Skip to content

Port Scanning

We will cover 3 port scanning tools. Masscan is most fastest but dangerous, RustScan is most powerful and compact with nmap and nmap is the oldest.

masscan

The fastest but the most dangerous scanner. It can melt your own or their network in case of scanning huge networks.

Usage

Usage is similar to nmap. To scan a network segment for some ports:

masscan -p80,8000-8100 10.0.0.0/8 2603:3001:2d00:da00::/112

This will:

  • scan the 10.x.x.x subnet, and 2603:3001:2d00:da00::x subnets
  • scans port 80 and the range 8000 to 8100, or 102 ports total, on both subnets
  • print output to <stdout> that can be redirected to a file

To see the complete list of options, use the --echo feature. This dumps the current configuration and exits. This output can be used as input back into the program:

masscan -p80,8000-8100 10.0.0.0/8 2603:3001:2d00:da00::/112 --echo > xxx.conf
masscan -c xxx.conf --rate 1000

RustScan

The Modern Port Scanner. Find ports quickly (3 seconds at its fastest). Run scripts through our scripting engine (Python, Lua, Shell supported).

Features

  • Scans all 65k ports in 3 seconds.
  • Full scripting engine support. Automatically pipe results into Nmap, or use our scripts (or write your own) to do whatever you want.
  • Adaptive learning. RustScan improves the more you use it. No bloated machine learning here, just basic maths.
  • The usuals you would expect. IPv6, CIDR, file input and more.
  • Automatically pipes ports into Nmap.

Usage

Here are some things you may want to do with RustScan!

Multiple Ip Scanning

You can scan multiple IPs using a comma separated list like so:

rustscan -a 127.0.0.1,0.0.0.0

Host Scanning

RustScan can also scan hosts, like so:

 rustscan -a www.google.com, 127.0.0.1
Open 216.58.210.36:1
Open 216.58.210.36:80
Open 216.58.210.36:443
Open 127.0.0.1:53
Open 127.0.0.1:631

CIDR Support

RustScan supports CIDR:

 rustscan -a 192.168.0.0/30

Host Scanning

The file is a new line separated list of IPs / Hosts to scan:

hosts.txt

192.168.0.1
192.168.0.2
google.com
192.168.0.0/30
127.0.0.1

The argument is:

rustscan -a 'hosts.txt'

nmap

Very-first and Fast scan

nmap -sV -T5 -v $target

Scan all ports 

nmap -T5 -p- -sV -v $target

With vulnerability-scanner script: 

nmap $target --script vuln