I don't really understand the author's stance to be honest. I agree that it's silly to blame them but at the same time the author explicitly acknowledges that the tool is meant to mass-scan the internet and that it's a bad thing:
>While useful for smaller, internal networks, the program is really designed with the entire Internet in mind. It might look something like this: [...]
>Scanning the entire Internet is bad. For one thing, parts of the Internet react badly to being scanned. For another thing, some sites track scans and add you to a ban list, which will get you firewalled from useful parts of the Internet. Therefore, you want to exclude a lot of ranges. To blacklist or exclude ranges, you want to use the following syntax: [...]
That 2nd bit is where that "exclude.txt" file comes in, it's not even used by default as far as I can tell.
So basically the author acknowledge that the software's intended purpose is bad, they also decided that it was their responsibility to maintain an exclude list. That's a bit odd IMO. I'd think that in these situations you can either say "I'm not responsible for people misusing my software" and in this case maintaining an exclude file with random addresses as people complain to you doesn't make sense, or you think that you share some of the responsibility if your software is used to do bad things and then it seems like it would make more sense to take the project down or take steps to make it harder for users to do these things.
https://github.com/robertdavidgraham/masscan#how-to-scan-the...
>While useful for smaller, internal networks, the program is really designed with the entire Internet in mind. It might look something like this: [...]
>Scanning the entire Internet is bad. For one thing, parts of the Internet react badly to being scanned. For another thing, some sites track scans and add you to a ban list, which will get you firewalled from useful parts of the Internet. Therefore, you want to exclude a lot of ranges. To blacklist or exclude ranges, you want to use the following syntax: [...]
That 2nd bit is where that "exclude.txt" file comes in, it's not even used by default as far as I can tell.
So basically the author acknowledge that the software's intended purpose is bad, they also decided that it was their responsibility to maintain an exclude list. That's a bit odd IMO. I'd think that in these situations you can either say "I'm not responsible for people misusing my software" and in this case maintaining an exclude file with random addresses as people complain to you doesn't make sense, or you think that you share some of the responsibility if your software is used to do bad things and then it seems like it would make more sense to take the project down or take steps to make it harder for users to do these things.