RustScan Cheat Blatt
Überblick
RustScan ist ein moderner, leistungsstarker Portscanner in Rust, der schneller und effizienter sein soll als herkömmliche Portscanner wie Nmap. Entwickelt von Bee-San, RustScan Hebel Rusts Speichersicherheit und Leistungsmerkmale, um extrem schnelle Port-Scanning-Funktionen zu bieten und gleichzeitig Genauigkeit und Zuverlässigkeit zu gewährleisten. Das Tool wurde entwickelt, um Nmap zu ergänzen und nicht zu ersetzen, oft mit Nmap zur detaillierten Service-Erkennung, nachdem RustScan offene Ports mit hoher Geschwindigkeit identifiziert.
Der Hauptvorteil von RustScan liegt in seiner außergewöhnlichen Scangeschwindigkeit, die durch effiziente asynchrone I/O-Betriebe und Rust's Zero-Cost-Abstraktionen erreicht wird. Während traditionelle Portscanner Minuten oder Stunden benötigen, um große Ports zu scannen, kann RustScan in Sekunden oder Minuten umfassende Scans durchführen. Diese Geschwindigkeitsverbesserung macht es besonders wertvoll für die Erkundung von Phasen von Penetrationstests, Netzwerk-Erkennungen und groß angelegten Infrastrukturbewertungen, bei denen die Zeiteffizienz kritisch ist.
RustScan verfügt über eine intuitive Befehlszeilen-Schnittstelle mit vernünftigen Standardeinstellungen, die es sowohl Anfängern als auch erfahrenen Sicherheitsexperten zugänglich macht. Das Tool unterstützt verschiedene Scantechniken, benutzerdefinierte Port-Bereiche und Integration mit anderen Sicherheitstools. Seine Fähigkeit, automatisch Ergebnisse zu Nmap für detaillierte Service-Enumeration zu verschicken, schafft einen leistungsfähigen Workflow, der Geschwindigkeit mit umfassender Analyse kombiniert, wodurch es ein wesentliches Werkzeug für moderne Netzwerk-Rekonaissance ist.
Installation
Binärinstallation
Installieren von RustScan von vorkompilierten Binaries:
```bash
Download latest release (Linux)
wget https://github.com/RustScan/RustScan/releases/latest/download/rustscan_2.1.1_amd64.deb sudo dpkg -i rustscan_2.1.1_amd64.deb
Install via package manager (Arch Linux)
yay -S rustscan
Install via Homebrew (macOS)
brew install rustscan
Install via Chocolatey (Windows)
choco install rustscan
Verify installation
rustscan --version ```_
Installation von Containern
Installieren von RustScan mit Rust's Paketmanager:
```bash
Install Rust and Cargo
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs|sh source ~/.cargo/env
Install RustScan from crates.io
cargo install rustscan
Install development version
cargo install --git https://github.com/RustScan/RustScan.git
Update RustScan
cargo install rustscan --force ```_
Docker Installation
```bash
Pull RustScan Docker image
docker pull rustscan/rustscan:latest
Run RustScan in container
docker run -it --rm rustscan/rustscan:latest
Create alias for easier usage
alias rustscan='docker run -it --rm rustscan/rustscan:latest'
Scan with Docker
docker run -it --rm rustscan/rustscan:latest -a 192.168.1.1 ```_
Quelle Compilation
```bash
Clone repository
git clone https://github.com/RustScan/RustScan.git cd RustScan
Build release version
cargo build --release
Install locally
cargo install --path .
