RustScan is a lightweight but powerful port scanner

๐Ÿ‹ Docker is the easiest way to get up and running and start checking for security holes in your network infastructure

โžก๏ธ Discord | Installation Guide | Usage Guide โฌ…๏ธ

The Modern Port Scanner.
Fast, smart, effective.


๐Ÿ‹ Docker (Recommended)

๐Ÿ‘ฉโ€๐Ÿ’ป Kali / Debian

๐Ÿ—๏ธ Arch

๐Ÿ”ง Homebrew

docker pull rustscan/rustscan:2.0.0

Usage

Read the install guide yay -S rustscan brew install rustscan

๐Ÿค” What is this?

The Modern Port Scanner. Find ports quickly (3 seconds at its fastest). Run scripts through our scripting engine (Python, Lua, Shell supported).

โœจ Features

  • Scans all 65k ports in 3 seconds.
  • Full scripting engine support. Automatically pipe results into Nmap, or use our scripts (or write your own) to do whatever you want.
  • Adaptive learning. RustScan improves the more you use it. No bloated machine learning here, just basic maths.
  • The usuals you would expect. IPv6, CIDR, file input and more.
  • Automatically pipes ports into Nmap.

โ€ผ๏ธ Important Links

Installation Guide Documentation Discord
๐Ÿ“– Installation Guide ๐Ÿ“š Documentation ๐Ÿฆœ Discord

๐Ÿ™‹ Table of Contents

  • ๐Ÿ“– Installation Guide
  • ๐Ÿ‹ Docker Usage
  • ๐Ÿฆœ Discord
  • ๐Ÿคธ Usage
  • ๐ŸŽช Community

๐Ÿ”ญ Why RustScan?

RustScan is a modern take on the port scanner. Sleek & fast. All while providing extensive extendability to you.

Not to mention RustScan uses Adaptive Learning to improve itself over time, making it the best port scanner for you.

๐Ÿง‹ Speed

Speed is guaranteed via RustScan. However, if you want to run a slow scan due to stealth that is possible too.

Firstly, let's talk code.

We have tests that check to see if RustScan is significantly slower than the previous version. If it is, the continuous integration fails and we can't commit code to master unless we make it faster.

HyperFine is used to monitor RustScan's performance over time to answer the question "Are we getting faster? Are we getting slower?".

Every pull request is reviewed by 1 person, but more often than not 2 people review it. We test it manually and make sure the code doesn't affect performance negatively.

Read more here.

โš™๏ธ Extensible

RustScan piping results into the custom Python script

RustScan has a new scripting engine which allows anyone to write scripts in most languages. Python, Lua, Shell are all supported.

Want to take your found ports and pipe them into Nmap for further analysis? That's possible. Want to run smb-enum if SMB is found open? Possible.

The possibilities are endless -- and you can write scripts in whatever language you feel comfortable with.

Read more here.

๐ŸŒŠ Adaptive

RustScan automatically fine-tuning itself to match the host OS.

RustScan has a cool set of features called "Adaptive Learning". These features "learn" about the environment you are scanning and how you use RustScan to improve itself over time.

This is an umbrella term we use for any feature that fits this criteria. The list is constantly changing, so check out our wiki for more information.

๐Ÿ‘ฉโ€๐Ÿฆฏ Accessible

RustScan is one of the first penetration testing tools that aims to be entirely accessible.

Most penetration testing tools are not accessible, which negatively affects the whole industry.

RustScan has continuous integration testing that aims to make sure it is accessible, and we are constantly working on ways to improve our accessibility and make sure everyone can use RustScan.

๐Ÿ“– Full Installation Guide

You can find our guide here.

๐ŸฆŠ Community Distributions

Here are all of RustScan's community distributions.

If you maintain a community distribution and want it listed here, leave an issue / pull request / Discord message or however you want to let us know.

  • OpenSuse
  • Fedora/CentOS

๐Ÿคธ Usage

We have 2 usage guides. Basic Usage and Things you may want to do.

We also have documentation about our config file here.

๐ŸŽช Community

Read this to learn how to contribute.

