A full port scan take can up to 20–30 minutes, and after Nmap then comes
the Masscan, a fast tool that can scan any target so easily and can be so fast. We have
seen people, starting with a Masscan and then using that result for a Nmap scan but still, you have to do
the manual work of starting a Nmap. That’s where RustScan is so useful.
Basic Syntax
rustscan -a <IP>
Normally, after rustscan finishes the scan it starts a Nmap scan against the
target by specifying the flag -vvv (maximum verbosity) by default.
But many of you may want to run other flags. In our case we want to run -sC
and -sV also -T4. So rustscan has this feature where you can specify
-- flag and then the flags that you want to add as per Nmap.
For example.
rustscan -b 600 -a 192.168.1.1 -- -A -sC -sV -T4
- -b denotes the batch size. Normally, we use 600. It means scanning 600 ports/second. You can use a higher value here. To be more fast and more accurate, you can try to scan a machine in your private area with a 600 batch size. Then. gradually increase the number till 65355. If at any point rustscan stops detecting the open port then that means that is the breaking point of your system. Do not use a batch size greater than that number. This will also give the maximum speed you can use.
- -- denotes that after this, all flags need to be treated as Nmap flags. Do not parse these commands as RustScan flags this (--) is the end of RustScan flags and the start of Nmap flags.
Nmap Custom Flags
- RustScan automatically runs nmap -vvv -p $PORTS $IP.
- To make it run -A, execute the command rustscan 127.0.0.1 -- -A.
- If you want to run commands such as --script (vuln and safe). These commands need to be enclosed in quotation marks like --script '"(vuln or safe) or default"'.
Multiple IP Scanning
You can scan multiple IPs using a comma-separated list like so:
rustscan -a 127.0.0.1,0.0.0.0
Host Scanning
RustScan can also scan hosts, like so:
rustscan -a www.google.com,127.0.0.1
CIDR support
RustScan supports CIDR(Classless inter-domain routing):
rustscan -a 192.168.0.0/30
Hosts file as input
The file is a new line separated list of IPs / Hosts to scan:
The argument is:
rustscan -a 'hosts.txt'
Individual Port Scanning
RustScan can scan individual ports, like so:
rustscan -a 127.0.0.1 -p 53
Multiple selected port scanning
You can input a comma-separated list of ports to scan:
rustscan -a 127.0.0.1 -p 53,80,121,65535
Ranges of ports
To scan a range of ports:
rustscan -a 127.0.0.1 --range 1-1000
Adjusting the Nmap arguments
RustScan, at the moment, runs Nmap by default. You can adjust the arguments
like so:
rustscan -a 127.0.0.1 -- -A -sC
To run:
nmap -Pn -vvv -p $PORTS -A -sC 127.0.0.1
Random Port Ordering
If you want to scan ports in a random order (which will help with not
setting off firewalls) run RustScan like this:
rustscan -a 127.0.0.1 --range 1-1000 --scan-order "Random"
Additional Features
This program, by default, scans 3000 ports at a time (3000 per second). So
make sure you are not targeting real websites that you don’t own. There
are 2 ways to slow down rustscan:
- Decrease batch size rustscan -b 10 will run 10 port scans for 1 second, and then another 10 for 1 second, and so on.
- Increase timeout rustscan -T 5000 will mean RustScan waits 5 seconds until it scans the next ports.
To get your hands-on, Practice TryHackMe's
RustScan Room
We hope this helps. If any suggestions or doubts you can add a comment and
we will reply as soon as possible.
No comments:
Post a Comment