rustscan/rustscan

RustScan is a lightweight but powerful port scanner

πŸ‹ Docker is the easiest way to get up and running and start checking for security holes in your network infastructure

➑️ Discord | Installation Guide | Usage Guide ⬅️

The Modern Port Scanner.
Fast, smart, effective.


πŸ‹ Docker (Recommended)

πŸ‘©β€πŸ’» Kali / Debian

πŸ—οΈ Arch

πŸ”§ Homebrew

docker pull rustscan/rustscan:2.0.0

Usage

Read the install guide yay -S rustscan brew install rustscan

πŸ€” What is this?

The Modern Port Scanner. Find ports quickly (3 seconds at its fastest). Run scripts through our scripting engine (Python, Lua, Shell supported).

✨ Features

  • Scans all 65k ports in 3 seconds.
  • Full scripting engine support. Automatically pipe results into Nmap, or use our scripts (or write your own) to do whatever you want.
  • Adaptive learning. RustScan improves the more you use it. No bloated machine learning here, just basic maths.
  • The usuals you would expect. IPv6, CIDR, file input and more.
  • Automatically pipes ports into Nmap.

‼️ Important Links

Installation Guide Documentation Discord
πŸ“– Installation Guide πŸ“š Documentation 🦜 Discord

πŸ™‹ Table of Contents

  • πŸ“– Installation Guide
  • πŸ‹ Docker Usage
  • 🦜 Discord
  • 🀸 Usage
  • πŸŽͺ Community

πŸ”­ Why RustScan?

RustScan is a modern take on the port scanner. Sleek & fast. All while providing extensive extendability to you.

Not to mention RustScan uses Adaptive Learning to improve itself over time, making it the best port scanner for you.

πŸ§‹ Speed

Speed is guaranteed via RustScan. However, if you want to run a slow scan due to stealth that is possible too.

Firstly, let's talk code.

We have tests that check to see if RustScan is significantly slower than the previous version. If it is, the continuous integration fails and we can't commit code to master unless we make it faster.

HyperFine is used to monitor RustScan's performance over time to answer the question "Are we getting faster? Are we getting slower?".

Every pull request is reviewed by 1 person, but more often than not 2 people review it. We test it manually and make sure the code doesn't affect performance negatively.

Read more here.

βš™οΈ Extensible

RustScan piping results into the custom Python script

RustScan has a new scripting engine which allows anyone to write scripts in most languages. Python, Lua, Shell are all supported.

Want to take your found ports and pipe them into Nmap for further analysis? That's possible. Want to run smb-enum if SMB is found open? Possible.

The possibilities are endless -- and you can write scripts in whatever language you feel comfortable with.

Read more here.

🌊 Adaptive

RustScan automatically fine-tuning itself to match the host OS.

RustScan has a cool set of features called "Adaptive Learning". These features "learn" about the environment you are scanning and how you use RustScan to improve itself over time.

This is an umbrella term we use for any feature that fits this criteria. The list is constantly changing, so check out our wiki for more information.

πŸ‘©β€πŸ¦― Accessible

RustScan is one of the first penetration testing tools that aims to be entirely accessible.

Most penetration testing tools are not accessible, which negatively affects the whole industry.

RustScan has continuous integration testing that aims to make sure it is accessible, and we are constantly working on ways to improve our accessibility and make sure everyone can use RustScan.

πŸ“– Full Installation Guide

You can find our guide here.

🦊 Community Distributions

Here are all of RustScan's community distributions.

If you maintain a community distribution and want it listed here, leave an issue / pull request / Discord message or however you want to let us know.

  • OpenSuse
  • Fedora/CentOS

🀸 Usage

We have 2 usage guides. Basic Usage and Things you may want to do.

We also have documentation about our config file here.

πŸŽͺ Community

Read this to learn how to contribute.

