介绍
rustscan是一个纯粹的端口扫描工具,得益于rust的特性,这个工具将端口扫描这一件事情做到了极致。
开源链接
RustScan/RustScan: 🤖 The Modern Port Scanner 🤖 (github.com)
github.com/RustScan/RustScan
开发板架构
使用RK平台的RK3568,aarch64 Linux系统
构建过程
由于之前已经有过rust交叉编译的经历,由于我使用的不是gun官方的工具链,所以工具链名称上会有所区别
创建默认构建配置
.cargo/config.toml
[build]
target = "aarch64-unknown-linux-gnu"
[target.aarch64-unknown-linux-gnu]
linker = "aarch64-linux-gnu-gcc"
开始构建
cargo b --release
由于上一篇文件在构建dufs中以及解决了错误,所以本次构建没有错误可以直接使用。
使用测试
./rustscan -h
rustscan 2.1.1
Fast Port Scanner built in Rust. WARNING Do not use this program against sensitive infrastructure since the specified
server may not be able to handle this many socket connections at once. - Discord <http://discord.skerritt.blog> -
GitHub <https://github.com/RustScan/RustScan>
USAGE:
rustscan [FLAGS] [OPTIONS] [-- <command>...]
FLAGS:
--accessible Accessible mode. Turns off features which negatively affect screen readers
-g, --greppable Greppable mode. Only output the ports. No Nmap. Useful for grep or outputting to a file
-h, --help Prints help information
-n, --no-config Whether to ignore the configuration file or not
--top Use the top 1000 ports
-V, --version Prints version information
OPTIONS:
-a, --addresses <addresses>... A comma-delimited list or newline-delimited file of separated CIDRs, IPs, or
hosts to be scanned
-b, --batch-size <batch-size> The batch size for port scanning, it increases or slows the speed of scanning.
Depends on the open file limit of your OS. If you do 65535 it will do every port
at the same time. Although, your OS may not support this [default: 4500]
-c, --config-path <config-path> Custom path to config file
-p, --ports <ports>... A list of comma separated ports to be scanned. Example: 80,443,8080
-r, --range <range> A range of ports with format start-end. Example: 1-1000
--scan-order <scan-order> The order of scanning to be performed. The "serial" option will scan ports in
ascending order while the "random" option will scan ports randomly [default:
serial] [possible values: Serial, Random]
--scripts <scripts> Level of scripting required for the run [default: default] [possible values:
None, Default, Custom]
-t, --timeout <timeout> The timeout in milliseconds before a port is assumed to be closed [default: 1500]
--tries <tries> The number of tries before a port is assumed to be closed. If set to 0, rustscan
will correct it to 1 [default: 1]
-u, --ulimit <ulimit> Automatically ups the ULIMIT with the value you provided
ARGS:
<command>... The Script arguments to run. To use the argument -A, end RustScan's args with '-- -A'. Example:
'rustscan -T 1500 -a 127.0.0.1 -- -A -sC'. This command adds -Pn -vvv -p $PORTS automatically to
nmap. For things like --script '(safe and vuln)' enclose it in quotations marks \"'(safe and
vuln)'\"")
默认rustscan给的策略限制比较小,所以扫描速度会略慢,如果我们对自己的硬件足够自信,可以增加ulimit的大小来进行扫描。
指定 50000 大小,扫描完一个服务器的所有端口需要
效率还是非常不错的~