RustScan Weizen Blatt¶
_
Im Überblick
RustScan ist ein moderner, leistungsstarker Portscanner in Rust, der schneller und effizienter sein soll als herkömmliche Portscanner wie Nmap. Entwickelt von Bee-San, RustScan Hebel Rusts Speichersicherheit und Leistungsmerkmale, um extrem schnelle Port-Scanning-Funktionen zu bieten und gleichzeitig Genauigkeit und Zuverlässigkeit zu gewährleisten. Das Tool wurde entwickelt, um Nmap zu ergänzen und nicht zu ersetzen, oft mit Nmap zur detaillierten Service-Erkennung, nachdem RustScan offene Ports mit hoher Geschwindigkeit identifiziert.
Der Hauptvorteil von RustScan liegt in seiner außergewöhnlichen Scangeschwindigkeit, die durch effiziente asynchrone I/O-Betriebe und Rust's Zero-Cost-Abstraktionen erreicht wird. Während traditionelle Portscanner Minuten oder Stunden benötigen, um große Ports zu scannen, kann RustScan in Sekunden oder Minuten umfassende Scans durchführen. Diese Geschwindigkeitsverbesserung macht es besonders wertvoll für die Erkundung von Phasen von Penetrationstests, Netzwerk-Erkennungen und groß angelegten Infrastrukturbewertungen, bei denen die Zeiteffizienz kritisch ist.
RustScan verfügt über eine intuitive Befehlszeilen-Schnittstelle mit vernünftigen Standardeinstellungen, die es sowohl Anfängern als auch erfahrenen Sicherheitsexperten zugänglich macht. Das Tool unterstützt verschiedene Scantechniken, benutzerdefinierte Port-Bereiche und Integration mit anderen Sicherheitstools. Seine Fähigkeit, automatisch Ergebnisse zu Nmap für detaillierte Service-Enumeration zu verschicken, schafft einen leistungsfähigen Workflow, der Geschwindigkeit mit umfassender Analyse kombiniert, wodurch es ein wesentliches Werkzeug für moderne Netzwerk-Rekonaissance ist.
• Installation
Binary Installation¶
Installieren von RustScan von vorkompilierten Binaries:
# Download latest release (Linux)
wget https://github.com/RustScan/RustScan/releases/latest/download/rustscan_2.1.1_amd64.deb
sudo dpkg -i rustscan_2.1.1_amd64.deb
# Install via package manager (Arch Linux)
yay -S rustscan
# Install via Homebrew (macOS)
brew install rustscan
# Install via Chocolatey (Windows)
choco install rustscan
# Verify installation
rustscan --version
Cargo Installation¶
Installieren von RustScan mit Rust's Paketmanager:
# Install Rust and Cargo
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs|sh
source ~/.cargo/env
# Install RustScan from crates.io
cargo install rustscan
# Install development version
cargo install --git https://github.com/RustScan/RustScan.git
# Update RustScan
cargo install rustscan --force
Docker Installation¶
# Pull RustScan Docker image
docker pull rustscan/rustscan:latest
# Run RustScan in container
docker run -it --rm rustscan/rustscan:latest
# Create alias for easier usage
alias rustscan='docker run -it --rm rustscan/rustscan:latest'
# Scan with Docker
docker run -it --rm rustscan/rustscan:latest -a 192.168.1.1
Source Compilation¶
# Clone repository
git clone https://github.com/RustScan/RustScan.git
cd RustScan
# Build release version
cargo build --release
# Install locally
cargo install --path .