Contributors ✨

Thanks goes to these wonderful people (emoji key):


Brandon
πŸš‡ ⚠️ πŸ’» 🎨

SakiiR
πŸ’» πŸ›

smackhack
πŸ€” πŸ’‘

Bernardo Araujo
πŸ’» πŸ› 🎨

Izzy Whistlecroft
πŸ›

imlonghao
πŸ› 🚧

royharoush
πŸ€” 🎨

Atul Bhosale
πŸ’»

Thomas Gotwig
πŸ“¦

RΓ©mi Gourdon
πŸ“– πŸ’»

Ben (CMNatic)
πŸ’» πŸ“– 🎨

Alessandro Ferrari
πŸ–‹

Phenomite
πŸ–‹

Sandro
πŸ–‹ πŸ› πŸ’»

Cass
πŸ“¦ πŸ’» πŸ›

Niklas Mohrin
πŸ“– πŸ’» πŸ›

Artem Polishchuk
πŸ“¦

buermarc
πŸ’»

bergabman
πŸ’» πŸ› 🎨

Dmitry Savintsev
πŸ’»

Sebastian Andersson
πŸ’»

Matt Corbin
πŸ’»

RootSploit
πŸ“

eiffel-fl
πŸ’»

Y.Horie
πŸ’»

Oskar
πŸ’» ⚠️

This project follows the all-contributors specification. Contributions of any kind welcome!

Issues

Collection of the latest Issues

derrickberg-dev

derrickberg-dev

Comment Icon1

Is your feature request related to a problem? Please describe. I would like to use RustScan to port scan a list of IP addresses but it doesn't seem right to have to put 100 IP addresses in the command line.

Describe the solution you'd like The ability to provide a file as input.

Describe alternatives you've considered Pasting a long list of comma separated IP addresses

MyrickCapital

MyrickCapital

Comment Icon0

By far the stupidest documentation I've ever read on Git. I'm having to thoroughly read through so much extra nonsense and fluff to find the information I'm looking for. yawn.

StochasticSanity

StochasticSanity

Comment Icon1

Describe the bug Rustscan crashes with a hash table overflow

To Reproduce Run: rustscan -a 10.0.0.0/8 --top

Expected behavior It works

Console Output

Desktop (please complete the following information):

  • OS: Kali Linux ARM64
  • Version rustscan 2.1.0
  • Device: Raspberry Pi 4

Additional context Compiled for Arm64 from latest release

ta1bbty

ta1bbty

Comment Icon1

Describe the bug When running with hosts.txt, as mentioned here. It's not working. image

To Reproduce Steps to reproduce the behavior:

  1. Get the latest version of rustscan. I've rustscan 2.0.0. Got it from releases. For ubuntu.
  2. Create a file, hosts.txt with ip addresses on each line. Let's say 4 IP addresses.
  3. Run the command as : rustscan -b 1000 -t 5000 -a hosts.txt -p80,443,5432,5443,6379,8080,9200,27017
  4. See error

Expected behavior It should pick CIDR from each line and scan those

Screenshots image

Desktop (please complete the following information):

t3chn0t3s

t3chn0t3s

Comment Icon0

Greetings,

I'd like to start by stating how amazed I've been with RustScan. It is jaw dropping fast! I recently installed it on Kali 2022.1 using the rustscan_2.0.1_amd64.deb file.

I found that if I scan using the '-a 172.25.170.0/24 -p22,80.443,445 -g' arguments it takes about 6 seconds to scan the 254 hosts. image

I'm trying to comply to my scope as much as possible and know that 172.25.170.1 is out of scope. Since I am unaware of a way to instruct RustScan to only scan 172.25.170.2 - 172.25.170.254 I used the following nmap "command" to generate a host file, named scope.txt

I then used the '-a 'scope.txt' -p22,80,443,445 -g' arguments to scan. Unfortunately, this takes considerably longer to scan. For example, my most recent "test" scan took about 13 minutes to complete.

image

I did also try the '-a 172.25.170.2-254' argument but since I didn't see that format used in the documentation I canceled it about 5 minutes into the scan. I'm not sure that format was valid, but assuming that it was 5 minutes is still considerably longer than the 6 seconds it takes when using the CIDR notation (/24).