Contributors โœจ

Thanks goes to these wonderful people (emoji key):


Brandon
๐Ÿš‡ โš ๏ธ ๐Ÿ’ป ๐ŸŽจ

SakiiR
๐Ÿ’ป ๐Ÿ›

smackhack
๐Ÿค” ๐Ÿ’ก

Bernardo Araujo
๐Ÿ’ป ๐Ÿ› ๐ŸŽจ

Izzy Whistlecroft
๐Ÿ›

imlonghao
๐Ÿ› ๐Ÿšง

royharoush
๐Ÿค” ๐ŸŽจ

Atul Bhosale
๐Ÿ’ป

Thomas Gotwig
๐Ÿ“ฆ

Rรฉmi Gourdon
๐Ÿ“– ๐Ÿ’ป

Ben (CMNatic)
๐Ÿ’ป ๐Ÿ“– ๐ŸŽจ

Alessandro Ferrari
๐Ÿ–‹

Phenomite
๐Ÿ–‹

Sandro
๐Ÿ–‹ ๐Ÿ› ๐Ÿ’ป

Cass
๐Ÿ“ฆ ๐Ÿ’ป ๐Ÿ›

Niklas Mohrin
๐Ÿ“– ๐Ÿ’ป ๐Ÿ›

Artem Polishchuk
๐Ÿ“ฆ

buermarc
๐Ÿ’ป

bergabman
๐Ÿ’ป ๐Ÿ› ๐ŸŽจ

Dmitry Savintsev
๐Ÿ’ป

Sebastian Andersson
๐Ÿ’ป

Matt Corbin
๐Ÿ’ป

RootSploit
๐Ÿ“

eiffel-fl
๐Ÿ’ป

Y.Horie
๐Ÿ’ป

Oskar
๐Ÿ’ป โš ๏ธ

This project follows the all-contributors specification. Contributions of any kind welcome!

Issues

Collection of the latest Issues

t3chn0t3s

t3chn0t3s

0

Greetings,

I'd like to start by stating how amazed I've been with RustScan. It is jaw dropping fast! I recently installed it on Kali 2022.1 using the rustscan_2.0.1_amd64.deb file.

I found that if I scan using the '-a 172.25.170.0/24 -p22,80.443,445 -g' arguments it takes about 6 seconds to scan the 254 hosts. image

I'm trying to comply to my scope as much as possible and know that 172.25.170.1 is out of scope. Since I am unaware of a way to instruct RustScan to only scan 172.25.170.2 - 172.25.170.254 I used the following nmap "command" to generate a host file, named scope.txt

I then used the '-a 'scope.txt' -p22,80,443,445 -g' arguments to scan. Unfortunately, this takes considerably longer to scan. For example, my most recent "test" scan took about 13 minutes to complete.

image

I did also try the '-a 172.25.170.2-254' argument but since I didn't see that format used in the documentation I canceled it about 5 minutes into the scan. I'm not sure that format was valid, but assuming that it was 5 minutes is still considerably longer than the 6 seconds it takes when using the CIDR notation (/24).

Finally, as a sanity check I did check the line count of my scope.txt file and confirmed its about 253 hosts/lines. image

Thank you all for such a great tool. I look forward to using it regularly.

geordanex

geordanex

0

Please include .deb file to debian base systems I would appreciate it if you could put the .deb file in the release assets.

keep up the good work!

Malayke

Malayke

0

Describe the bug I'm use rustscan scan a /24 internal network, it's print lot's warning, like

To Reproduce

how to disable it, or just show one time

HidingInEmptySpace

HidingInEmptySpace

0

When Adaptive Learning calibrates to everyones system individually, the defender of a system could backtrace your identity through the specialiced beahviour and identify you.

I'd like a switch that turns off this feature permanently and temporary in order to ensure that no information about the scanning person is being leaked to the victim for later forensical fingerprinting.

