May 14, 2025

Shalinda's Blog

Subscribe

Install RustScan for faster Nmap Scans

shafdo 10 mins0

In this article we will try to install RustScan. For those who don’t know what RustScan is?. It’s utility written in Rust programming language that makes your Nmap portscans run a whole lot faster. Remember real hacker hack time 😉

You can check the official installation here which shows multiple installation methods. In this article we’re focusing on installing RustScan with the .deb package file. So let’s get started.

Check this repository for latest package releases. Download the lastest .deb file. In my point of time the latest is rustscan_2.3.0_amd64.deb.

wget https://github.com/RustScan/RustScan/releases/download/2.3.0/rustscan_2.3.0_amd64.deb

To install the package. Type:

sudo dpkg -i rustscan_2.3.0_amd64.deb

This should install the package. After the installation is completed. Let’s print the help option:

$ rustscan --help
rustscan 2.0.0
Fast Port Scanner built in Rust. WARNING Do not use this program against sensitive infrastructure since the specified
server may not be able to handle this many socket connections at once. - Discord https://discord.gg/GFrQsGy - GitHub
https://github.com/RustScan/RustScan

USAGE:
    rustscan [FLAGS] [OPTIONS] [-- <command>...]

FLAGS:
        --accessible    Accessible mode. Turns off features which negatively affect screen readers
    -g, --greppable     Greppable mode. Only output the ports. No Nmap. Useful for grep or outputting to a file
    -h, --help          Prints help information
    -n, --no-config     Whether to ignore the configuration file or not
        --top           Use the top 1000 ports
    -V, --version       Prints version information

OPTIONS:
    -a, --addresses <addresses>...    A list of comma separated CIDRs, IPs, or hosts to be scanned
    -b, --batch-size <batch-size>     The batch size for port scanning, it increases or slows the speed of scanning.
                                      Depends on the open file limit of your OS.  If you do 65535 it will do every port
                                      at the same time. Although, your OS may not support this [default: 4500]
    -p, --ports <ports>...            A list of comma separed ports to be scanned. Example: 80,443,8080
    -r, --range <range>               A range of ports with format start-end. Example: 1-1000
        --scan-order <scan-order>     The order of scanning to be performed. The "serial" option will scan ports in
                                      ascending order while the "random" option will scan ports randomly [default:
                                      serial]  [possible values: Serial, Random]
        --scripts <scripts>           Level of scripting required for the run [default: default]  [possible values:
                                      None, Default, Custom]
    -t, --timeout <timeout>           The timeout in milliseconds before a port is assumed to be closed [default: 1500]
        --tries <tries>               The number of tries before a port is assumed to be closed. If set to 0, rustscan
                                      will correct it to 1 [default: 1]
    -u, --ulimit <ulimit>             Automatically ups the ULIMIT with the value you provided

ARGS:
    <command>...    The Script arguments to run. To use the argument -A, end RustScan's args with '-- -A'. Example:
                    'rustscan -T 1500 127.0.0.1 -- -A -sC'. This command adds -Pn -vvv -p $PORTS automatically to
                    nmap. For things like --script '(safe and vuln)' enclose it in quotations marks \"'(safe and
                    vuln)'\"")

Let’s run a simple scan:

$ rustscan -a 10.10.248.81 -b 2500 -r 1-65535 -- -Pn -sC
.----. .-. .-. .----..---.  .----. .---.   .--.  .-. .-.
| {}  }| { } |{ {__ {_   _}{ {__  /  ___} / {} \ |  `| |
| .-. \| {_} |.-._} } | |  .-._} }\     }/  /\  \| |\  |
`-' `-'`-----'`----'  `-'  `----'  `---' `-'  `-'`-' `-'
The Modern Day Port Scanner.
________________________________________
: https://discord.gg/GFrQsGy           :
: https://github.com/RustScan/RustScan :
 --------------------------------------
Nmap? More like slowmap.🐢