Finally, as a sanity check I did check the line count of my scope.txt file and confirmed its about 253 hosts/lines. image

Thank you all for such a great tool. I look forward to using it regularly.

geordanex

geordanex

Comment Icon2

Please include .deb file to debian base systems I would appreciate it if you could put the .deb file in the release assets.

keep up the good work!

Malayke

Malayke

Comment Icon0

Describe the bug I'm use rustscan scan a /24 internal network, it's print lot's warning, like

To Reproduce

how to disable it, or just show one time

HidingInEmptySpace

HidingInEmptySpace

Comment Icon0

When Adaptive Learning calibrates to everyones system individually, the defender of a system could backtrace your identity through the specialiced beahviour and identify you.

I'd like a switch that turns off this feature permanently and temporary in order to ensure that no information about the scanning person is being leaked to the victim for later forensical fingerprinting.

On my opinion the adaptive learning stuff sounds pretty cool and has a lot of potential and I like the fact that AI was not implemented, but on the other hand it would be useless in a real hacking scenario. It is more of a useful tool when it comes to CTF and test-alike scan. I realy like your idea of speeding up nmap scans and I think it should not be limited to such usecases. although it is to be dicussed whether this is even an issue of rustscan, since it is trading accuracy with performance and uses batches anyways, which might look sus enough. And in the end you could simply use nmap if you wanted to look default on the victims machine.

saeidshirazi

saeidshirazi

Comment Icon1

HI, This is what i need: I use masscan to scan range ip address for find ip that specefic port is open such this command:

masscan -iL input.txt -p443 --rate 1000000

is it suport now for rustscan?if yes please tell me how to usage it Please add it

AwesomeBros132

AwesomeBros132

Comment Icon0

Describe the bug

To Reproduce Steps to reproduce the behavior:

  1. Open a terminal
  2. Enter rustscan -a <target-ip>

Expected behavior A scan should be run.

Screenshots image

Desktop (please complete the following information):

  • OS: [Kali Linux]
  • Version [2021.4]

Additional context I have reduced the batch size multiple times and the issue persists.

linuxdy

linuxdy

Comment Icon1

image

Warning: You are using macOS 12. We do not provide support for this pre-release version. You will encounter build failures with some formulae. Please create pull requests instead of asking for help on Homebrew's GitHub, Twitter or any other official channels. You are responsible for resolving any issues you experience while you are running this pre-release version.

Error: rustscan: no bottle available! You can try to install from source with: brew install --build-from-source rustscan Please note building from source is unsupported. You will encounter build failures with some formulae. If you experience any issues please create pull requests instead of asking for help on Homebrew's GitHub, Twitter or any other official channels.

tesqie

tesqie

Comment Icon0

Describe the bug ] File limit higher than batch size. Can increase speed by increasing batch size '-b 1048476'. thread 'main' panicked at 'Too many open files. Please reduce batch size. The default is 5000. Try -b 2500.', src/scanner/mod.rs:132:25 note: run with RUST_BACKTRACE=1environment variable to display a backtrace When Running: rustscan 192.168.1.0/24 -t 500 -b 1500 -- -A 10.10.10.74 Using Docker

To Reproduce Just use the command I typed in

Expected behavior Rust scan running normally

Screenshots image

Desktop (please complete the following information): Linux kali 5.14.0-kali4-amd64 #1 SMP Debian 5.14.16-1kali1 (2021-11-05) x86_64 GNU/Linux

Versions

Find the latest versions by id

2.1.0 - Apr 27, 2022

What’s Changed

  • Supports M1 Macs πŸŽ‰

  • Update Cargo.lock file to support latest version of Rust (#435) @bee-san

  • Update tui.rs (#396) @0dayCTF

  • Bump futures from 0.3.7 to 0.3.13 (#358) @dependabot-preview

  • Bump rlimit from 0.5.2 to 0.5.4 (#360) @dependabot-preview

  • Bump cidr-utils from 0.5.0 to 0.5.1 (#367) @dependabot-preview

  • Bump anyhow from 1.0.34 to 1.0.40 (#368) @dependabot-preview

  • Bump serde from 1.0.117 to 1.0.124 (#361) @dependabot-preview

  • Partially fix #362: Fix examples (#363) @thomasqueirozb

  • Scripting engine arguments. Scan engine errors. (#325) @bergabman

  • Bump env_logger from 0.8.1 to 0.8.2 (#317) @dependabot-preview

2.0.1 - Nov 06, 2020

  • Fixed bug cause by Cargo Lock file.