# Run tests
cargo test
# Build with specific features
cargo build --release --features "web"
oder Basisnutzung
Simple Scanning¶
Basic RustScan Scanvorgänge:
# Scan single host
rustscan -a 192.168.1.1
# Scan multiple hosts
rustscan -a 192.168.1.1,192.168.1.2,192.168.1.3
# Scan IP range
rustscan -a 192.168.1.1-192.168.1.254
# Scan subnet
rustscan -a 192.168.1.0/24
# Scan with domain name
rustscan -a example.com
Port Range Spezifikation¶
Steuerung von Port-Bereichen zum Scannen:
# Scan specific ports
rustscan -a 192.168.1.1 -p 22,80,443
# Scan port range
rustscan -a 192.168.1.1 -p 1-1000
# Scan common ports (default)
rustscan -a 192.168.1.1
# Scan all ports
rustscan -a 192.168.1.1 -p 1-65535
# Scan top ports
rustscan -a 192.168.1.1 --top-ports 1000
Performance Tuning¶
Optimierung der RustScan-Leistung:
# Increase batch size for faster scanning
rustscan -a 192.168.1.1 -b 4000
# Set timeout (milliseconds)
rustscan -a 192.168.1.1 -t 2000
# Limit concurrent connections
rustscan -a 192.168.1.1 --ulimit 5000
# Adjust scan order
rustscan -a 192.168.1.1 --scan-order "Random"
# Use specific number of threads
rustscan -a 192.168.1.1 --threads 1000
Erweiterte Eigenschaften
Nmap Integration¶
Integration von RustScan mit Nmap zur detaillierten Analyse:
# Pipe to Nmap for service detection
rustscan -a 192.168.1.1 -- -sV -sC
# Use Nmap scripts
rustscan -a 192.168.1.1 -- --script vuln
# Aggressive Nmap scan
rustscan -a 192.168.1.1 -- -A
# Custom Nmap options
rustscan -a 192.168.1.1 -- -O -sS -T4
# Save Nmap output
rustscan -a 192.168.1.1 -- -oA scan_results
Ausgabeformatierung¶
Steuerung RustScan Ausgabeformat:
# JSON output
rustscan -a 192.168.1.1 --output json
# Save to file
rustscan -a 192.168.1.1 -o results.txt
# Quiet mode
rustscan -a 192.168.1.1 -q
# Verbose output
rustscan -a 192.168.1.1 -v
# Custom output format
rustscan -a 192.168.1.1 --format "Host: \\\\{host\\\\}, Port: \\\\{port\\\\}"
Dateien konfigurieren¶
Verwenden von Konfigurationsdateien für das konsistente Scannen:
# Create config file
cat > ~/.rustscan.toml << 'EOF'
[default]
batch_size = 4000
timeout = 1500
ulimit = 5000
ports = "1-65535"
addresses = ["192.168.1.0/24"]
[fast]
batch_size = 8000
timeout = 1000
ulimit = 10000
[stealth]
batch_size = 100
timeout = 5000
ulimit = 1000
EOF
# Use config profile
rustscan --config fast -a 192.168.1.1
# Override config options
rustscan --config stealth -a 192.168.1.1 -b 200
Scripting Support¶
Verwenden von RustScan mit benutzerdefinierten Skripten:
# Custom script execution
rustscan -a 192.168.1.1 --scripts /path/to/custom_script.py
# Script with arguments
rustscan -a 192.168.1.1 --scripts "python3 /path/to/script.py --target \\\\{host\\\\} --port \\\\{port\\\\}"
# Multiple scripts
rustscan -a 192.168.1.1 --scripts "script1.py,script2.sh"
# Conditional script execution
rustscan -a 192.168.1.1 --scripts "if [ \\\\{port\\\\} -eq 22 ]; then ssh_enum.py \\\\{host\\\\}; fi"
Scannen von Techniken
Network Discovery¶
Netzwerk-Entdeckung und Aufklärung:
# Ping sweep
rustscan -a 192.168.1.0/24 -p 0 --ping
# ARP scan (local network)
rustscan -a 192.168.1.0/24 --arp
# DNS resolution
rustscan -a example.com --resolve
# Reverse DNS lookup
rustscan -a 192.168.1.1 --reverse-dns
# IPv6 scanning
rustscan -a 2001:db8::/32 -6
Stealth Scanning¶
Durchführung der Stealth-Scantechniken:
# Slow scan to avoid detection
rustscan -a 192.168.1.1 -b 50 -t 5000
# Random port order
rustscan -a 192.168.1.1 --scan-order Random
# Source port spoofing
rustscan -a 192.168.1.1 --source-port 53
# Decoy scanning
rustscan -a 192.168.1.1 --decoys 192.168.1.10,192.168.1.11
# Fragment packets
rustscan -a 192.168.1.1 --fragment
Large-Scale Scanning¶
Scannen großer Netzwerke effizient:
# Scan multiple subnets
rustscan -a 192.168.0.0/16 -p 22,80,443
# Parallel subnet scanning
for subnet in 192.168.\\\\{1..10\\\\}.0/24; do
rustscan -a $subnet -p 22,80,443 &
done
wait
# Distributed scanning
rustscan -a 10.0.0.0/8 --split 4 --part 1
