### Install Rust Programming Language Source: https://github.com/bee-san/rustscan/wiki/Installation-Guide Install the Rust programming language and its build tools (rustup) using the official installation script. This is a prerequisite for building RustScan from source. ```bash curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh ``` -------------------------------- ### Install RustScan with Cargo Source: https://github.com/bee-san/rustscan/blob/master/README.md Install RustScan using Cargo, Rust's package manager. Ensure Rust is installed first. ```bash cargo install rustscan ``` -------------------------------- ### Install RustScan with Pacman (Arch Linux) Source: https://github.com/bee-san/rustscan/blob/master/README.md Use this command to install RustScan on Arch Linux using the Pacman package manager. ```bash pacman -S rustscan ``` -------------------------------- ### Install RustScan with Homebrew (macOS) Source: https://github.com/bee-san/rustscan/blob/master/README.md Use this command to install RustScan on macOS using the Homebrew package manager. ```bash brew install rustscan ``` -------------------------------- ### Build RustScan from Source Source: https://github.com/bee-san/rustscan/wiki/Installation-Guide Compile RustScan from source code after cloning the repository and installing Rust. The release binary will be located in `target/release/rustscan`. ```bash cargo build --release ``` -------------------------------- ### Running External Tools with RustScan (Nmap Example) Source: https://github.com/bee-san/rustscan/wiki/RustScan-Scripting-Engine Demonstrates how to execute external tools like Nmap using RustScan's scripting engine. A shell script can be created to call any system-installed program. ```bash nmap -vvv -p {{port}} {{ip}} ``` -------------------------------- ### Custom Scripting Engine - Python Example Source: https://context7.com/bee-san/rustscan/llms.txt Provides an example of a custom Python script (`http_check.py`) that can be executed by RustScan after port scanning. It includes metadata for tags, developer, trigger port, and call format. The script checks for HTTP server responses. ```python #!/usr/bin/python3 # ~/.rustscan_scripts/http_check.py #tags = ["http", "web"] #developer = ["yourname", "https://github.com/yourname"] #trigger_port = "80" #call_format = "python3 {{script}} {{ip}} {{port}}" import sys import urllib.request if len(sys.argv) >= 3: ip = sys.argv[1] port = sys.argv[2] try: url = f"http://{ip}:{port}" response = urllib.request.urlopen(url, timeout=5) print(f"[+] HTTP server at {url} - Status: {response.status}") except Exception as e: print(f"[-] Could not connect to {url}: {e}") ``` -------------------------------- ### RustScan Call Format Example Source: https://github.com/bee-san/rustscan/wiki/RustScan-Scripting-Engine Example of a call format string used by RustScan for templating script arguments. Variables like script name, IP, and port can be included. ```text #call_format = "python3 {{script}} {{ip}} {{port}}" ``` -------------------------------- ### Python Script Example for RustScan Source: https://github.com/bee-san/rustscan/wiki/RustScan-Scripting-Engine A basic Python script demonstrating RustScan integration. Metadata like tags and call format are included as comments. The script prints its arguments. ```python #!/usr/bin/python3 #tags = ["core_approved", "example",] #developer = [ "example", "https://example.org" ] #trigger_port = "80" #call_format = "python3 {{script}} {{ip}} {{port}}" # Scriptfile parser stops at the first blank line with parsing. # This script will run itself as an argument with the system installed python interpreter, only scanning port 80. # Unused filed: ports_separator = "," import sys print('Python script ran with arguments', str(sys.argv)) ``` -------------------------------- ### RustScan Custom Script Configuration Source: https://github.com/bee-san/rustscan/wiki/RustScan-Scripting-Engine Example configuration file for custom scripts. It specifies tags, ports, and developers to filter which scripts run. ```toml # Test/Example ScriptConfig file # Tags to filter on scripts. Only scripts containing all these tags will run. tags = ["core_approved", "example"] # If it's present then only those scripts will run which has a tag ports = "80". Not yet implemented. # # ex.: # ports = ["80"] # ports = ["80","81","8080"] ports = ["80"] # Only this developer(s) scripts to run. Not yet implemented. developer = ["example"] ``` -------------------------------- ### RustScan TOML Configuration Example Source: https://github.com/bee-san/rustscan/wiki/Config-File This TOML file defines default arguments for RustScan. Arguments provided directly on the command line will override these settings. ```toml addresses = ["127.0.0.1", "192.168.0.0/30", "www.google.com"] command = ["-A"] ports = {80 = 1, 443 = 1, 8080 = 1} range = { start = 1, end = 10 } greppable = false accessible = true scan_order = "Serial" batch_size = 1000 timeout = 1000 tries = 3 ulimit = 1000 ``` -------------------------------- ### Custom Scripting Engine - Shell Example Source: https://context7.com/bee-san/rustscan/llms.txt An example of a custom Shell script (`banner_grab.sh`) for RustScan. It defines tags, developer, port separator, and call format. The script performs banner grabbing on specified ports using netcat. ```bash #!/bin/bash # ~/.rustscan_scripts/banner_grab.sh #tags = ["recon", "banner"] #developer = ["yourname", "https://github.com/yourname"] #ports_separator = "," #call_format = "bash {{script}} {{ip}} {{port}}" IP=$1 PORTS=$2 echo "[*] Banner grabbing $IP on ports $PORTS" for PORT in $(echo $PORTS | tr ',' ' '); do echo "[*] Port $PORT:" timeout 2 bash -c "echo '' | nc -v $IP $PORT 2>&1" || echo "[-] No banner" done ``` -------------------------------- ### RustScan Top 1000 Ports Configuration Source: https://github.com/bee-san/rustscan/wiki/Config-File Example TOML configuration to scan the top 1000 ports. This can be used by calling `rustscan --top` after saving this as the config file. ```toml ``` -------------------------------- ### Install RustScan with Termux Source: https://github.com/bee-san/rustscan/wiki/Installation-Guide Install RustScan on Android devices using the Termux package manager. This command is used for environments where Termux is available. ```bash pkg install rustscan ``` -------------------------------- ### Detail Macro Usage Source: https://github.com/bee-san/rustscan/wiki/Contributing-Tips Use the `detail!` macro for informational messages like "starting Nmap" or "File limit higher than batch size". It supports passing greppable and accessible mode arguments. ```rust detail!("this is a detail", opts.greppable, opts.accessible) ``` -------------------------------- ### Custom RustScan Scan Speed Configuration Source: https://github.com/bee-san/rustscan/wiki/Usage Combine batch size and timeout settings to achieve a desired scan speed. This example sets a large batch size with a short timeout for potentially faster results, but use with caution. ```bash rustscan --batch 65535 --timeout 1000 ``` -------------------------------- ### Custom DNS Resolver Configuration Source: https://context7.com/bee-san/rustscan/llms.txt Specifies a custom DNS resolver for hostname lookups during the scan. Examples show using Cloudflare, Google, and a local DNS server. ```bash # Use Cloudflare DNS rustscan -a example.com --resolver 1.1.1.1 ``` ```bash # Use Google DNS rustscan -a example.com --resolver 8.8.8.8 ``` ```bash # Use local DNS server rustscan -a internal.company.local --resolver 192.168.1.1 ``` -------------------------------- ### Execute Aliased RustScan Command Source: https://github.com/bee-san/rustscan/wiki/Installation-Guide Use the previously defined alias to run RustScan with specific arguments. This example demonstrates scanning an IP address with custom thread and banner grab settings. ```bash rustscan 127.0.0.1 -t 500 -b 1500 -- -A ``` -------------------------------- ### Scan Network with Aliased RustScan Source: https://github.com/bee-san/rustscan/wiki/Installation-Guide Perform a network scan using the previously defined `rustscan` alias. This example scans a local network range with specific thread and buffer sizes, and enables Nmap's aggressive scan. ```bash rustscan --addresses 192.168.1.0/24 -t 500 -b 1500 -- -A ``` -------------------------------- ### Configure Log Level with RUST_LOG Environment Variable Source: https://github.com/bee-san/rustscan/wiki/Debugging-RustScan Set the `RUST_LOG` environment variable to control the verbosity of logs. This example sets the log level to 'error', meaning only error messages and above will be displayed. This configuration is handled by `env_logger`. ```bash ➜ RUST_LOG=error ./rustscan 127.0.0.1 ``` -------------------------------- ### Adjust RustScan Batch Size Source: https://github.com/bee-san/rustscan/wiki/Thread-main-paniced-at-too-many-open-files If the