Rustscan

RustScan is a modern take on the port scanner. Sleek & fast. All while providing extensive extendability to you.

Not to mention RustScan uses Adaptive Learning to improve itself over time, making it the best port scanner for you.

To install Rustscan on your system, you'll need to install Rust programming language first. You can do so by following the instructions below:

Installing rustup on Linux or macOS

If you’re using Linux or macOS, open a terminal and enter the following command:

$ curl --proto '=https' --tlsv1.3 https://sh.rustup.rs -sSf | sh

The command downloads a script and starts the installation of the rustup tool, which installs the latest stable version of Rust. You might be prompted for your password. If the install is successful, the following line will appear:

Rust is installed now. Great!

You will also need a linker, which is a program that Rust uses to join its compiled outputs into one file. It is likely you already have one. If you get linker errors, you should install a C compiler, which will typically include a linker. A C compiler is also useful because some common Rust packages depend on C code and will need a C compiler.

On macOS, you can get a C compiler by running:

$ xcode-select --install

Linux users should generally install GCC or Clang, according to their distribution’s documentation. For example, if you use Ubuntu, you can install the build-essential package.

Installing rustup on Windows

On Windows, go to https://www.rust-lang.org/tools/install and follow the instructions for installing Rust. At some point in the installation, you’ll receive a message explaining that you’ll also need the MSVC build tools for Visual Studio 2013 or later.

To acquire the build tools, you’ll need to install Visual Studio 2022. When asked which workloads to install, include:

• “Desktop Development with C++”

• The Windows 10 or 11 SDK

• The English language pack component, along with any other language pack of your choosing

The rest of this book uses commands that work in both cmd.exe and PowerShell. If there are specific differences, we’ll explain which to use.

Troubleshooting

To check whether you have Rust installed correctly, open a shell and enter this line:

$ rustc --version

You should see the version number, commit hash, and commit date for the latest stable version that has been released, in the following format:

rustc x.y.z (abcabcabc yyyy-mm-dd)

If you see this information, you have installed Rust successfully! If you don’t see this information, check that Rust is in your %PATH% system variable as follows.

In Windows CMD, use:

> echo %PATH%

In PowerShell, use:

> echo $env:Path

In Linux and macOS, use:

$ echo $PATH

If that’s all correct and Rust still isn’t working, there are a number of places you can get help. Find out how to get in touch with other Rustaceans (a silly nickname we call ourselves) on the community page.

Time to Rustscan

Once you have installed the Rust programming language, you can install Rustscan by using the following command in your terminal:

sudo cargo install rustscan

To fingerprint the hosts on example.com, you can run the following command in your terminal:

rustscan example.com -t 50 -- -oA output_file

This will scan the top 50 most commonly used ports on example.com and write the output to a file in the format specified with -oA option (in this case, it's output_file). The output will contain the open ports and the services running on those ports. This information can be useful in determining the type of operating system and the services running on a target host.

Using Rustscan with Nmap

Rustscan is a fast port scanner, but it does not perform vulnerability scanning. To scan for vulnerabilities, you'll need to use a vulnerability scanner such as nmap. You can use Rustscan to gather information about open ports on a target system, and then use this information to perform a vulnerability scan with nmap.

Here's an example of how you could use Rustscan and nmap to scan for vulnerabilities on example.com:

1. First, use Rustscan to gather information about open ports on the target system:

$ rustscan -a example.com -t 50 -- -oA rustscan_output

Just in case of receiving a message like that:

[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers [!] Your file limit is very small, which negatively impacts RustScan's speed. Use the Docker image, or up the Ulimit with '--ulimit 5000'.

Run again adding the option suggested by rustscan

$ rustscan -a example.com -t 50 --ulimit 5000 -- -oA rustscan_output

1. Next, use the information gathered by Rustscan to perform a vulnerability scan with nmap:

nmap -iL rustscan_output -p- -A --script vuln -oA nmap_output

The -iL option specifies the input file containing the list of targets, in this case, the file generated by Rustscan (rustscan_output). The -p- option specifies that all ports should be scanned. The -A option enables OS detection, version detection, script scanning, and traceroute. The --script vuln option enables vulnerability scanning using nmap's vulnerability detection scripts. The -oA option specifies the output file format (in this case, nmap_output).