# Resume interrupted scan
rustscan -a 192.168.1.0/24 --resume scan_state.json
Automatisierungsskripte
Mass Network Scanning¶
#!/bin/bash
# RustScan mass network scanning script
NETWORKS_FILE="networks.txt"
OUTPUT_DIR="rustscan_results"
COMMON_PORTS="22,23,25,53,80,110,111,135,139,143,443,993,995,1723,3306,3389,5432,5900,8080"
mkdir -p $OUTPUT_DIR
echo "Starting mass network scanning with RustScan"
while IFS= read -r network; do
echo "Scanning network: $network"
# Create network-specific output file
output_file="$OUTPUT_DIR/rustscan_$(echo $network|tr '/' '_').txt"
# Perform RustScan
rustscan -a $network -p $COMMON_PORTS -b 4000 -t 1500 > $output_file
# Extract open ports and pipe to Nmap for detailed analysis
if [ -s $output_file ]; then
echo "Found open ports in $network, running detailed Nmap scan"
nmap_output="$OUTPUT_DIR/nmap_$(echo $network|tr '/' '_').xml"
rustscan -a $network -p $COMMON_PORTS -- -sV -sC -oX $nmap_output
fi
echo "Completed scanning: $network"
sleep 2
done < "$NETWORKS_FILE"
echo "Mass scanning completed"
Kontinuierliche Überwachung¶
#!/usr/bin/env python3
# RustScan continuous monitoring script
import subprocess
import json
import time
import smtplib
from email.mime.text import MIMEText
from datetime import datetime
class RustScanMonitor:
def __init__(self, targets, ports, interval=3600):
self.targets = targets
self.ports = ports
self.interval = interval
self.baseline = \\\\{\\\\}
self.alerts = []
def run_rustscan(self, target):
"""Run RustScan against target"""
cmd = [
"rustscan",
"-a", target,
"-p", self.ports,
"-b", "4000",
"-t", "1500",
"--output", "json"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True)
if result.returncode == 0:
return self.parse_rustscan_output(result.stdout)
else:
print(f"Error scanning \\\\{target\\\\}: \\\\{result.stderr\\\\}")
return None
except Exception as e:
print(f"Exception scanning \\\\{target\\\\}: \\\\{e\\\\}")
return None
def parse_rustscan_output(self, output):
"""Parse RustScan JSON output"""
try:
# RustScan output parsing logic
lines = output.strip().split('\n')
open_ports = []
for line in lines:
if "Open" in line and ":" in line:
port = line.split(':')[1].strip().split()[0]
open_ports.append(int(port))
return sorted(open_ports)
except Exception as e:
print(f"Error parsing output: \\\\{e\\\\}")
return []
def establish_baseline(self):
"""Establish baseline for all targets"""
print("Establishing baseline...")
for target in self.targets:
ports = self.run_rustscan(target)
if ports is not None:
self.baseline[target] = ports
print(f"Baseline for \\\\{target\\\\}: \\\\{len(ports)\\\\} open ports")
print("Baseline established")
def detect_changes(self):
"""Detect changes from baseline"""
changes = \\\\{\\\\}
for target in self.targets:
current_ports = self.run_rustscan(target)
if current_ports is not None and target in self.baseline:
baseline_ports = set(self.baseline[target])
current_ports_set = set(current_ports)
new_ports = current_ports_set - baseline_ports
closed_ports = baseline_ports - current_ports_set
if new_ports or closed_ports:
changes[target] = \\\\{
'new_ports': list(new_ports),
'closed_ports': list(closed_ports),
'timestamp': datetime.now().isoformat()
\\\\}
return changes
def send_alert(self, changes):
"""Send alert for detected changes"""
if not changes:
return
alert_message = "RustScan Monitoring Alert\n\n"
for target, change in changes.items():
alert_message += f"Target: \\\\{target\\\\}\n"
alert_message += f"Timestamp: \\\\{change['timestamp']\\\\}\n"
if change['new_ports']:
alert_message += f"New open ports: \\\\{change['new_ports']\\\\}\n"
if change['closed_ports']:
alert_message += f"Closed ports: \\\\{change['closed_ports']\\\\}\n"
alert_message += "\n"
print(alert_message)
# Add email notification logic here if needed
def monitor(self):
"""Start continuous monitoring"""
self.establish_baseline()
print(f"Starting continuous monitoring (interval: \\\\{self.interval\\\\}s)")