open file limit is low, decrease the batch size in RustScan to avoid hitting the limit. For example, if the limit is 250, set the batch size to 240. ```bash rustscan -b 240 ``` -------------------------------- ### Run RustScan with Increased Timeout Source: https://github.com/bee-san/rustscan/wiki/Increasing-Speed-&-Accuracy Adjust the timeout setting for RustScan to increase accuracy. A longer timeout allows more time for a response from each port, reducing the chance of incorrectly marking an open port as closed. The default is 1.5 seconds; setting it to 4000 milliseconds (4 seconds) is shown as an example. ```bash rustscan -t 4000 ``` -------------------------------- ### Access RustScan Help Menu Source: https://github.com/bee-san/rustscan/wiki/Usage Use the --help flag to display the available commands and options for RustScan. ```bash rustscan --help ``` -------------------------------- ### Using RustScan Configuration File Source: https://context7.com/bee-san/rustscan/llms.txt Demonstrates how to utilize the TOML configuration file for scans, including using default settings, scanning top ports defined in the config, overriding config with command-line arguments, ignoring the config file, and specifying a custom config path. ```bash # Use configuration file rustscan -a 192.168.1.1 ``` ```bash # Use top ports defined in config rustscan -a 192.168.1.1 --top ``` ```bash # Override config with command line rustscan -a 192.168.1.1 -b 2000 -t 3000 ``` ```bash # Ignore configuration file rustscan -a 192.168.1.1 --no-config ``` ```bash # Use custom config path rustscan -a 192.168.1.1 -c /path/to/custom.toml ``` -------------------------------- ### Generate Arch Linux .SRCINFO File Source: https://github.com/bee-san/rustscan/wiki/Releasing Generate the .SRCINFO file for Arch Linux packaging using makepkg. This is required before committing changes. ```bash makepkg --printsrcinfo > .SRCINFO ``` -------------------------------- ### Docker Usage for RustScan Source: https://context7.com/bee-san/rustscan/llms.txt Demonstrates how to run RustScan within a Docker container for consistent environments and high file descriptor limits. Includes pulling the image, basic scanning, and passing Nmap arguments. ```bash # Pull the Docker image docker pull rustscan/rustscan:2.1.1 ``` ```bash # Basic scan with Docker docker run -it --rm --name rustscan rustscan/rustscan:2.1.1 -a 192.168.1.1 ``` ```bash # Scan with Nmap arguments docker run -it --rm --name rustscan rustscan/rustscan:2.1.1 -a 192.168.1.1 -- -A ``` ```bash # Create a shell alias for convenience alias rustscan='docker run -it --rm --name rustscan rustscan/rustscan:2.1.1' ``` ```bash # Use the alias rustscan -a 192.168.1.1 -t 500 -b 1500 -- -A ``` -------------------------------- ### Configure Ulimit Settings Source: https://context7.com/bee-san/rustscan/llms.txt Automatically adjust the system's open file descriptor limit for faster scanning. This is crucial for high-speed scans that require many concurrent connections. ```bash ulimit -a ``` ```bash ulimit -Hn ``` ```bash ulimit -Sn ``` ```bash ulimit -n 5000 ``` ```bash rustscan -a 192.168.1.1 -u 5000 ``` ```bash rustscan -a 192.168.1.1 -u 10000 -b 8000 ``` -------------------------------- ### Check Open File Limits Source: https://github.com/bee-san/rustscan/wiki/Thread-main-paniced-at-too-many-open-files Run these commands to check the current open file limits on your system. This helps in understanding the constraints before adjusting them. ```bash ulimit -a ``` ```bash ulimit -Hn ``` ```bash ulimit -Sn ``` -------------------------------- ### Build Custom RustScan Docker Image Source: https://github.com/bee-san/rustscan/wiki/Installation-Guide Build a Docker image for RustScan using the provided Dockerfile in the repository. Replace `` with your desired image name. ```bash docker build -t . ``` -------------------------------- ### Use Hosts File as Input for RustScan Source: https://github.com/bee-san/rustscan/wiki/Things-you-may-want-to-do-with-RustScan-but-don't-understand-how Provide a file containing a newline-separated list of IPs or hosts to scan using the -a argument with the filename in quotes. ```text 192.168.0.1 192.168.0.2 google.com 192.168.0.0/30 127.0.0.1 ``` ```console rustscan -a 'hosts.txt' ``` -------------------------------- ### Basic Logging Statement in Rust Source: https://github.com/bee-san/rustscan/wiki/Debugging-RustScan Use the `info!