How to use the command 'rustscan' (with examples)

How to use the command 'rustscan' (with examples)

RustScan is a powerful and fast port scanner tool that utilizes the speed of Rust alongside the comprehensive scanning ability of nmap. Designed to operate faster than traditional tools, RustScan offers quick detection of open ports, applicable for various network diagnostic and security tasks. Its efficiency and versatility make it a preferred choice among security analysts and network administrators for vulnerability assessments and network mapping.

Scan all ports of one or more comma-delimited [a]ddresses using the default values:

Code:

rustscan --addresses ip_or_hostname

Motivation:

When you need to perform a thorough scan of all possible ports on a given address or amongst several addresses, this command is ideal. It allows for a comprehensive security assessment by checking every possible port for potential vulnerabilities, not leaving anything unchecked.

Explanation:

  • rustscan: This is the command invoking RustScan.
  • --addresses: This flag tells RustScan which addresses you want to scan.
  • ip_or_hostname: Replace this with the specific IP address or hostname you wish to scan.

Example Output:

[~] The following open ports were discovered:
    PORT   STATE SERVICE
    22/tcp open  ssh
    80/tcp open  http
    443/tcp open  https

This output gives a concise list of open ports and associated services.

Scan the [t]op 1000 ports with service and version detection:

Code:

rustscan --top --addresses address_or_addresses

Motivation:

For time-efficient scans where the goal is to check the most common or susceptible ports, this option filters out and checks only the top 1000 ports. It is useful for quick assessments or when dealing with numerous addresses.

Explanation:

  • rustscan: The command name for initiating a scan.
  • --top: This flag instructs RustScan to target the top 1000 known ports.
  • --addresses: Specifies the addresses to scan.
  • address_or_addresses: The target IP address or hostname(s).

Example Output:

[~] Top 1000 ports scanning:
    21/tcp    open  ftp     vsftpd 3.0.3
    80/tcp    open  http    Apache httpd 2.4.29
    3306/tcp  open  mysql   MySQL 5.7.30

The result includes port numbers, their status, services, and software versions.

Scan a specific list of [p]orts:

Code:

rustscan --ports 22,80,443 --addresses address_or_addresses

Motivation:

When looking to inspect specific ports of interest, such as those generally used for web services, this targeted scanning approach allows you to focus resources and attention on pertinent ports for quick troubleshooting or security evaluations.

Explanation:

  • rustscan: Command to initiate RustScan.
  • --ports: Indicates user-defined ports for scanning.
  • 22,80,443: Example list of ports; these are commonly associated with SSH, HTTP, and HTTPS respectively.
  • --addresses: Address flag for specifying targets.
  • address_or_addresses: Target address selection.

Example Output:

[~] Scanning specific ports:
    22/tcp open  ssh
    80/tcp open  http
    443/tcp open  https

This output reflects the status of the specified ports.

Scan a specific range of ports:

Code:

rustscan --range 1000-2000 --addresses address_or_addresses

Motivation:

If you are investigating a specific range of ports, perhaps due to suspected activity or customized service hosting, utilizing this command benefits specific security or performance assessments across those ports.

Explanation:

  • rustscan: Initiates RustScan.
  • --range: Signals the examination of a specific port range.
  • 1000-2000: The defined range of ports to scan.
  • --addresses: Designates the target addresses.
  • address_or_addresses: The input target(s) for scanning.

Example Output:

[~] Ports in the range 1000-2000:
    1433/tcp open  ms-sql-s
    1521/tcp open  oracle
    1723/tcp open  pptp

Here, the scanner reports open ports within the specified range.

Add script arguments to nmap:

Code:

rustscan --addresses address_or_addresses -- -A -sC

Motivation:

Appending nmap scripts through RustScan allows for enhanced information retrieval about a target, blending RustScan’s speed with nmap’s comprehensive scripting library for deeper network insights – ideal for advanced diagnostics or penetration testing.