while True:
try:
changes = self.detect_changes()
if changes:
self.send_alert(changes)
# Update baseline with changes
for target, change in changes.items():
current_ports = self.run_rustscan(target)
if current_ports is not None:
self.baseline[target] = current_ports
time.sleep(self.interval)
except KeyboardInterrupt:
print("Monitoring stopped")
break
except Exception as e:
print(f"Monitoring error: \\\\{e\\\\}")
time.sleep(60)
# Usage
if __name__ == "__main__":
targets = ["192.168.1.1", "192.168.1.10", "192.168.1.20"]
ports = "22,80,443,3389,5900"
monitor = RustScanMonitor(targets, ports, interval=1800)
monitor.monitor()
Integration mit Sicherheitswerkzeugen¶
#!/usr/bin/env python3
# RustScan integration with security tools
import subprocess
import json
import requests
class RustScanIntegration:
def __init__(self):
self.results = \\\\{\\\\}
def run_rustscan(self, target, ports="1-65535"):
"""Run RustScan and return results"""
cmd = ["rustscan", "-a", target, "-p", ports, "-b", "4000"]
try:
result = subprocess.run(cmd, capture_output=True, text=True)
if result.returncode == 0:
open_ports = self.parse_ports(result.stdout)
self.results[target] = open_ports
return open_ports
else:
print(f"RustScan error: \\\\{result.stderr\\\\}")
return []
except Exception as e:
print(f"Error running RustScan: \\\\{e\\\\}")
return []
def parse_ports(self, output):
"""Parse RustScan output for open ports"""
open_ports = []
for line in output.split('\n'):
if "Open" in line and ":" in line:
try:
port = int(line.split(':')[1].strip().split()[0])
open_ports.append(port)
except:
continue
return sorted(open_ports)
def integrate_with_nmap(self, target, ports):
"""Run detailed Nmap scan on discovered ports"""
if not ports:
return None
port_list = ",".join(map(str, ports))
cmd = [
"nmap", "-sV", "-sC", "-O",
"-p", port_list,
target,
"-oX", f"nmap_\\\\{target.replace('.', '_')\\\\}.xml"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True)
return result.stdout
except Exception as e:
print(f"Nmap integration error: \\\\{e\\\\}")
return None
def integrate_with_nuclei(self, target, ports):
"""Run Nuclei vulnerability scan"""
if not ports:
return None
# Create target list for Nuclei
targets = []
for port in ports:
if port in [80, 8080, 8000]:
targets.append(f"http://\\\\{target\\\\}:\\\\{port\\\\}")
elif port in [443, 8443]:
targets.append(f"https://\\\\{target\\\\}:\\\\{port\\\\}")
if not targets:
return None
target_file = f"nuclei_targets_\\\\{target.replace('.', '_')\\\\}.txt"
with open(target_file, 'w') as f:
f.write('\n'.join(targets))
cmd = [
"nuclei",
"-l", target_file,
"-t", "/path/to/nuclei-templates/",
"-o", f"nuclei_\\\\{target.replace('.', '_')\\\\}.txt"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True)
return result.stdout
except Exception as e:
print(f"Nuclei integration error: \\\\{e\\\\}")
return None
def integrate_with_masscan(self, target_range):
"""Use Masscan for initial discovery, then RustScan for verification"""
cmd = [
"masscan",
target_range,
"-p1-65535",
"--rate=1000",
"--output-format", "list"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True)
# Parse Masscan results
discovered_targets = set()
for line in result.stdout.split('\n'):
if line.strip():
parts = line.split()
if len(parts) >= 4:
ip = parts[3]
discovered_targets.add(ip)
# Run RustScan on discovered targets
for target in discovered_targets:
print(f"Running RustScan verification on \\\\{target\\\\}")
self.run_rustscan(target)
return list(discovered_targets)
except Exception as e:
print(f"Masscan integration error: \\\\{e\\\\}")
return []
def generate_report(self):
"""Generate comprehensive scan report"""
report = \\\\{
"scan_timestamp": time.strftime("%Y-%m-%d %H:%M:%S"),
"total_targets": len(self.results),
"targets": self.results
\\\\}
with open("rustscan_report.json", "w") as f:
json.dump(report, f, indent=2)
return report
# Usage example
if __name__ == "__main__":