` macro from the `log` crate to output informational messages. Ensure the `log` crate is added as a dependency. ```rust info!("Printing opening"); ``` -------------------------------- ### Clone RustScan Repository Source: https://github.com/bee-san/rustscan/wiki/Installation-Guide Download the RustScan source code from its GitHub repository. This is the first step to building your own Docker image or compiling from source. ```bash git clone https://github.com/RustScan/RustScan.git ``` -------------------------------- ### Build RustScan Contributing Docker Image Source: https://github.com/bee-san/rustscan/wiki/Contributing Builds the Docker image for contributing to RustScan. Ensure you are in the project's root directory. ```bash you@home:~/RustScan$ docker build -t rustscan_contributing -f contributing.Dockerfile ``` -------------------------------- ### Navigate to RustScan Directory Source: https://github.com/bee-san/rustscan/wiki/Installation-Guide Change the current directory to the root of the cloned RustScan repository. This is necessary before building the Docker image. ```bash cd /path/to/download/RustScan ``` -------------------------------- ### RustScan Configuration File (TOML) Source: https://context7.com/bee-san/rustscan/llms.txt Defines default scan options using a TOML configuration file located at `~/.rustscan.toml`. This includes default addresses, Nmap arguments, port configurations, performance settings, and output preferences. ```toml # ~/.rustscan.toml - RustScan configuration file # Default addresses to scan (can be overridden with -a) addresses = ["127.0.0.1"] # Default Nmap arguments command = ["-A", "-sC"] # Scan specific ports when using --top flag [ports] 80 = 1 443 = 1 8080 = 1 22 = 1 21 = 1 25 = 1 3306 = 1 3389 = 1 # Port range settings [range] start = 1 end = 1000 # Performance settings batch_size = 4500 timeout = 1500 tries = 1 ulimit = 5000 # Output settings greppable = false accessible = false # Scan order: "Serial" or "Random" scan_order = "Serial" ``` -------------------------------- ### Running Custom Scripts with RustScan Source: https://context7.com/bee-san/rustscan/llms.txt Commands to execute custom scripts with RustScan. Options include running with a 'custom' script set, disabling all scripts ('none'), or using the 'default' Nmap scripts. ```bash # Run with custom scripts rustscan -a 192.168.1.1 --scripts custom ``` ```bash # Run without any scripts (port scan only) rustscan -a 192.168.1.1 --scripts none ``` ```bash # Run with default Nmap script (default behavior) rustscan -a 192.168.1.1 --scripts default ``` -------------------------------- ### Configure Batch Size and Timeout Source: https://context7.com/bee-san/rustscan/llms.txt Control scanning speed and accuracy by adjusting batch size (concurrent connections) and timeout settings. Lower batch sizes and higher timeouts can improve reliability on slower networks. ```bash rustscan -a 192.168.1.1 -b 1000 ``` ```bash rustscan -a 192.168.1.1 -t 5000 ``` ```bash rustscan -a 192.168.1.1 -b 500 -t 3000 ``` ```bash rustscan -a 192.168.1.1 -b 65535 -t 1000 ``` ```bash rustscan -a 192.168.1.1 --tries 3 ``` -------------------------------- ### Build RustScan Project in Container Source: https://github.com/bee-san/rustscan/wiki/Contributing Compiles the RustScan project within the running Docker container. This command should be executed in the container's prompt. ```bash root@container:/rustscan# cargo build ``` -------------------------------- ### Enable Custom Scripts in RustScan Source: https://github.com/bee-san/rustscan/wiki/RustScan-Scripting-Engine This command enables the execution of custom scripts. Ensure a `rustscan_scripts.toml` file is configured. ```bash rustscan --scripts custom ``` -------------------------------- ### Run RustScan with Docker Source: https://github.com/bee-san/rustscan/wiki/Installation-Guide Execute RustScan using the official Docker image. This command scans the Docker host's localhost by default. Ensure you replace `` with your desired scan parameters. ```bash docker run -it --rm --name rustscan rustscan/rustscan:2.1.1 ``` -------------------------------- ### Export Results and Run Nmap Separately Source: https://context7.com/bee-san/rustscan/llms.txt Export discovered open ports to a file and then use Nmap to perform a detailed scan on those ports. ```bash # Export results and run Nmap separately rustscan -a 192.168.1.1 -g > ports.txt nmap -p $(cat ports.txt | cut -d'[' -f2 | tr -d ']') -A 192.168.1.1 ``` -------------------------------- ### Clone Arch Linux Repository Source: https://github.com/bee-san/rustscan/wiki/Releasing Use this command to clone the RustScan Arch Linux packaging repository from AUR. ```bash git clone ssh://aur@aur.archlinux.org/rustscan.git ``` -------------------------------- ### Custom Script Configuration File Source: https://context7.com/bee-san/rustscan/llms.txt Configuration file (`.toml`) for custom scripts, allowing filtering by tags, ports, and developers. This enables selective execution of scripts based on defined criteria. ```toml # ~/.rustscan_scripts.toml - Script configuration # Filter scripts by tags tags = ["http", "recon"] # Filter by ports (optional) ports = ["80", "443", "8080"] # Filter by developer (optional) developer = ["yourname"] ``` -------------------------------- ### Run RustScan with Docker Source: https://github.com/bee-san/rustscan/wiki/Installation-Guide Execute RustScan using the official Docker image. This command runs RustScan against the Docker host's localhost. Ensure you replace `` and `` with your desired options and target. ```bash docker run -it --rm --name rustscan rustscan/rustscan:alpine ``` -------------------------------- ### Scan CIDR Notation with RustScan Source: https://github.com/bee-san/rustscan/wiki/Things-you-may-want-to-do-with-RustScan-but-don't-understand-how Utilize CIDR notation to scan entire subnets. Ensure the CIDR format is correct. ```console ➜ rustscan -a 192.168.0.0/30 ``` -------------------------------- ### Run RustScan with Specific Arguments Source: https://github.com/bee-san/rustscan/wiki/Contributing Executes the RustScan binary with specified arguments for batch size, timeout, and target IP address. This command is run within the Docker container. ```bash root@container:/rustscan# cargo run -- -b 2000 -t 5000 -a 127.0.0.1 ``` -------------------------------- ### Scan Hosts with RustScan Source: https://github.com/bee-san/rustscan/wiki/Things-you-may-want-to-do-with-RustScan-but-don't-understand-how Scan hostnames or IP addresses. RustScan will resolve hostnames and display open ports. ```console ➜ rustscan -a www.google.com, 127.0.0.1 Open 216.58.210.36:1 Open 216.58.210.36:80 Open 216.58.210.36:443 Open 127.0.0.1:53 Open 127.0.0.1:631 ``` -------------------------------- ### Random Port Ordering Scan with RustScan Source: https://github.com/bee-san/rustscan/wiki/Things-you-may-want-to-do-with-RustScan-but-don't-understand-how Scan ports in a random order to help evade firewall detection. Use the --scan-order "Random" option. ```console ➜ rustscan -a 127.0.0.1 --range 1-1000 --scan-order "Random" 53,631 ``` -------------------------------- ### Run RustScan Contributing Docker Container Source: https://github.com/bee-san/rustscan/wiki/Contributing Runs the Docker container with a volume mount to access RustScan files. This allows read and write permissions to the project files. ```bash you@home:~/RustScan$ docker run -ti --rm -v "$PWD":/rustscan -w /rustscan rustscan_contributing bash ``` -------------------------------- ### Scan Multiple IPs with RustScan Source: https://github.com/bee-san/rustscan/wiki/Things-you-may-want-to-do-with-RustScan-but-don't-understand-how Scan multiple IP addresses by providing them as a comma-separated list to the -a argument. ```console rustscan -a 127.0.0.1,0.0.0.0 ``` -------------------------------- ### Publish to Cargo Source: https://github.com/bee-san/rustscan/wiki/Releasing The command to publish the RustScan crate to the Cargo registry. ```bash Cargo Publish ``` -------------------------------- ### Format, Lint, and Test RustScan Code Source: https://github.com/bee-san/rustscan/wiki/Contributing Runs code formatting, linting with clippy, and tests for the RustScan project. These commands are executed within the Docker container. ```bash root@container:/rustscan# cargo fmt ``` ```bash root@container:/rustscan# cargo clippy ``` ```bash root@container:/rustscan# cargo test ``` -------------------------------- ### Run RustScan with Increased Batch Size Source: https://github.com/bee-san/rustscan/wiki/Increasing-Speed-&-Accuracy Execute RustScan with a custom batch size to process more ports simultaneously. This can significantly increase scanning speed. Experiment with values up to 65535, but be aware that very high values are experimental. ```bash rustscan -b 65535 ``` -------------------------------- ### Set Open File Limit with ulimit Source: https://github.com/bee-san/rustscan/wiki/Increasing-Speed-&-Accuracy