On my opinion the adaptive learning stuff sounds pretty cool and has a lot of potential and I like the fact that AI was not implemented, but on the other hand it would be useless in a real hacking scenario. It is more of a useful tool when it comes to CTF and test-alike scan. I realy like your idea of speeding up nmap scans and I think it should not be limited to such usecases. although it is to be dicussed whether this is even an issue of rustscan, since it is trading accuracy with performance and uses batches anyways, which might look sus enough. And in the end you could simply use nmap if you wanted to look default on the victims machine.

saeidshirazi

saeidshirazi

1

HI, This is what i need: I use masscan to scan range ip address for find ip that specefic port is open such this command:

masscan -iL input.txt -p443 --rate 1000000

is it suport now for rustscan?if yes please tell me how to usage it Please add it

AwesomeBros132

AwesomeBros132

0

Describe the bug

To Reproduce Steps to reproduce the behavior:

  1. Open a terminal
  2. Enter rustscan -a <target-ip>

Expected behavior A scan should be run.

Screenshots image

Desktop (please complete the following information):

  • OS: [Kali Linux]
  • Version [2021.4]

Additional context I have reduced the batch size multiple times and the issue persists.

linuxdy

linuxdy

1

image

Warning: You are using macOS 12. We do not provide support for this pre-release version. You will encounter build failures with some formulae. Please create pull requests instead of asking for help on Homebrew's GitHub, Twitter or any other official channels. You are responsible for resolving any issues you experience while you are running this pre-release version.

Error: rustscan: no bottle available! You can try to install from source with: brew install --build-from-source rustscan Please note building from source is unsupported. You will encounter build failures with some formulae. If you experience any issues please create pull requests instead of asking for help on Homebrew's GitHub, Twitter or any other official channels.

tesqie

tesqie

0

Describe the bug ] File limit higher than batch size. Can increase speed by increasing batch size '-b 1048476'. thread 'main' panicked at 'Too many open files. Please reduce batch size. The default is 5000. Try -b 2500.', src/scanner/mod.rs:132:25 note: run with RUST_BACKTRACE=1environment variable to display a backtrace When Running: rustscan 192.168.1.0/24 -t 500 -b 1500 -- -A 10.10.10.74 Using Docker

To Reproduce Just use the command I typed in

Expected behavior Rust scan running normally

Screenshots image

Desktop (please complete the following information): Linux kali 5.14.0-kali4-amd64 #1 SMP Debian 5.14.16-1kali1 (2021-11-05) x86_64 GNU/Linux

diegoxcn

diegoxcn

0

Describe the bug seems like rustscan can't pass http.useragent strings to nmap correctly.

To Reproduce Steps to reproduce the behavior:

rustscan -u 5000 -a 127.0.0.1 -- --script-args http.useragent="Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0" -sC -sV

Expected behavior expected to call nmap use assigned user-agent string to scan target without problem.

Screenshots image image image

Desktop (please complete the following information):

  • OS: ubuntu 21.10
  • Browser firefox
  • Version 94

Additional context Add any other context about the problem here.

syheliel

syheliel

1

I'd like to find a port scan tool for my rust project. It seems that the usage of RustScan is console-only, does it provides API so that I can use it as a normal crate?

jingyuexing

jingyuexing

2

To Reproduce Steps to reproduce the behavior:

  1. cargo test

Expected behavior test pass

Screenshots image

Desktop (please complete the following information):

  • OS: Windows 11
  • Version 2.0.1

environment:

  • cargo: cargo 1.55.0 (32da73ab1 2021-08-23)
  • rustc: 1.55.0 (c8dfcfe04 2021-09-06)

Additional context

Take-A-Breath

Take-A-Breath

1

Describe the bug After migrating to a MacBook Pro running Monterey from one running Big Sur, where the application worked fine, the build fails:

To Reproduce Steps to reproduce the behavior: sudo port install rustscan

Error received: Error: Failed to build rustscan: command execution failed

Desktop (please complete the following information):

  • OS: MacOS 12.0.1
  • Apple M1 processor
  • MacPorts 2.7.1

Additional context Add any other context about the problem here. main.log

KAKU1234567

KAKU1234567

0

actually i recently start using this toll sop what is command for output to save file

