Sign up to save your podcasts
Or
Share Rust Scan: Empowering N-map One Scan at a Time
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Rust Scan: Empowering N-map One Scan at a Time
We all love Nmap, we really do. It's one of the first and most famous Osint-like security tools created, written almost 23 years ago (at the time of this writing) by Gordon "Fyodor" Lyon.
Since September of 2007, it's been maintained and upgraded by Lyon and a number of developers, many from Google's Summer of Code program. And on top of its long history, it continues to offer many cool features that are still extremely helpful when conducting mapping of network-facing services, for all sorts of assessments that can improve your attack surface reduction tasks.
So this is a post about Nmap? No! Actually, today we're featuring Rust Scan, an Nmap enhancer that helps you avoid time-wasting by rapidly discovering a target's open ports and combining that with the power of Nmap.
Rust Scan's inner workings
When running, Rust Scan conducts a preliminary scan using its own internal discovery technique: it creates sockets against its targets and waits for their responses.
Once this first scanning stage is completed it executes a second round using Nmap as the tool with specific tags that, by default, aim to discover the targets' operating systems.
These settings are configured by default and can be tweaked if necessary on every scan. You can also run scans without using Nmap if you like.
How is this done? As its name suggests, Rust Scan is coded in the Rust programming language sponsored by Mozilla, and offers to be your go-to solution for speed, process parallelism, and memory safety.
Let's explore how to use this tool.
Installing Rust Scan
To keep installation as simple as possible for this article, we've decided to use the docker image. You can, however, check out the different options on the GitHub official docs.
For our example, we'll do a docker pull command to download the image to our operating system, plus a simple shell alias to use the whole environment as if it were installed locally.
To install, we'll use the stable version of the docker image Rust Scan:alpine
Once it's downloaded you can check to see if everything is downloaded properly, by doing:
Then we can add a simple alias line to our favourite profile file. For our case we'll use the **.bash_profile** file:
Then (in case you're running bash as a shell) you can run the **alias** directly with the specified line or simply run the following to make it work:
Your Rust Scan installation is now ready to use. Note that using the --help flag will show every option, as there are a few (especially compared with Nmap itself). This helps make learning as simple as possible.
Running a scan
Starting the scanning is easy and straightforward. Simply place your desired target after the command name and this alone will activate the first round of analysis.
When running the tool with the **-q** flag we see Rust Scan at a more basic level of function. This will create a port scanning task against a desired target and show the open ports found.
As shown above, the output shows a comma-separated list of ports being discovered by Rust Scan's internal port-scanning engine, demonstrating how quick this tool can be.
One important detail to note is that all these scans are being made using TCP connections, with no UDP capabilities so far. Once the scan is completed it will stop, and there will be no data exchange between the tool and Nmap.
As shown above, the scan starts and once the first phase is finished with the list of the open ports it shows the **"Starting Nmap"** message. Then the second phase initiates.
Analyzing results
As the tool claims to speed up Nmap scanning times, we made some simple comparisons to find out if this is true, and to see how these two ways of "invocation approaches" can be compared.
For the first test, we tried scanning a host with some TCP ports open and checked the time declared by the tool. See the output below:
As shown above, Rust Scan found two open ports which were delivered to the Nmap executable and w...
View all episodes
By SecurityTrailsWe all love Nmap, we really do. It's one of the first and most famous Osint-like security tools created, written almost 23 years ago (at the time of this writing) by Gordon "Fyodor" Lyon.
Since September of 2007, it's been maintained and upgraded by Lyon and a number of developers, many from Google's Summer of Code program. And on top of its long history, it continues to offer many cool features that are still extremely helpful when conducting mapping of network-facing services, for all sorts of assessments that can improve your attack surface reduction tasks.
So this is a post about Nmap? No! Actually, today we're featuring Rust Scan, an Nmap enhancer that helps you avoid time-wasting by rapidly discovering a target's open ports and combining that with the power of Nmap.
Rust Scan's inner workings
When running, Rust Scan conducts a preliminary scan using its own internal discovery technique: it creates sockets against its targets and waits for their responses.
Once this first scanning stage is completed it executes a second round using Nmap as the tool with specific tags that, by default, aim to discover the targets' operating systems.
These settings are configured by default and can be tweaked if necessary on every scan. You can also run scans without using Nmap if you like.
How is this done? As its name suggests, Rust Scan is coded in the Rust programming language sponsored by Mozilla, and offers to be your go-to solution for speed, process parallelism, and memory safety.
Let's explore how to use this tool.
Installing Rust Scan
To keep installation as simple as possible for this article, we've decided to use the docker image. You can, however, check out the different options on the GitHub official docs.
For our example, we'll do a docker pull command to download the image to our operating system, plus a simple shell alias to use the whole environment as if it were installed locally.
To install, we'll use the stable version of the docker image Rust Scan:alpine
Once it's downloaded you can check to see if everything is downloaded properly, by doing:
Then we can add a simple alias line to our favourite profile file. For our case we'll use the **.bash_profile** file:
Then (in case you're running bash as a shell) you can run the **alias** directly with the specified line or simply run the following to make it work:
Your Rust Scan installation is now ready to use. Note that using the --help flag will show every option, as there are a few (especially compared with Nmap itself). This helps make learning as simple as possible.
Running a scan
Starting the scanning is easy and straightforward. Simply place your desired target after the command name and this alone will activate the first round of analysis.
When running the tool with the **-q** flag we see Rust Scan at a more basic level of function. This will create a port scanning task against a desired target and show the open ports found.
As shown above, the output shows a comma-separated list of ports being discovered by Rust Scan's internal port-scanning engine, demonstrating how quick this tool can be.
One important detail to note is that all these scans are being made using TCP connections, with no UDP capabilities so far. Once the scan is completed it will stop, and there will be no data exchange between the tool and Nmap.
As shown above, the scan starts and once the first phase is finished with the list of the open ports it shows the **"Starting Nmap"** message. Then the second phase initiates.
Analyzing results
As the tool claims to speed up Nmap scanning times, we made some simple comparisons to find out if this is true, and to see how these two ways of "invocation approaches" can be compared.
For the first test, we tried scanning a host with some TCP ports open and checked the time declared by the tool. See the output below:
As shown above, Rust Scan found two open ports which were delivered to the Nmap executable and w...