Manually increase the open file limit on your system before running RustScan. This allows RustScan to potentially scan more ports concurrently. ```bash ulimit -n 70000 ``` -------------------------------- ### UDP Scanning with RustScan Source: https://context7.com/bee-san/rustscan/llms.txt Enables UDP scanning to detect open UDP ports responding to protocol-specific payloads. Specific ports or increased timeouts can be configured. ```bash # Enable UDP scanning mode rustscan -a 192.168.1.1 --udp ``` ```bash # UDP scan with specific ports rustscan -a 192.168.1.1 --udp -p 53,123,161 ``` ```bash # UDP scan with increased timeout rustscan -a 192.168.1.1 --udp -t 3000 ``` -------------------------------- ### Detailed Scan of Discovered Hosts Source: https://context7.com/bee-san/rustscan/llms.txt Conduct a detailed scan on hosts listed in a file, using a batch size of 2000 and Nmap's aggressive scan options. ```bash # Detailed scan of discovered hosts rustscan -a 'targets.txt' -t 2000 -- -A -sC -sV ``` -------------------------------- ### Enable Greppable Output Mode Source: https://context7.com/bee-san/rustscan/llms.txt Output only IP and port information without Nmap execution for piping to other tools. This mode is useful for scripting and automated analysis. ```bash rustscan -a 192.168.1.1 -g ``` ```bash rustscan -a 192.168.1.1 -g > open_ports.txt ``` ```bash rustscan -a 192.168.0.0/24 -g | grep ":80" ``` -------------------------------- ### Quick Reconnaissance Scan Source: https://context7.com/bee-san/rustscan/llms.txt Perform a quick reconnaissance scan on a subnet and save results to a file. Uses random scan order and a batch size of 2000. ```bash # Quick reconnaissance scan rustscan -a 192.168.1.0/24 -g --scan-order random -b 2000 > targets.txt ``` -------------------------------- ### Cargo.toml Dependency Source: https://context7.com/bee-san/rustscan/llms.txt Add the rustscan crate to your project's dependencies in Cargo.toml. ```toml # Cargo.toml dependency [dependencies] rustscan = "2.4" ``` -------------------------------- ### Scan Targets from Host File Source: https://context7.com/bee-san/rustscan/llms.txt Read targets from a newline-delimited file containing IPs, hostnames, and CIDR ranges. This is ideal for scanning a large or predefined list of targets. ```bash cat > targets.txt << EOF 192.168.1.1 192.168.1.2 scanme.nmap.org 10.0.0.0/30 EOF ``` ```bash rustscan -a 'targets.txt' ``` -------------------------------- ### Rust Library Usage Source: https://context7.com/bee-san/rustscan/llms.txt Integrate RustScan into your Rust projects for programmatic port scanning. Ensure you have the 'rustscan' crate added to your Cargo.toml. ```rust use rustscan::input::{Opts, PortRange, ScanOrder}; use rustscan::scanner::Scanner; use rustscan::port_strategy::PortStrategy; use std::net::IpAddr; use std::time::Duration; use futures::executor::block_on; fn main() { // Define target IPs let ips: Vec = vec![ "192.168.1.1".parse().unwrap(), "192.168.1.2".parse().unwrap(), ]; // Configure port range let range = PortRange { start: 1, end: 1000 }; let strategy = PortStrategy::pick(&Some(range), None, ScanOrder::Serial); // Create scanner with configuration let scanner = Scanner::new( &ips, 4500, // batch_size Duration::from_millis(1500), // timeout 1, // tries false, // greppable strategy, // port_strategy false, // accessible vec![], // exclude_ports false, // udp ); // Run the scan let results = block_on(scanner.run()); // Process results for socket in results { println!("Open: {}:{}", socket.ip(), socket.port()); } } ``` -------------------------------- ### Accessible Mode Output Source: https://context7.com/bee-san/rustscan/llms.txt Enables screen reader friendly output for accessibility. The output format changes to a simpler 'Open IP:Port' structure. Can be combined with greppable mode for cleaner output. ```bash # Enable accessible mode rustscan -a 192.168.1.1 --accessible ``` ```bash # Combine with greppable for clean output rustscan -a 192.168.1.1 --accessible -g ``` -------------------------------- ### UDP Service Discovery Source: https://context7.com/bee-san/rustscan/llms.txt Discover UDP services on a specific IP address within a defined port range and timeout. ```bash # UDP service discovery rustscan -a 192.168.1.1 --udp -p 53,67,68,69,123,161,500 -t 3000 ``` -------------------------------- ### Scan Multiple Selected Ports with RustScan Source: https://github.com/bee-san/rustscan/wiki/Things-you-may-want-to-do-with-RustScan-but-don't-understand-how Scan a specific set of ports by providing a comma-separated list to the -p argument. ```console ➜ rustscan -a 127.0.0.1 -p 53,80,121,65535 53 ``` -------------------------------- ### Scan Port Ranges with RustScan Source: https://github.com/bee-san/rustscan/wiki/Things-you-may-want-to-do-with-RustScan-but-don't-understand-how Scan a range of ports using the --range argument. The output will list the open ports within the specified range. ```console ➜ rustscan -a 127.0.0.1 --range 1-1000 53,631 ``` -------------------------------- ### Scan Individual Port with RustScan Source: https://github.com/bee-san/rustscan/wiki/Things-you-may-want-to-do-with-RustScan-but-don't-understand-how Specify a single port to scan for a given IP address using the -p argument. ```console ➜ rustscan -a 127.0.0.1 -p 53 53 ``` -------------------------------- ### Increase Open File Limit Source: https://github.com/bee-san/rustscan/wiki/Thread-main-paniced-at-too-many-open-files Increase the system's open file limit to allow more simultaneous connections. Be aware that exceeding system capabilities may cause instability. ```bash ulimit -n 5000 ``` -------------------------------- ### Full Port Scan with Exclusions Source: https://context7.com/bee-san/rustscan/llms.txt Perform a full port scan across a subnet, excluding a specific IP address and port, with a batch size of 5000. ```bash # Full port scan with exclusions rustscan -a 192.168.1.0/24 -x 192.168.1.1 -e 22 --range 1-65535 -b 5000 ``` -------------------------------- ### Scan Specific Ports or Ranges Source: https://context7.com/bee-san/rustscan/llms.txt Scan specific ports or port ranges instead of all 65,535 ports. This allows for targeted scanning of known services. ```bash rustscan -a 192.168.1.1 -p 22,80,443,8080 ``` ```bash rustscan -a 192.168.1.1 --range 1-1000 ``` ```bash rustscan -a 192.168.1.1 -p 443 ``` -------------------------------- ### Scan Ports in Random Order Source: https://context7.com/bee-san/rustscan/llms.txt Scan ports in random order to help evade firewall detection and rate limiting. This can be combined with other options like port ranges. ```bash rustscan -a 192.168.1.1 --scan-order random ``` ```bash rustscan -a 192.168.1.1 --range 1-1000 --scan-order random ``` -------------------------------- ### Scan Single IP or Hostname Source: https://context7.com/bee-san/rustscan/llms.txt Scan a single IP address or hostname for all open ports using default settings. This is the most basic usage of RustScan. ```bash rustscan -a 192.168.1.1 ``` ```bash rustscan -a scanme.nmap.org ``` ```bash rustscan -a 192.168.1.1,192.168.1.2,scanme.nmap.org ``` -------------------------------- ### Use Default Nmap Script in RustScan Source: https://github.com/bee-san/rustscan/wiki/RustScan-Scripting-Engine By default, RustScan uses Nmap as its script. Explicitly enabling it is not necessary. ```bash rustscan --scripts default ``` -------------------------------- ### Basic Serial Scan Source: https://context7.com/bee-san/rustscan/llms.txt Performs a basic network scan using the default serial (sequential) order. ```bash rustscan -a 192.168.1.1 --scan-order serial ``` -------------------------------- ### Adjust Nmap Arguments with RustScan Source: https://github.com/bee-san/rustscan/wiki/Things-you-may-want-to-do-with-RustScan-but-don't-understand-how Pass custom arguments directly to Nmap by using the -- argument followed by Nmap flags. This allows for advanced Nmap configurations. ```console rustscan -a 127.0.0.1 -- -A -sC ``` ```console nmap -Pn -vvv -p $PORTS -A -sC 127.0.0.1 ``` -------------------------------- ### CTF-Style Fast Scan Source: https://context7.com/bee-san/rustscan/llms.txt Execute a fast scan against a specific IP address with a high batch size and aggressive Nmap options. ```bash # CTF-style fast scan rustscan -a 10.10.10.10 -u 5000 -b 4500 -- -A ``` -------------------------------- ### Alias RustScan Docker Command Source: https://github.com/bee-san/rustscan/wiki/Installation-Guide Create a shell alias for the Docker run command to simplify repeated use of RustScan. This allows you to invoke RustScan with custom arguments directly after the alias. ```bash alias rustscan='docker run -it --rm --name rustscan rustscan/rustscan:2.1.1' ``` -------------------------------- ### Stealth Scan with Random Ordering Source: https://context7.com/bee-san/rustscan/llms.txt Perform