Internet scanning anywhere and everywhere.
Globally deploy and distribute your Internet measurements, scans and experiments leveraging cloud infrastructure and consumer-grade VPN subscriptions.
- Providing built-in support for many popoular VPN services: e.g., nordvpn, mullvad, surfshark, protonvpn, public internet access, hidemyass, cyberghost, ivpn, hide.me, cloudflare warp
- Providing IPv6 support whenever it is available by the VPN service (e.g., Mullvad)
- Allowing to add an ephemeral Cloudflare Warp hop after the original VPN connection (helping to provide IPv6 connectivity in all countries supported by the original VPN service)
- Out-of-the-box solution for running epehemeral wireguard VPNs across all available regions on AWS EC2
- Implementing a deadman_switch that automatically shuts down your started instances after disconnection of the corresponding VPN client (to save you from excessive AWS fees)
- Docker
- Python
-
Provide credentials to your subscriptions in the
credentials.jsonconfig file (placed in the root directory). Not used services can be deleted or left empty.Example
credentials.jsonfile (empty):{ "NORD_OPENVPN_USER": "", "NORD_OPENVPN_PASSWORD": "", "NORD_WIREGUARD_PRIVATE_KEY": "", "MULLVAD_OPENVPN_USER": "", "MULLVAD_WIREGUARD_PRIVATE_KEY": "", "MULLVAD_WIREGUARD_ADDRESSES": "", "SURFSHARK_OPENVPN_USER": "", "SURFSHARK_OPENVPN_PASSWORD": "", "SURFSHARK_WIREGUARD_PRIVATE_KEY": "", "SURFSHARK_WIREGUARD_ADDRESSES": "", "PROTON_OPENVPN_USER": "", "PROTON_OPENVPN_PASSWORD": "", "PIA_OPENVPN_USER": "", "PIA_OPENVPN_PASSWORD": "", "HMA_OPENVPN_USER": "", "HMA_OPENVPN_PASSWORD": "", "CYBERGHOST_OPENVPN_USER" : "", "CYBERGHOST_OPENVPN_PASSWORD" : "", "CYBERGHOST_OPENVPN_KEY" : "", "CYBERGHOST_OPENVPN_CERT" : "", "IVPN_OPENVPN_USER" : "", "IVPN_WIREGUARD_PRIVATE_KEY": "", "IVPN_WIREGUARD_ADDRESSES": "", "HIDEME_OPENVPN_USER": "", "HIDEME_OPENVPN_PASSWORD": "", "EC2_ID": "", "EC2_KEY": "" } -
Paste your SSH key into the
ssh_key.pubfile (placed in the root directory). This is only required if you want to use EC2 instances as VPN servers. The given SSH key is used to provide debugging access to the ephemeral EC2 instances.Example
ssh_key.pubfile:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDDRfcyC7mH3FMZ5IgdoMFI5g4aOl5rroAs0e+jJMYl2i+mtSpaZ7wkjo7uDgDARKdyDGshqq+yhUdZuzp/MX8av5XW4bZr8EKOULqMNo5jw2tSwtnMU0NNiCsPw8hT6ynnBJqJ9+9bfZuWK65h3oG9XonR+Bqh4hRVSls3jPk+/YUNicN98o02cMzerlfyGgssWvsG3wdk/gTWingzZTOciIHaG7bGq0Gz1Hh+LrSFbF2f4Z3zIg4D3C+8zpkAYjTbTI/L3KNB4vYJhgEEyTWb5lVZp34/G8+Z5Sn/HBkgd6JA0HkaivZKlelqQa6P5vkGvMi8LLi+tWzg+gwHK01 -
Install the requirements from the requirements.txt file.
-
Run example measurement (IPv4/IPv6 connectivity check):
./scanywhere.py --vpn_service surfshark_open --target_image check-ip-connectivity -
Scanywhere will iteratively execute the docker image for the test
check-ip-connectivityfrom different countries using the selected VPN service.Note that the program will iteratively run the measurement over different VPN endpoints in an inifite loop. It can be terminated via Ctrl + C.
-
Check the
docker/check-ip-connectivity/resultsfolder to collect the results of the measurement.
--vpn_service: the VPN service that will be used as a proxy for the measurement--server_selection: can be set torandom(i.e., the VPN server will be chosen randomly from all available servers) ornormalized(i.e., the script will try to normalize the available VPN servers by their country, to not overrepresent popular countries in the measurements -- this can otherwise happen when a VPN service has many servers e.g., in the US or Germany).--warp_mode: adds an additional cloudflare container that is chained after the original VPN service
- IPv4/IPv6 Connectivity Check: check-ip-connectivity
- VoWiFi Geoblocking Study:
- Mass GeoDNS Resolution: vowifi-geoblocking-resolve-domains
- Discover Geoblocking at ePDG servers: vowifi-geoblocking-scan-epdgs
New experiments can be added by adding a new folder containing a dockerfile to the docker folder.
The current sourcecode automatically creates container volumes for the subfolders resources and results.
docker run --rm -v $(pwd)/docker/gluetun:/gluetun qmcgaw/gluetun update -enduser -providers "mullvad,nordvpn,private internet access,protonvpn,surfshark,hidemyass,cyberghost,ivpn"
This tool is currently in development. Although it has proven to be useful, it's not yet prepared for production and should be utilized cautiously, acknowledging any associated risks. Likewise, we recommend to only use it for lightweight measurements -- i.e., experiments that mimic the normal behaviour of Internet users -- since excessive or invasive scaninning possibly violates the ToS of your VPN subscriptions.
scanywhere was developed at SBA Research and University of Vienna by Gabriel K. Gegenhuber.
- gluetun: used to route measurements over VPN subscriptions
- wgcf: used to generate ephemeral warp profiles
- boto3: used to automatically deploy/manage ec2 instances
- Paper (MobiSys 2024): Why E.T. Can't Phone Home: A Global View on IP-based Geoblocking at VoWiFi
- Measurement Artifacts:
- discovered ePDG domains, IPs (by August 2023): check out the epdgs directory
- raw DNS discovery result files (8,555 domain discovery + 47,902 IP discovery rounds): check out the dataset
- raw IKE probing result files (55,766 scan rounds): check out the dataset
- intermediary evaluation files: check out the evaluation directory
- sqlite database (processed ePDG scan results): check out the dataset
If you use the code or data in your research or work, please cite the following paper:
@inproceedings{gegenhuber2024geoblocking,
title={Why E.T. Can't Phone Home: A Global View on IP-based Geoblocking at VoWiFi},
author={Gegenhuber, Gabriel K. and Frenzel, Philipp É. and Weippl, Edgar},
booktitle={Proceedings of the 22nd Annual International Conference on Mobile Systems, Applications, and Services (MobiSys 2024)},
year={2024},
organization={ACM}
}
scanywhere is licensed under GPLv3.