Versions

Find the latest versions by id

2.1.0 - Apr 27, 2022

Whatโ€™s Changed

  • Supports M1 Macs ๐ŸŽ‰

  • Update Cargo.lock file to support latest version of Rust (#435) @bee-san

  • Update tui.rs (#396) @0dayCTF

  • Bump futures from 0.3.7 to 0.3.13 (#358) @dependabot-preview

  • Bump rlimit from 0.5.2 to 0.5.4 (#360) @dependabot-preview

  • Bump cidr-utils from 0.5.0 to 0.5.1 (#367) @dependabot-preview

  • Bump anyhow from 1.0.34 to 1.0.40 (#368) @dependabot-preview

  • Bump serde from 1.0.117 to 1.0.124 (#361) @dependabot-preview

  • Partially fix #362: Fix examples (#363) @thomasqueirozb

  • Scripting engine arguments. Scan engine errors. (#325) @bergabman

  • Bump env_logger from 0.8.1 to 0.8.2 (#317) @dependabot-preview

2.0.1 - Nov 06, 2020

  • Fixed bug cause by Cargo Lock file.

2.0.0 - Nov 05, 2020

โš  Major Breaking Changes โš 

  • You must now use rustscan -a 127.0.0.1 instead of rustscan 127.0.0.1. We held a vote and this won. Please use the addresses flag!

Please see our documentation for more info how you can use the new addresses argument.

Features

  • Scripting Engine Implementation (#242) @bergabman
  • Improved init_scripts error handling. (#300) @bergabman
  • Add tries to scan_socket (#266) @eiffel-fl
  • Make address an optional instead of a positional argument (#271) @bernardoamc

Maintenance

  • Bump anyhow from 1.0.33 to 1.0.34 (#304) @dependabot-preview
  • Bump async-std from 1.6.5 to 1.7.0 (#306) @dependabot-preview
  • Redesign of README (#293) @bee-san
  • Bump futures from 0.3.6 to 0.3.7 (#302) @dependabot-preview
  • Better enforce clippy lints (#294) @niklasmohrin
  • Bump env_logger from 0.7.1 to 0.8.1 (#295) @dependabot-preview
  • docs: add okrplay as a contributor (#290) @allcontributors
  • Add tests for rustscan scripting engine (#286) (#289) @okrplay
  • docs: add niklasmohrin as a contributor (#288) @allcontributors
  • Add clippy linting and fix existing warnings (#287) @niklasmohrin
  • docs: add u5surf as a contributor (#285) @allcontributors
  • Bump serde from 1.0.116 to 1.0.117 (#278) @dependabot-preview
  • docs: add niklasmohrin as a contributor (#282) @allcontributors
  • docs: add eiffel-fl as a contributor (#281) @allcontributors
  • Bump toml from 0.5.6 to 0.5.7 (#270) @dependabot-preview
  • Bump structopt from 0.3.19 to 0.3.20 (#272) @dependabot-preview
  • docs: add rootsploit as a contributor (#274) @allcontributors
  • Bump structopt from 0.3.18 to 0.3.19 (#267) @dependabot-preview
  • Bump futures from 0.3.5 to 0.3.6 (#265) @dependabot-preview
  • docs: add mattcorbin as a contributor (#261) @allcontributors
  • docs: add bofh69 as a contributor (#256) @allcontributors
  • Add integration tests with timeout (#254) @bofh69
  • Update README for instructions for v.10.0 & add all releases to DockerHub (#251) @CMNatic

Bugs

  • Changed the dns resolving to use std::net::ToSocketAddrs (#264) @shahar481
  • Add some instructions to create contributing development environment. (#298) @eiffel-fl
  • Fix Rlimit breaking change. (#283) (#284) @u5surf
  • Update .SRCINFO url (#268) @freddyb
  • Fix archives-generation from Makefile ๐Ÿ‘ทโ€โ™‚๏ธ (#263) @TGotwig
  • Docker: Fix cosmetic issues, change maintainer to rustscan (#249) @SuperSandro2000
  • Update documentation to include greppable (#253) @teofilomonteiro
  • Updated the person of README. (#255) @holmes-py
  • Added HomeBrew Bump + More CI Tests (#252) @bee-san