2.0.0 - Nov 05, 2020

⚠ Major Breaking Changes ⚠

  • You must now use rustscan -a 127.0.0.1 instead of rustscan 127.0.0.1. We held a vote and this won. Please use the addresses flag!

Please see our documentation for more info how you can use the new addresses argument.

Features

  • Scripting Engine Implementation (#242) @bergabman
  • Improved init_scripts error handling. (#300) @bergabman
  • Add tries to scan_socket (#266) @eiffel-fl
  • Make address an optional instead of a positional argument (#271) @bernardoamc

Maintenance

  • Bump anyhow from 1.0.33 to 1.0.34 (#304) @dependabot-preview
  • Bump async-std from 1.6.5 to 1.7.0 (#306) @dependabot-preview
  • Redesign of README (#293) @bee-san
  • Bump futures from 0.3.6 to 0.3.7 (#302) @dependabot-preview
  • Better enforce clippy lints (#294) @niklasmohrin
  • Bump env_logger from 0.7.1 to 0.8.1 (#295) @dependabot-preview
  • docs: add okrplay as a contributor (#290) @allcontributors
  • Add tests for rustscan scripting engine (#286) (#289) @okrplay
  • docs: add niklasmohrin as a contributor (#288) @allcontributors
  • Add clippy linting and fix existing warnings (#287) @niklasmohrin
  • docs: add u5surf as a contributor (#285) @allcontributors
  • Bump serde from 1.0.116 to 1.0.117 (#278) @dependabot-preview
  • docs: add niklasmohrin as a contributor (#282) @allcontributors
  • docs: add eiffel-fl as a contributor (#281) @allcontributors
  • Bump toml from 0.5.6 to 0.5.7 (#270) @dependabot-preview
  • Bump structopt from 0.3.19 to 0.3.20 (#272) @dependabot-preview
  • docs: add rootsploit as a contributor (#274) @allcontributors
  • Bump structopt from 0.3.18 to 0.3.19 (#267) @dependabot-preview
  • Bump futures from 0.3.5 to 0.3.6 (#265) @dependabot-preview
  • docs: add mattcorbin as a contributor (#261) @allcontributors
  • docs: add bofh69 as a contributor (#256) @allcontributors
  • Add integration tests with timeout (#254) @bofh69
  • Update README for instructions for v.10.0 & add all releases to DockerHub (#251) @CMNatic

Bugs

  • Changed the dns resolving to use std::net::ToSocketAddrs (#264) @shahar481
  • Add some instructions to create contributing development environment. (#298) @eiffel-fl
  • Fix Rlimit breaking change. (#283) (#284) @u5surf
  • Update .SRCINFO url (#268) @freddyb
  • Fix archives-generation from Makefile πŸ‘·β€β™‚οΈ (#263) @TGotwig
  • Docker: Fix cosmetic issues, change maintainer to rustscan (#249) @SuperSandro2000
  • Update documentation to include greppable (#253) @teofilomonteiro
  • Updated the person of README. (#255) @holmes-py
  • Added HomeBrew Bump + More CI Tests (#252) @bee-san

1.10.1 - Sep 29, 2020

What’s Changed

  • Bee ci changes (#250) @bee-san

1.10.0 - Sep 28, 2020

Features

  • Added DNS lookup using Google DNS, refactored IP code (#246) @bee-san
  • Take file of addresses as input (#237) @bee-san

