A professional-grade network scanner written in Rust with Nmap-level capability.
- 11 scan types -- TCP Connect, SYN, UDP, FIN, XMAS, NULL, ACK, Protocol, ICMP Ping, ARP, and Idle (zombie) scans
- Service & OS detection -- banner grabbing, version probing, and OS fingerprinting
- Flexible targeting -- single IPs, CIDR ranges, hostnames, and target files
- 7 output formats -- JSON, XML, CSV, HTML, Markdown, greppable, and plain text
- Timing templates -- T0 (Paranoid) through T5 (Insane), plus fine-grained rate control
- Firewall/IDS evasion -- packet fragmentation, decoys, source port spoofing, MAC spoofing, TTL manipulation, and randomized host order
- Nmap-compatible CLI -- familiar flags like
-sS,-sT,-sV,-O,-A,-T4,-oJ,-oX - Async architecture -- built on Tokio for high-throughput concurrent scanning
- Graceful shutdown -- Ctrl+C collects partial results and writes output before exit
- Rust (1.70+): https://rustup.rs
- Linux (tested on Ubuntu/ZorinOS)
- Root/sudo required for raw socket scans (SYN, UDP, FIN, etc.). TCP Connect (
-sT) works without root.
git clone https://github.com/Evil-Null/netscan.git
cd netscan
cargo install --path .To enable raw socket scans with sudo:
sudo ln -s ~/.cargo/bin/netscan /usr/local/bin/netscan# Scan top 1000 ports on a host
netscan -sT 192.168.1.1
# Fast scan (top 100 ports) with service detection
netscan -sT 192.168.1.1 -F --service-version
# SYN scan a subnet (requires root)
sudo netscan -sS 192.168.1.0/24 -p 22,80,443 -T4
# Full audit with HTML report
netscan -sT example.com -p- -A --output-html report.htmlSee USAGE.md for complete documentation including all scan types, evasion techniques, output formats, and timing options.