command
    Tech Stack
      C
      Win32 sockets
      WSAPoll
      Conquest BOF

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Scan an internal /24 from inside a Conquest agent without spawning a new process

VIBE 2

Sweep nmap top 1000 ports against a list of hostnames during a red team engagement

VIBE 3

Tune socket pool size and WSAPoll timeout for stealthier internet-facing scans

VIBE 4

Add an asyncscan command to a Conquest operator console via the bundled Python module

what's the stack?

CWin32MakePythonConquest

how it stacks up fr

jakobfriedl/asyncscan-bof0xblackash/cve-2026-46333atomiczsec/noradrenaline
Stars171717
LanguageCCC
Setup difficultyhardmoderatehard
Complexity4/54/54/5
Audienceops devopsresearcherops devops

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · hard time til it works · 1h+

Only useful inside the Conquest C2 framework, which must be installed and have an active agent on a target host.

in plain english

AsyncScan is a small piece of offensive security tooling, written in C, that adds a port scanner to a red team operator's toolbox. It is shipped as what the security community calls a BOF, which stands for Beacon Object File. A BOF is a small program that loads into the memory of an existing agent running on a target machine and runs there, rather than being a separate executable. The agent in this case is the one provided by an open source command and control framework called Conquest, written by the same author. Conquest is required because the scanner depends on its ability to load object files asynchronously, which lets the scan run in the background without freezing the agent. The scanner accepts one or more targets and one or more ports. Targets can be plain IP addresses, hostnames, hyphen-separated IP ranges, or CIDR network blocks like 192.168.1.0/24. Ports can be individual numbers or ranges, and if no port list is given the scanner uses nmap's well-known list of the top one thousand ports. Under the hood the scan keeps a pool of non-blocking TCP sockets. For each target and port pair it calls the operating system's address resolution function, then fires a connect attempt without waiting for the result. A polling call called WSAPoll waits up to a configurable timeout for any of those sockets to respond, and the result tells the scanner whether the port is open or closed. The pool size and timeout are tunable so the operator can scan faster on a local network or more carefully across the internet. In verbose mode each open port is reported as soon as it is found, and a built-in function called BeaconWakeup nudges the agent so the result reaches the operator without waiting for the next scheduled check-in. After all ports have been tried the scanner prints a final summary grouped by host. The repository also ships a Python module that registers an asyncscan command inside Conquest, and the project is built with a simple make command after cloning.

prompts (copy fr)

prompt 1
Build asyncscan-bof with make and load it into a running Conquest agent
prompt 2
Use asyncscan-bof to scan 10.0.0.0/24 on ports 22, 80, 443, and 3389 with verbose output
prompt 3
Explain how the WSAPoll-based async loop in asyncscan-bof avoids blocking the Conquest beacon
prompt 4
Register the asyncscan Python command inside Conquest and document the argument syntax
prompt 5
Compare asyncscan-bof to running nmap externally for a red team operator who already has a beacon

Frequently asked questions

what is asyncscan-bof fr?

An asynchronous TCP port scanner shipped as a Beacon Object File (BOF) for the Conquest C2 framework, used by red teamers from inside an existing agent.

What language is asyncscan-bof written in?

Mainly C. The stack also includes C, Win32, Make.

How hard is asyncscan-bof to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is asyncscan-bof for?

Mainly ops devops.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.