Explanation:

  • rustscan: The initiating command for RustScan operations.
  • --addresses: Indicates the address input for scanning.
  • address_or_addresses: Target addresses for the scan.
  • --: This separator allows for passing subsequent commands directly to nmap.
  • -A -sC: nmap flags for aggressive scanning (OS, version detection, etc.) and using default scripts.

Example Output:

Host up: 0.0030s latency.
Not shown: 996 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.9 (protocol 2.0)
| ssh-hostkey: 
|   2048 8f:c4:7d:7e:d8:00:98:92 (RSA)
80/tcp open  http    Apache httpd 2.4.29

This output contains deeper details like service versions and SSH host keys.

Scan with custom [b]atch size (default: 4500) and [t]imeout (default: 1500ms):

Code:

rustscan --batch-size 5000 --timeout 2000 --addresses address_or_addresses

Motivation:

Tuning batch sizes and timeouts is essential when network reliability and speed vary. Adjustments lead to improved scan performance, accommodating network conditions or specific scanning requirements by avoiding timeouts and ensuring all packets are handled properly.

Explanation:

  • rustscan: Initiates the RustScan tool.
  • --batch-size: Specifies the number of packets per batch. Here, increased from default 4500 to 5000 for larger data processing.
  • --timeout: The maximum wait time for a response, increased here to 2000 milliseconds for reliability in slower environments.
  • --addresses: Designates target for scanning.
  • address_or_addresses: Input address(es).

Example Output:

Custom batch-size and timeout configuration:
Port    Status
22/tcp  open
80/tcp  open
443/tcp open

This output reflects the success of the scan while accounting for user-configured operational parameters.

Scan with specific port order:

Code:

rustscan --scan-order random --addresses address_or_addresses

Motivation:

Executing scans in a randomized port order can be an effective method to evade detection by port monitoring security systems, adding a layer of stealth during penetration testing exercises.

Explanation:

  • rustscan: Utilizes RustScan.
  • --scan-order: Dictates the sequence in which ports are scanned, with options like serial or random.
  • random: Selecting random here ensures the scanning sequence is nondeterministic.
  • --addresses: Indicates target address or addresses.
  • address_or_addresses: Specifies who to scan.

Example Output:

Randomized scanning order:
    443/tcp open https
    22/tcp  open ssh
    80/tcp  open http

Ports are scanned and reported in a non-sequential manner for stealth.

Scan in greppable mode (only output of the ports, no nmap):

Code:

rustscan --greppable --addresses address_or_addresses

Motivation:

This mode is tailored for automated processing wherein only the crucial port information is needed quickly. It suits scripts and other tools that parse outputs for specific data analysis or monitoring purposes without extra details from nmap.

Explanation:

  • rustscan: Key command to start the scan.
  • --greppable: Limits output to a more machine-friendly format, omitting nmap integration.
  • --addresses: Specifies targets for the operation.
  • address_or_addresses: Details of the host(s) to be scanned.

Example Output:

Open ports: 22, 80, 443

A simplified format perfect for automation and further processing.

Conclusion:

RustScan is an incredibly fast and adaptable tool for conducting port scans across various network environments. It efficiently bridges the gap between the need for speed and depth of analysis, catering to everyday network security assessments, penetration testing, and IT management. Understanding each use case of RustScan equips users with the ability to tailor scans to their specific needs, ensuring both broad and targeted assessments with the maximum amount of detail and accuracy.

Related Posts

How to Utilize the Command 'biometrickitd' (with examples)

How to Utilize the Command 'biometrickitd' (with examples)

The biometrickitd command relates to the management of biometric operations on macOS systems.

Read More
How to use the command 'hatch' (with examples)

How to use the command 'hatch' (with examples)

Hatch is a modern and extensible Python project manager designed to streamline various aspects of managing your Python projects.

Read More
How to Use the Command `rustup-init.sh` (with examples)

How to Use the Command `rustup-init.sh` (with examples)

rustup-init.sh is a convenient script designed to install rustup, a toolchain installer for the Rust programming language, along with the Rust toolchain itself.

Read More