New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
[Request] VPS Nmap usage
darkmaster
Member
in Requests
I am building a Penetration Testing as a Service platform for a customer and am looking for a VPS provider that allows this type of activity.
All targets are verified by the user.
BPH providers are not an option.
Appreciate any leads or advice!
Comments
Before you, there was guy who opened thread for vps and port scanning and someone did gave them host who are ok with that. Probably thread was self advertising. Search in the box you will find it
As long as you have written permission and you are not going to trigger a single abuse report I don't see the issue any host would have with that?
If it's for a specific customer you won't be smashing CPU scanning 100k IP at once.
What am I missing or are you asking something without asking?
I'm pretty sure @aluy allows port scans, if it's for legitimate reason like pentesting (but not scanning entire internet on all ports).
Not sure about their long term reliability and longevity, it did have some outages in NL recently. So I would advise to pick other locations and not prepay too much.
There is very big difference between authorised pentest of one specific organisation and scanning entire Internet for i.e. research activities. First one would produce no abuse complaints, second will cause a lot of IP reputation damage and complaints.
Actually I think you're right. Most hosts probably would probably have no issue with scanning if it's authorized by the entity being scanned.
I just don't do such things from my personal VPS servers so probably my fault for commenting without experience 🫣
I very much doubt that many LET hosts would proactively identify scanning activity from their network without getting an abuse report.
But I suspect most LET hosts who get an abuse report for scanning would nuke your VM without even asking you to stop or explain yourself.
OVH seem to be particularly bullshit tolerant, considering the amount of C2s and other malware on their network, but I'm not sure about scanning activity specifically.
You could also check GreyNoise to see which subnets/providers allow the most naughtiness, then cross-reference their prices to find a suitable provider.
I don’t think you will find a stable and legitimate provider that allows port scanning.
Authorization isn’t the same as a provider (or its upstream) disabling software that reports port scans as abuse, and typos do happen.
You can use a proxy, for example oxylabs.io, for types of scans that don’t leak your IP address.
For scans that do leak, you will need your own ASN and IP addresses so you can handle the abuse reports yourself.
.
Even with written permission, the assumption that “you won’t trigger a single abuse report” doesn’t really hold in practice.
A properly configured IDS, upstream firewall, or third-party feed can and will flag port scanning purely on traffic patterns, regardless of authorization or scope. Those reports are often generated automatically and sent before anyone evaluates intent or context.
So the question isn’t whether the activity is legitimate, it’s whether the provider and its upstreams are willing to tolerate automated abuse signals long enough to review, instead of suspending first and asking questions later.
That aligns with my use case. The scans are:
I’ll be opening a ticket with @aluy to confirm their current policy.
Running my own ASN is absolutely valid advice for large-scale research, internet-wide scanning, or anything that generates routine abuse reports. However, that’s well beyond the scope of what I’m doing here.
This is customer-initiated, contractual pentesting, not continuous scanning, not reputation-burning activity, and not something that should generate regular abuse tickets in the first place. Operating an ASN would be unnecessary overhead for this use case.
OVH may tolerate a high level of noisy traffic, but I’m specifically looking for providers that explicitly permit authorized, scoped pentesting. Not providers that simply tolerate activity until the first complaint arrives. The providers highlighted on GreyNoise also tend to be BPH, which makes them a non starter.
Appreciate all the input so far as this has been helpful for narrowing down providers that actually match the use case.
The only provider I know of that explicitly permits hosting PenTesting tools in their ToS is AWS, (although you still need to request permission for some simulated activity, like C2s and phishing etc). But their service is expensive and shit though.
https://aws.amazon.com/security/penetration-testing/
Yeah I just seriously doubt hitting a single or handful of targets would trigger anything but maybe, I suspect something is being asked without being asked if you know what I mean.
Could be wrong though, not enough info.