Ultra Fast Port Scanner using RustScan

Anyone performing penetration testing or reconnaissance would be familiar with Nmap as it is such a powerful and versatile tool for port scanning. The only minor disadvantage of using Nmap is how long it takes to run a scan on all 65k ports, up to 20 minutes in some cases. The guys over at RustScan have developed their own tool to scan all 65k ports in seconds rather than minutes.

Here, I’ll go through the installation steps and how to run a RustScan.

What you will need

  1. A computer running Kali Linux.
  2. A target to scan. Note that running a scan this intense is likely to crash the victim or services depending on the parameters you use so be extremely careful and only run it on machines with permission first.

Installing RustScan

On your Kali machine, go to the official RustScan repository and download the .deb file from here:

https://github.com/brandonskerritt/RustScan/releases

Open the terminal and type the following, note to change the version number to the current one you have downloaded:

cd Downloads
dpkg -i rustscan_1.2.0_amd64.deb

Run the following help command to make sure it has installed correctly:

rustscan -h

It should look something like this:

Usage

To run a basic scan, run the following command:

rustscan -b 500 -T 1500 192.168.0.1

-b 500 is the batch size

-T 1500 is the timeout in ms

The batch size determines how fast the RustScan scan is, if you set this to 65k, it will run all 65k ports at the same time. If the batch size is set to 65k and the timeout is 1000ms, RustScan will scan in 1 second depending if your operating system can tolerate this. Although you can theoretically run the scan against 65k ports, this is highly not recommended, you are likely to crash the scanned machine and potentially cause damage.

One of the advantages of using RustScan is that you can output your results to Nmap and also use Nmap arguments. For example you can run the following command:

rustscan -T 1500 127.0.0.1 -- -A -sC

The double hyphon — indicates the end of the RustScan arguments and the start of the Nmap arguments.

From the RustScan Github:

https://github.com/RustScan/RustScan