1.10.1 - Sep 29, 2020

Whatโ€™s Changed

  • Bee ci changes (#250) @bee-san

1.10.0 - Sep 28, 2020

Features

  • Added DNS lookup using Google DNS, refactored IP code (#246) @bee-san
  • Take file of addresses as input (#237) @bee-san

Maintenance

  • Refactored tests, introduced default function in test context for structs (#235) @bergabman
  • Increase code coverage (#236) @bee-san
  • Update Dockerfile to encourage layer caching (#241) @CMNatic
  • docs: add dmitris as a contributor (#232) @allcontributors
  • Bump structopt from 0.3.17 to 0.3.18 (#243) @dependabot-preview

Bugs

  • Fix version tag typo in docker usage (#234) @CMNatic
  • Update README for v1.9.0 release (#233) @CMNatic

1.9.0 - Sep 20, 2020

โš ๏ธ Breaking Changes โš ๏ธ

--quiet mode is now renamed to --greppable. And this mode now returns an IP -> list like so:

Features

  • Now has a working accessible mode #230
  • Can use top X ports (top 1000 ports) if used via config file (this allows us to work on a larger feature which I think you will love, see #69 ) #230
  • Runtime measurement implementation, better debugging, and better error handling for unreachable hosts. (#225)
  • Add CIDR support (#200)
  • Introduce the -no-nmap option (#197)
  • Add configuration file (#185)

Maintenance

  • socket_iterator: use itertools.iproducts for ip x ports set (#231)
  • docs: add bergabman as a contributor (#228)
  • Bump async-std from 1.6.3 to 1.6.4 (#226)
  • Updated README to reflect v1.8.0 DockerHub tag (#224)
  • Bump serde_derive from 1.0.115 to 1.0.116 (#216)
  • Bump serde from 1.0.115 to 1.0.116 (#215)
  • Introduce SocketIterator (#208)
  • docs: add bergabman as a contributor (#204)
  • Small improvement in the scanning engine. (#203)
  • docs: add buermarc as a contributor (#198)
  • Check '.config/rustscan/config.toml' for config (#195)
  • docs: add tim77 as a contributor (#182)
  • Add Fedora/CentOS installation instructions (#181)
  • README.md tweaks (#176)
  • docs: add SuperSandro2000 as a contributor (#180)
  • Optimize Dockerfile (#178)
  • docs: add niklasmohrin as a contributor (#177)

Bugs

  • fix typo (#229)
  • Fix behaviour of --no-nmap flag (#221)
  • fixed debug log (#217)
  • Bugfixes (#206)
  • Fix incorrect timeout option in README (#205)
  • Update README.md (#194)

1.8.0 - Aug 27, 2020

Features

  • Added Windows support thanks to @caass in #171
  • Allow randomised order for manual ports #161
  • Add --port and --range options #158
  • Released new docker image #155
  • Added host resolution #152
  • Added Makefile by @TGotwig #144
  • Added accessible mode #134
  • Added port scanning strategy #135

Maintenance

  • Added the Git submodule for RustScan Scripting Engine
  • Reduced binary size #162
  • Removed -A from Nmap #160
  • Added top 1k ports in config file #159
  • Excluded unnecessary files #156
  • Added Travis config for GitHub pages in #140 by @remigourdon and @SuperSandro2000

Bugs

  • #169
  • #165
  • #153
  • #163

1.7.1 - Aug 07, 2020

Features

  • Brand new terminal user interface. Much prettier and easier to read
  • Port randomisation (so it's not a sequential hit of multiple ports)

Maintenance

  • Created macros to easily report information back to the user
  • Reduced size of error messages (boy were they long :smirk_cat: )
  • More tests

Bugs

  • #121
  • #120
  • #119
  • #114

1.6.0 - Aug 04, 2020

Features

  • Added multiple IP support. This is in extremely early stage, but it works.

Maintenance

None

Bugs

Fixed help menu bugs and quiet mode not working bugs.