Maintenance

  • Refactored tests, introduced default function in test context for structs (#235) @bergabman
  • Increase code coverage (#236) @bee-san
  • Update Dockerfile to encourage layer caching (#241) @CMNatic
  • docs: add dmitris as a contributor (#232) @allcontributors
  • Bump structopt from 0.3.17 to 0.3.18 (#243) @dependabot-preview

Bugs

  • Fix version tag typo in docker usage (#234) @CMNatic
  • Update README for v1.9.0 release (#233) @CMNatic

1.9.0 - Sep 20, 2020

⚠️ Breaking Changes ⚠️

--quiet mode is now renamed to --greppable. And this mode now returns an IP -> list like so:

Features

  • Now has a working accessible mode #230
  • Can use top X ports (top 1000 ports) if used via config file (this allows us to work on a larger feature which I think you will love, see #69 ) #230
  • Runtime measurement implementation, better debugging, and better error handling for unreachable hosts. (#225)
  • Add CIDR support (#200)
  • Introduce the -no-nmap option (#197)
  • Add configuration file (#185)

Maintenance

  • socket_iterator: use itertools.iproducts for ip x ports set (#231)
  • docs: add bergabman as a contributor (#228)
  • Bump async-std from 1.6.3 to 1.6.4 (#226)
  • Updated README to reflect v1.8.0 DockerHub tag (#224)
  • Bump serde_derive from 1.0.115 to 1.0.116 (#216)
  • Bump serde from 1.0.115 to 1.0.116 (#215)
  • Introduce SocketIterator (#208)
  • docs: add bergabman as a contributor (#204)
  • Small improvement in the scanning engine. (#203)
  • docs: add buermarc as a contributor (#198)
  • Check '.config/rustscan/config.toml' for config (#195)
  • docs: add tim77 as a contributor (#182)
  • Add Fedora/CentOS installation instructions (#181)
  • README.md tweaks (#176)
  • docs: add SuperSandro2000 as a contributor (#180)
  • Optimize Dockerfile (#178)
  • docs: add niklasmohrin as a contributor (#177)

Bugs

  • fix typo (#229)
  • Fix behaviour of --no-nmap flag (#221)
  • fixed debug log (#217)
  • Bugfixes (#206)
  • Fix incorrect timeout option in README (#205)
  • Update README.md (#194)

1.8.0 - Aug 27, 2020

Features

  • Added Windows support thanks to @caass in #171
  • Allow randomised order for manual ports #161
  • Add --port and --range options #158
  • Released new docker image #155
  • Added host resolution #152
  • Added Makefile by @TGotwig #144
  • Added accessible mode #134
  • Added port scanning strategy #135

Maintenance

  • Added the Git submodule for RustScan Scripting Engine
  • Reduced binary size #162
  • Removed -A from Nmap #160
  • Added top 1k ports in config file #159
  • Excluded unnecessary files #156
  • Added Travis config for GitHub pages in #140 by @remigourdon and @SuperSandro2000

Bugs

  • #169
  • #165
  • #153
  • #163

1.7.1 - Aug 07, 2020

Features

  • Brand new terminal user interface. Much prettier and easier to read
  • Port randomisation (so it's not a sequential hit of multiple ports)

Maintenance

  • Created macros to easily report information back to the user
  • Reduced size of error messages (boy were they long :smirk_cat: )
  • More tests

Bugs

  • #121
  • #120
  • #119
  • #114

1.6.0 - Aug 04, 2020

Features

  • Added multiple IP support. This is in extremely early stage, but it works.

Maintenance

None

Bugs

Fixed help menu bugs and quiet mode not working bugs.

