rustscan is a highly efficient, open-source port scanner designed for speed and simplicity. Written in Rust, it optimizes scanning processes by utilizing asynchronous I/O, making it ideal for network administrators, security professionals, and penetration testers who require rapid and reliable scans. rustscan can identify open ports in record time and is often used in conjunction with nmap for in-depth analysis of network security.
Common rustscan Options and Switches
-b, –batch-size <batch size>
Defines the number of ports to scan simultaneously, improving scan efficiency based on system capability. The default is set to 4500.
-t, –timeout <timeout>
Sets the connection timeout for each port scan in milliseconds. Adjusting this helps in balancing between scan speed and accuracy.
-u, –ulimit <file descriptors>
Specifies the number of file descriptors rustscan can utilize, improving performance by allowing more concurrent scans.
-a, –addresses <IP addresses>
Lists target IP addresses or ranges. This supports scanning multiple hosts or IP ranges in a single run.
-r, –range <port range>
Specifies a range of ports to scan, allowing customization of the scan scope (e.g., -r 1-1024 for well-known ports).
–nmap
Enables nmap integration, running rustscan’s port scan and nmap’s too.
–no-nmap
Disables nmap integration, running only rustscan’s port scan. Useful when only a rapid port scan is needed without further service details. On by default unless –nmap switch is set.
-N, –nmap-args <arguments>
Passes additional arguments directly to nmap when using rustscan’s nmap integration. This enables deeper analysis and customization of the scan.
–greppable
Outputs the scan results in a format compatible with tools like grep, allowing easy filtering and searching of results.
–accessibility
Simplifies output for accessibility purposes, making scan results easier to read and parse for assistive technology.
-q, –quiet
Reduces the output to only essential information, hiding verbose details to simplify review.
-v, –verbosity
Increases verbosity, providing more detailed information about the scan’s progress and outcomes.
Example rustscan Commands
Basic Port Scan
> rustscan -a 192.168.1.1
Scans the target IP address for open ports using rustscan’s default settings.
Customized Port Range
> rustscan -a 192.168.1.1 -r 1-1000
Scans only ports 1 through 1000 on the specified IP.
Batch Size Adjustment
> rustscan -a 192.168.1.1 -b 1000
Scans the target with a batch size of 1000 ports at a time.
Using a Connection Timeout
> rustscan -a 192.168.1.1 -t 1500
Sets a 1500ms timeout for each port scan connection attempt.
Running Without nmap
> rustscan -a 192.168.1.1 --no-nmap
Performs only rustscan’s quick scan, skipping any further nmap analysis.
Passing Additional nmap Arguments
> rustscan -a 192.168.1.1 -N "-sV --script vuln"
Runs rustscan followed by nmap with options to detect service versions and run vulnerability scripts on open ports.
Use Cases
rustscan is especially useful for:
- High-Speed Port Scanning: Its asynchronous I/O makes rustscan exceptionally fast, ideal for scanning large networks or multiple IPs.
- Initial Discovery: Quickly identifies open ports before conducting deeper analysis with tools like nmap.
- Security Audits: Complements penetration testing workflows by accelerating initial port discovery, saving time for more complex assessments.
- Network Diagnostics: Useful for identifying misconfigurations or open services on a network.
rustscan’s speed and flexibility make it a valuable tool for anyone needing efficient, high-performance port scanning. Its ability to integrate with nmap allows users to conduct comprehensive network scans without sacrificing speed.