1.5.2 - Aug 04, 2020

Features

  • New distributions for Arm64, AMD64, i386 debs
  • New Docker Image
  • Added --appdirs flag to find the appdirs location
  • Added community package distributions to README

Maintenance

  • Switched from u64 to u32 to support OS'
  • Refactored batch size to fix #58
  • Added new GitHub Action to verify README doesn't contain 404 links
  • Added bots to help the development of RustScan
  • Updated README #94 and #93
  • Started moving to Travis CI

Bugs

  • Fixed bug where appdirs wasn't pointing to the complete directory
  • Fixed bug where automatic ulimit lowering wasn't working on systems with extremely low ulimits (< 250).
  • Fixed #116

1.4.0 - Jul 31, 2020

Features

  • Added IPv6 support

Maintenance

  • Added arguments in structopts for ipv6
  • socketaddr is now ipv4 and ipv6 (this speeds things up)
  • Added ipv6 testing
  • Edited Contributing.md to be more welcoming
  • Added Logging module
  • Added IPv6 to Nmap command

Bugs

  • Fixed countless bugs in this new feature.

1.3 - Jul 29, 2020

Features

  • Quiet Mode -- run the scanner without Nmap

Maintenance

  • Switched to ShellWords for Nmap arg parsing. Now -- "'(safe and vuln)'" works.
  • Switched to StructOpts for argparsing
  • Refactored the code so it's more OOP
  • Removed useless string conversions
  • Starting to switch to IPv6 support

Bugs

  • Fixed bug where quiet mode printed with quotes

1.2.2 - Jul 25, 2020

  • Uploading to AUR (properly, this time)
  • Docker build
  • More Debian installation methods

1.2.0 - Jul 24, 2020

Features

  • New Ulimit features. Automatically lowers it if too high, and tells you to increase it if too slow.
  • New argument to increase ulimit.
  • New quiet mode for easy catting / grepping of ports

Maintenance

  • Warnings plastered around the app

Bugs

  • Fixed bug where it was suggested to alter ulimit after user had altered ulimit

1.1.0 - Jul 23, 2020

  • Removed threading, added async
  • Added custom nmap

1.0.1 - Jul 19, 2020

First release!

Kali Linux you would want to double click on the file rustscan_1.0.1_amd64.deb and go into terminal then dpkg -i rustscan_1.0.1_amd64.deb.

Information - Updated May 30, 2022

Stars: 6.3K
Forks: 531
Issues: 104

Repositories & Extras

Rust bindings for libinjection

Add libinjection to dependencies of Cargo

Rust bindings for libinjection

Rocket is an async web framework for Rust with a focus on usability, security,

Visiting localhost:8000/hello/John/58, for example, will trigger the hello

Rocket is an async web framework for Rust with a focus on usability, security,

Rust bindings for the C++ api of PyTorch

LIghtweight wrapper for pytorch eg libtorch in rust

Rust bindings for the C++ api of PyTorch

Know the exact crate versions used to build your Rust executable

Audit binaries for known bugs or security vulnerabilities in production, at scale, with zero bookkeeping

Know the exact crate versions used to build your Rust executable

macOS/iOS Security framework for Rust

MIT license (LICENSE-MIT or

macOS/iOS Security framework for Rust

Reference implementation of the Stacks blockchain in Rust

Reference implementation of the Proof of Transfer (PoX) mining that anchors to Bitcoin security

Reference implementation of the Stacks blockchain in Rust

osu! server written in Rust

Fully asynchronous, high concurrency, high performance, and high security

osu! server written in Rust

Nakamoto is a privacy-preserving Bitcoin light-client implementation in Rust,

with a focus on low resource utilization, modularity and security

Nakamoto is a privacy-preserving Bitcoin light-client implementation in Rust,

A WIP Rust implementation of Messaging Layer Security based on draft 9+

Messaging Layer Security based on draft 9+

A WIP Rust implementation of Messaging Layer Security based on draft 9+

Rust Language Security

execrices: RUSTSEC-2021-0001

Rust Language Security

security-keys-rust

Many thanks to the authors of the openpgp-card Rust crate

security-keys-rust

Owlyshield open source security platform

An OSS security platform written in rust with security threat detection

Owlyshield open source security platform
Facebook Instagram Twitter GitHub Dribbble
Privacy