Safe Penetration Testing Labs · advanced · ~12 min
Connect-check a port range — and prove the scope hardcode.
Local-only scanners hard-code their target as 127.0.0.1 and refuse anything else. The defensive structure:
int scan(const char *host, int lo, int hi) {
if (strcmp(host, "127.0.0.1") != 0) return -1; // refuse anything else
/* …try connect() on each port… */
}
The hard-coded check is a guardrail: even if a future maintainer wires user input into host, the scanner can't be redirected to a third-party. Never soften this check on a production tool.