integration = RustScanIntegration()
# Scan target
target = "192.168.1.100"
ports = integration.run_rustscan(target)
# Run additional tools
if ports:
integration.integrate_with_nmap(target, ports)
integration.integrate_with_nuclei(target, ports)
# Generate report
report = integration.generate_report()
print(f"Scan completed. Found \\\\{len(ports)\\\\} open ports on \\\\{target\\\\}")
 Leistungsoptimierung
System Tuning¶
Optimierungssystem für RustScan-Leistung:
# Increase file descriptor limits
echo "* soft nofile 65535" >> /etc/security/limits.conf
echo "* hard nofile 65535" >> /etc/security/limits.conf
# Optimize network stack
echo 'net.core.rmem_default = 262144' >> /etc/sysctl.conf
echo 'net.core.rmem_max = 16777216' >> /etc/sysctl.conf
echo 'net.core.wmem_default = 262144' >> /etc/sysctl.conf
echo 'net.core.wmem_max = 16777216' >> /etc/sysctl.conf
# Apply changes
sysctl -p
ulimit -n 65535
Benchmark Testing¶
#!/bin/bash
# RustScan performance benchmark
TARGET="192.168.1.1"
PORTS="1-1000"
echo "RustScan Performance Benchmark"
echo "=============================="
# Test different batch sizes
for batch_size in 1000 2000 4000 8000; do
echo "Testing batch size: $batch_size"
start_time=$(date +%s.%N)
rustscan -a $TARGET -p $PORTS -b $batch_size -q
end_time=$(date +%s.%N)
duration=$(echo "$end_time - $start_time"|bc)
echo "Duration: $\\\\{duration\\\\}s"
echo ""
done
# Test different timeout values
for timeout in 1000 1500 2000 3000; do
echo "Testing timeout: $\\\\{timeout\\\\}ms"
start_time=$(date +%s.%N)
rustscan -a $TARGET -p $PORTS -t $timeout -q
end_time=$(date +%s.%N)
duration=$(echo "$end_time - $start_time"|bc)
echo "Duration: $\\\\{duration\\\\}s"
echo ""
done
Fehlerbehebung
Häufige Fragen¶
Eintrittsfehler:
# Check ulimit settings
ulimit -n
# Increase ulimit for current session
ulimit -n 65535
# Run with sudo if needed
sudo rustscan -a 192.168.1.1
# Check firewall rules
sudo iptables -L
```_
** Netzanschluss:**
```bash
# Test basic connectivity
ping 192.168.1.1
# Check routing
traceroute 192.168.1.1
# Verify DNS resolution
nslookup example.com
# Test with different source interface
rustscan -a 192.168.1.1 --interface eth0
```_
**Leistungsfragen:**
```bash
# Monitor system resources
top
htop
# Check network utilization
iftop
nethogs
# Reduce batch size for stability
rustscan -a 192.168.1.1 -b 1000
# Increase timeout for slow networks
rustscan -a 192.168.1.1 -t 5000
```_
### Debugging
Debugging und Logging aktivieren:
```bash
# Enable verbose output
rustscan -a 192.168.1.1 -v
# Debug mode
RUST_LOG=debug rustscan -a 192.168.1.1
# Trace mode
RUST_LOG=trace rustscan -a 192.168.1.1
# Save debug output
RUST_LOG=debug rustscan -a 192.168.1.1 2> debug.log
Sicherheitsbedenken
Operationelle Sicherheit¶
** Auswirkungen auf das Netz:** - Überwachen Sie die Bandbreitennutzung bei Scans - Verwenden Sie geeignete Chargengrößen für Netzwerkkapazität - Implementieren Sie Scanplanung, um Spitzenzeiten zu vermeiden - Auswirkungen auf Zielsysteme berücksichtigen - Monitor für defensive Antworten
** Nachweisvermeidung:** - Verwenden Sie Stealth Scantechniken - Randomize Scan Timing und Muster - Implementierung der Source IP Rotation - Monitor für IDS/IPS-Benachrichtigungen - Verwenden Sie legitim aussehende Scan-Muster
Rechtliche und ethische Überlegungen¶
Authorisiertes Scanning Nur: - ordnungsgemäße schriftliche Genehmigung erhalten - Definieren Sie klare Grenzen - Dokumente alle Scanaktivitäten - Folgen Sie verantwortungsvolle Offenlegungspraktiken - Überprüfung der Systemverfügbarkeit und -leistung
Beste Praktiken: - Einsatz in kontrollierten Umgebungen - Regelmäßige Sicherheitsbewertungen - Leistungsbegrenzung - Monitor für unbefugte Nutzung - Pflege umfassender Audit-Strecken
Referenzen
ANHANG RustScan GitHub Repository 2. Programmiersprache ausführen 3. Netzwerk Scanning Techniques_ 4. Port Scanning Best Practices 5. Network Reconnaissance Guide_