A fast, multi-threaded port scanner written in Rust with nmap-like functionality. This tool provides port scanning capabilities with service detection, banner grabbing, and detailed port descriptions.
- Multi-threaded scanning: Concurrent port scanning with configurable number of threads for improved performance
- Comprehensive port-to-service mapping: Detailed descriptions for well-known ports (0-1023), registered ports (1024-49151), and many others
- Service detection: Identify services running on open ports
- Banner grabbing: Retrieve service banners for better identification
- Progress bar: Visual progress indicator during scans
- Fast performance: Optimized Rust implementation for quick scanning
- Command-line interface: Intuitive CLI with configurable options
- Rust (1.70 or higher)
- Cargo
# Clone the repository
git clone <repository-url>
cd rust_nmap_scanner
# Build in release mode
cargo build --release
# Run the scanner
cargo run -- --help# Scan specific ports on a target
cargo run -- --target 192.168.1.1 -p 80,443,22
# Scan a port range
cargo run -- --target 192.168.1.1 -p 1-1000
# Scan a single port
cargo run -- --target example.com -p 80# Scan with service detection and banner grabbing
cargo run -- --target 192.168.1.1 -p 1-1000 -s
# Use more threads for faster scanning
cargo run -- --target 192.168.1.1 -p 1-1000 -T 200
# Combine options
cargo run -- --target 192.168.1.1 -p 1-1000 -s -T 150USAGE:
rust_nmap_scanner [OPTIONS] --target <TARGET>
OPTIONS:
-i, --target <TARGET> Target IP address, hostname, URL, or CIDR (e.g., 192.168.1.1, google.com, https://example.com, or 192.168.1.0/24)
-p, --ports <PORTS> Port range (e.g., 1-1000 or single port 80 or 80,443,1-100) [default: 1-1000]
-F, --fast Scan only top 100 common ports
-s, --service-detection Enable service detection and banner grabbing
-A, --quick-scan-plus Quick scan plus - enables aggressive service detection and version detection (implies -s)
--all-ports-quick-scan-plus All ports quick scan plus - scans all ports (1-65535) with aggressive service detection, version detection, and OS detection (like nmap -sV -T4 -O -p 1-65535 --version-light)
-u, --udp Perform UDP scan (default is TCP)
-T, --threads <THREADS> Number of concurrent threads for scanning [default: 150]
-t, --timeout <TIMEOUT> Connection timeout in milliseconds [default: 200]
-j, --json Output results in JSON format
--html Output results in HTML format
--xml Output results in XML format
--md Output results in Markdown format
-o, --output-file <OUTPUT_FILE> Output file path (optional, defaults to stdout)
-h, --help Print help information
-V, --version Print version information
cargo run -- --target scanme.nmap.org -p 1-1000 -scargo run -- --target 192.168.1.1 -p 1-65535 -T 500cargo run -- --target google.com -p 80,443,8080,8443cargo run -- --target 192.168.1.1 -p 53,67,68,161 -ucargo run -- --target 192.168.1.1 -Fcargo run -- --target 192.168.1.1 -p 1-1000 -t 1000 -jcargo run -- --target 192.168.1.0/24 -p 22,80,443# Output in HTML format
cargo run -- --target 192.168.1.1 -p 1-1000 --html
# Output in XML format
cargo run -- --target 192.168.1.1 -p 1-1000 --xml
# Output in Markdown format
cargo run -- --target 192.168.1.1 -p 1-1000 --md# Scan a website URL
cargo run -- --target https://google.com -p 80,443
# Scan a website with HTTP
cargo run -- --target http://example.com -p 80
# Scan multiple targets including URLs
cargo run -- --target https://google.com,192.168.1.1 -p 80,443# Quick scan plus - enables aggressive service detection, version detection, and OS detection (like nmap -sV -O -T4 -Pn --version-light)
cargo run -- --target 192.168.1.1 -p 22,80,443 -A
# Quick scan plus with URL
cargo run -- --target https://google.com -p 80,443 -A
# Quick scan plus with output to file
cargo run -- --target 192.168.1.1 -p 1-1000 -A -o quick_scan_report.html
# Quick scan plus with comprehensive output
cargo run -- --target 192.168.1.1 -p 1-1000 -A --html -o detailed_report.html# All ports quick scan plus - scans all ports (1-65535) with aggressive service detection, version detection, and OS detection (like nmap -sV -T4 -O -p 1-65535 --version-light)
cargo run -- --target 192.168.1.1 --all-ports-quick-scan-plus
# All ports quick scan plus with output to file
cargo run -- --target 192.168.1.1 --all-ports-quick-scan-plus -o all_ports_report.html
# All ports quick scan plus with comprehensive output
cargo run -- --target 192.168.1.1 --all-ports-quick-scan-plus --html -o comprehensive_report.html# Save HTML report to file
cargo run -- --target 192.168.1.1 -p 1-1000 --html -o scan_report.html
# Save XML report to file
cargo run -- --target 192.168.1.1 -p 1-1000 --xml -o scan_report.xml
# Save Markdown report to file
cargo run -- --target 192.168.1.1 -p 1-1000 --md -o scan_report.md
# Save JSON report to file
cargo run -- --target 192.168.1.1 -p 1-1000 --json -o scan_report.jsonThe Rust implementation provides excellent performance due to:
- Memory-safe, compiled Rust code
- Multi-threaded architecture
- Efficient TCP connection handling
- Optimized I/O operations
In testing, the scanner performs comparably to nmap while providing the safety and performance benefits of Rust.
- This tool is intended for authorized penetration testing and security research
- Always obtain proper authorization before scanning networks you don't own
- Be mindful of network load when using high thread counts
- Respect rate limits and network policies
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Inspired by the functionality of nmap
- Built with the Rust programming language
- Uses clap for command-line parsing and indicatif for progress bars