new plan - nmap all the hosts first to see which are actually open/alive, then see if that number is anywhere near reasonable.
there are 7 with ports open.
this means the vast majority of discovered endpoints are on DHCP and lost to churn.
To properly weaponize this, one would have to do an internet wide scan, and pump ips live into adp.
Not trivial.
also noisy.
Shodan output: 81,000 and change
Machines up: 73k and change
Hosts with ports open: 7
Hosts vuln: I dont even care anymore.
Now im finding vnc that isnt apple and trying to filter out the non-apple endpoints.
this is going to take a while.
so the first scan was inaccurate.
looks like 'nearly every endpoint is actually open'
and theres no cmdline tool to handle this at all.
so it'll be a grueling manual process in ard, by hand.
6365 are listed as "offline" despite the port being open.
.. but wait .. there's more.
ard version 3.9.5 and previous do not appear to be affected.
I get username, what app they're running, the os version ...
redteamers: if you see this on a gig LOOT THIS DATA.
7999 after import
6291 "offline" despite port being open
zero leaks like the previous batch.
WEIRD.
will keep going.