1.5.2 - Aug 04, 2020

Features

  • New distributions for Arm64, AMD64, i386 debs
  • New Docker Image
  • Added --appdirs flag to find the appdirs location
  • Added community package distributions to README

Maintenance

  • Switched from u64 to u32 to support OS'
  • Refactored batch size to fix #58
  • Added new GitHub Action to verify README doesn't contain 404 links
  • Added bots to help the development of RustScan
  • Updated README #94 and #93
  • Started moving to Travis CI

Bugs

  • Fixed bug where appdirs wasn't pointing to the complete directory
  • Fixed bug where automatic ulimit lowering wasn't working on systems with extremely low ulimits (< 250).
  • Fixed #116

1.4.0 - Jul 31, 2020

Features

  • Added IPv6 support

Maintenance

  • Added arguments in structopts for ipv6
  • socketaddr is now ipv4 and ipv6 (this speeds things up)
  • Added ipv6 testing
  • Edited Contributing.md to be more welcoming
  • Added Logging module
  • Added IPv6 to Nmap command

Bugs

  • Fixed countless bugs in this new feature.

1.3 - Jul 29, 2020

Features

  • Quiet Mode -- run the scanner without Nmap

Maintenance

  • Switched to ShellWords for Nmap arg parsing. Now -- "'(safe and vuln)'" works.
  • Switched to StructOpts for argparsing
  • Refactored the code so it's more OOP
  • Removed useless string conversions
  • Starting to switch to IPv6 support

Bugs

  • Fixed bug where quiet mode printed with quotes

1.2.2 - Jul 25, 2020

  • Uploading to AUR (properly, this time)
  • Docker build
  • More Debian installation methods

1.2.0 - Jul 24, 2020

Features

  • New Ulimit features. Automatically lowers it if too high, and tells you to increase it if too slow.
  • New argument to increase ulimit.
  • New quiet mode for easy catting / grepping of ports

Maintenance

  • Warnings plastered around the app

Bugs

  • Fixed bug where it was suggested to alter ulimit after user had altered ulimit

1.1.0 - Jul 23, 2020

  • Removed threading, added async
  • Added custom nmap

1.0.1 - Jul 19, 2020

First release!

Kali Linux you would want to double click on the file rustscan_1.0.1_amd64.deb and go into terminal then dpkg -i rustscan_1.0.1_amd64.deb.

Information - Updated Sep 10, 2022

Stars: 7.1K
Forks: 576
Issues: 111

Repositories & Extras

Rocket is an async web framework for Rust with a focus on usability, security,

Visiting localhost:8000/hello/John/58, for example, will trigger the hello

Rocket is an async web framework for Rust with a focus on usability, security,

Know the exact crate versions used to build your Rust executable

Audit binaries for known bugs or security vulnerabilities in production, at scale, with zero bookkeeping

Know the exact crate versions used to build your Rust executable

macOS/iOS Security framework for Rust

MIT license (LICENSE-MIT or

macOS/iOS Security framework for Rust

Reference implementation of the Stacks blockchain in Rust

Reference implementation of the Proof of Transfer (PoX) mining that anchors to Bitcoin security

Reference implementation of the Stacks blockchain in Rust

osu! server written in Rust

Fully asynchronous, high concurrency, high performance, and high security

osu! server written in Rust

Nakamoto is a privacy-preserving Bitcoin light-client implementation in Rust,

with a focus on low resource utilization, modularity and security

Nakamoto is a privacy-preserving Bitcoin light-client implementation in Rust,

A WIP Rust implementation of Messaging Layer Security based on draft 9+

Messaging Layer Security based on draft 9+

A WIP Rust implementation of Messaging Layer Security based on draft 9+

Rust Language Security

execrices: RUSTSEC-2021-0001

Rust Language Security

security-keys-rust

Many thanks to the authors of the openpgp-card Rust crate

security-keys-rust

Owlyshield open source security platform

An OSS security platform written in rust with security threat detection

Owlyshield open source security platform

Reference implementation of the Stacks blockchain in Rust

Reference implementation of the Proof of Transfer (PoX) mining that anchors to Bitcoin security

Reference implementation of the Stacks blockchain in Rust

This crate has not been security reviewed yet, use at your own risk

(ece crate is a Rust implementation of Message Encryption for Web Push

This crate has not been security reviewed yet, use at your own risk
Facebook Instagram Twitter GitHub Dribbble
Privacy