a stealth scan with random port ordering and a timeout of 3000ms, using Nmap's version detection. ```bash # Stealth scan with random ordering rustscan -a 192.168.1.1 -b 100 -t 3000 --scan-order random -- -sV ``` -------------------------------- ### Alias RustScan Docker Command Source: https://github.com/bee-san/rustscan/wiki/Installation-Guide Create a shell alias for the Docker run command to simplify repeated use of RustScan. This allows you to invoke RustScan with custom arguments by simply typing the alias followed by the IP address. ```bash alias rustscan='docker run -it --rm --name rustscan rustscan/rustscan:alpine' ``` -------------------------------- ### Pass Custom Nmap Flags with RustScan Source: https://github.com/bee-san/rustscan/wiki/Nmap-Custom-Flags Use `--` to separate RustScan flags from Nmap flags. Any arguments after `--` are passed directly to Nmap. ```bash rustscan 127.0.0.1 -- -A ``` -------------------------------- ### Service-Specific Scan Source: https://context7.com/bee-san/rustscan/llms.txt Scan a subnet for specific common services using Nmap's version detection. ```bash # Service-specific scan rustscan -a 192.168.1.0/24 -p 21,22,23,25,80,443,3306,3389 -- -sV ``` -------------------------------- ### Disable Scripts in RustScan Source: https://github.com/bee-san/rustscan/wiki/RustScan-Scripting-Engine Use this option to run RustScan without any custom scripts or Nmap. ```bash rustscan --scripts none ``` -------------------------------- ### Excluding Ports and Addresses Source: https://context7.com/bee-san/rustscan/llms.txt Allows exclusion of specific ports or IP addresses from the scan range. This is useful for avoiding sensitive services or known hosts. ```bash # Exclude specific ports rustscan -a 192.168.1.1 -e 22,80,443 ``` ```bash # Exclude specific addresses rustscan -a 192.168.1.0/24 -x 192.168.1.1,192.168.1.254 ``` ```bash # Combine exclusions rustscan -a 192.168.1.0/24 -e 22 -x 192.168.1.1 ``` -------------------------------- ### Scan CIDR Network Ranges Source: https://context7.com/bee-san/rustscan/llms.txt Scan entire network ranges using CIDR notation for subnet-wide reconnaissance. This is useful for scanning multiple hosts within a defined network segment. ```bash rustscan -a 192.168.1.0/24 ``` ```bash rustscan -a 10.0.0.0/30 ``` ```bash rustscan -a 192.168.1.0/24,10.0.0.5,example.com ``` -------------------------------- ### Decrease RustScan Batch Size Source: https://github.com/bee-san/rustscan/wiki/Usage Reduce the number of ports scanned concurrently by setting the batch size with the -b flag. This helps in slowing down the scan to avoid overwhelming the target server. ```bash rustscan -b 10 ``` -------------------------------- ### Hide RustScan Banner Source: https://context7.com/bee-san/rustscan/llms.txt Suppresses the initial ASCII art banner displayed by RustScan for cleaner, more minimal output. Can be combined with greppable mode. ```bash # Hide the opening banner rustscan -a 192.168.1.1 --no-banner ``` ```bash # Combine with greppable for minimal output rustscan -a 192.168.1.1 --no-banner -g ``` -------------------------------- ### Pass Quoted Nmap Script Arguments with RustScan Source: https://github.com/bee-san/rustscan/wiki/Nmap-Custom-Flags When passing Nmap arguments that contain spaces or special characters, enclose them in quotations. The outer quotes are for the shell, and inner quotes are passed to Nmap. ```bash rustscan 127.0.0.1 -- --script '"(vuln and safe) or default"' ``` -------------------------------- ### Pass Custom Arguments to Nmap Source: https://context7.com/bee-san/rustscan/llms.txt Pass custom arguments to Nmap using the `--` separator. RustScan automatically adds `-Pn -vvv -p $PORTS` to Nmap commands, and these arguments are appended. ```bash rustscan -a 192.168.1.1 -- -A ``` ```bash rustscan -a 192.168.1.1 -- -sV ``` ```bash rustscan -a 192.168.1.1 -- -sC ``` ```bash rustscan -a 192.168.1.1 -- -A -sC -sV ``` ```bash rustscan -a 192.168.1.1 -- --script '"(vuln and safe) or default"' ``` ```bash rustscan -t 1500 -a 192.168.1.1 -p 80,443 -- -A -sC ``` -------------------------------- ### Increase RustScan Timeout Source: https://github.com/bee-san/rustscan/wiki/Usage Extend the time RustScan waits for a response from a port by using the -T flag with a higher value. This can be combined with batch size adjustments for finer control over scan speed. ```bash rustscan -T 5000 ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.