[~] The config file is expected to be at "/home/shafdo/.rustscan.toml"
[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers
[!] Your file limit is very small, which negatively impacts RustScan's speed. Use the Docker image, or up the Ulimit with '--ulimit 5000'. 
Open 10.10.248.81:22
Open 10.10.248.81:8000
[~] Starting Script(s)
[>] Script to be run Some("nmap -vvv -p {{port}} {{ip}}")

Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
[~] Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-10-22 06:34 +0530
NSE: Loaded 126 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 06:34
Completed NSE at 06:34, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 06:34
Completed NSE at 06:34, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 06:34
Completed Parallel DNS resolution of 1 host. at 06:34, 0.01s elapsed
DNS resolution of 1 IPs took 0.01s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 06:34
Scanning 10.10.248.81 (10.10.248.81) [2 ports]
Discovered open port 22/tcp on 10.10.248.81
Discovered open port 8000/tcp on 10.10.248.81
Completed Connect Scan at 06:34, 0.51s elapsed (2 total ports)
NSE: Script scanning 10.10.248.81.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 06:34
Completed NSE at 06:34, 12.90s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 06:34
Completed NSE at 06:34, 0.00s elapsed
Nmap scan report for 10.10.248.81 (10.10.248.81)
Host is up, received user-set (0.51s latency).
Scanned at 2024-10-22 06:34:16 +0530 for 14s

PORT     STATE SERVICE  REASON
22/tcp   open  ssh      syn-ack
| ssh-hostkey: 
|   3072 44:5f:26:67:4b:4a:91:9b:59:7a:95:59:c8:4c:2e:04 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMc4hLykriw3nBOsKHJK1Y6eauB8OllfLLlztbB4tu4c9cO8qyOXSfZaCcb92uq/Y3u02PPHWq2yXOLPler1AFGVhuSfIpokEnT2jgQzKL63uJMZtoFzL3RW8DAzunrHhi/nQqo8sw7wDCiIN9s4PDrAXmP6YXQ5ekK30om9kd5jHG6xJ+/gIThU4ODr/pHAqr28bSpuHQdgphSjmeShDMg8wu8Kk/B0bL2oEvVxaNNWYWc1qHzdgjV5HPtq6z3MEsLYzSiwxcjDJ+EnL564tJqej6R69mjII1uHStkrmewzpiYTBRdgi9A3Yb+x8NxervECFhUR2MoR1zD+0UJbRA2v1LQaGg9oYnYXNq3Lc5c4aXz638wAUtLtw2SwTvPxDrlCmDVtUhQFDhyFOu9bSmPY0oGH5To8niazWcTsCZlx2tpQLhF/gS3jP/fVw+H6Eyz/yge3RYeyTv3ehV6vXHAGuQLvkqhT6QS21PLzvM7bCqmo1YIqHfT2DLi7jZxdk=
|   256 0a:4b:b9:b1:77:d2:48:79:fc:2f:8a:3d:64:3a:ad:94 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJNL/iO8JI5DrcvPDFlmqtX/lzemir7W+WegC7hpoYpkPES6q+0/p4B2CgDD0Xr1AgUmLkUhe2+mIJ9odtlWW30=
|   256 d3:3b:97:ea:54:bc:41:4d:03:39:f6:8f:ad:b6:a0:fb (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFG/Wi4PUTjReEdk2K4aFMi8WzesipJ0bp0iI0FM8AfE
8000/tcp open  http-alt syn-ack
|_http-title: Site doesn't have a title (text/html; charset=utf-8).
|_http-favicon: Unknown favicon MD5: FBD3DB4BEF1D598ED90E26610F23A63F
|_http-open-proxy: Proxy might be redirecting requests
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 06:34
Completed NSE at 06:34, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Initiating NSE at 06:34
Completed NSE at 06:34, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 13.62 seconds

That’s it for this article folks. See you in the next one.

shafdo

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

You May Have Missed