Run tests
cargo test
Build with specific features
cargo build --release --features "web" ```_
Basisnutzung
Einfaches Scannen
Basic RustScan Scanvorgänge:
```bash
Scan single host
rustscan -a 192.168.1.1
Scan multiple hosts
rustscan -a 192.168.1.1,192.168.1.2,192.168.1.3
Scan IP range
rustscan -a 192.168.1.1-192.168.1.254
Scan subnet
rustscan -a 192.168.1.0/24
Scan with domain name
rustscan -a example.com ```_
Port Range Spezifikation
Steuerung von Port-Bereichen zum Scannen:
```bash
Scan specific ports
rustscan -a 192.168.1.1 -p 22,80,443
Scan port range
rustscan -a 192.168.1.1 -p 1-1000
Scan common ports (default)
rustscan -a 192.168.1.1
Scan all ports
rustscan -a 192.168.1.1 -p 1-65535
Scan top ports
rustscan -a 192.168.1.1 --top-ports 1000 ```_
Leistung Tuning
Optimierung der RustScan-Leistung:
```bash
Increase batch size for faster scanning
rustscan -a 192.168.1.1 -b 4000
Set timeout (milliseconds)
rustscan -a 192.168.1.1 -t 2000
Limit concurrent connections
rustscan -a 192.168.1.1 --ulimit 5000
Adjust scan order
rustscan -a 192.168.1.1 --scan-order "Random"
Use specific number of threads
rustscan -a 192.168.1.1 --threads 1000 ```_
Erweiterte Funktionen
Nmap Integration
Integration von RustScan mit Nmap zur detaillierten Analyse:
```bash
Pipe to Nmap for service detection
rustscan -a 192.168.1.1 -- -sV -sC
Use Nmap scripts
rustscan -a 192.168.1.1 -- --script vuln
Aggressive Nmap scan
rustscan -a 192.168.1.1 -- -A
Custom Nmap options
rustscan -a 192.168.1.1 -- -O -sS -T4
Save Nmap output
rustscan -a 192.168.1.1 -- -oA scan_results ```_
Ausgabeformatierung
Steuerung RustScan Ausgabeformat:
```bash
JSON output
rustscan -a 192.168.1.1 --output json
Save to file
rustscan -a 192.168.1.1 -o results.txt
Quiet mode
rustscan -a 192.168.1.1 -q
Verbose output
rustscan -a 192.168.1.1 -v
Custom output format
rustscan -a 192.168.1.1 --format "Host: \\{host\\}, Port: \\{port\\}" ```_
Konfigurationsdateien
Verwenden von Konfigurationsdateien für das konsistente Scannen:
```bash
Create config file
cat > ~/.rustscan.toml << 'EOF' [default] batch_size = 4000 timeout = 1500 ulimit = 5000 ports = "1-65535" addresses = ["192.168.1.0/24"]
[fast] batch_size = 8000 timeout = 1000 ulimit = 10000
[stealth] batch_size = 100 timeout = 5000 ulimit = 1000 EOF
Use config profile
rustscan --config fast -a 192.168.1.1
Override config options
rustscan --config stealth -a 192.168.1.1 -b 200 ```_
Scripting Support
Verwenden von RustScan mit benutzerdefinierten Skripten:
```bash
Custom script execution
rustscan -a 192.168.1.1 --scripts /path/to/custom_script.py
Script with arguments
rustscan -a 192.168.1.1 --scripts "python3 /path/to/script.py --target \\{host\\} --port \\{port\\}"
Multiple scripts
rustscan -a 192.168.1.1 --scripts "script1.py,script2.sh"
Conditional script execution
rustscan -a 192.168.1.1 --scripts "if [ \\{port\\} -eq 22 ]; then ssh_enum.py \\{host\\}; fi" ```_
Scannen von Techniken
Network Discovery
Netzwerk-Entdeckung und Aufklärung:
```bash
Ping sweep
rustscan -a 192.168.1.0/24 -p 0 --ping
ARP scan (local network)
rustscan -a 192.168.1.0/24 --arp
DNS resolution
rustscan -a example.com --resolve
Reverse DNS lookup
rustscan -a 192.168.1.1 --reverse-dns
IPv6 scanning
rustscan -a 2001:db8::/32 -6 ```_
Stealth Scanning
Durchführung der Stealth-Scantechniken:
```bash
Slow scan to avoid detection
rustscan -a 192.168.1.1 -b 50 -t 5000
Random port order
rustscan -a 192.168.1.1 --scan-order Random
Source port spoofing
rustscan -a 192.168.1.1 --source-port 53
Decoy scanning
rustscan -a 192.168.1.1 --decoys 192.168.1.10,192.168.1.11
Fragment packets
rustscan -a 192.168.1.1 --fragment ```_
Großes Scannen
Scannen großer Netzwerke effizient:
```bash
Scan multiple subnets
rustscan -a 192.168.0.0/16 -p 22,80,443
Parallel subnet scanning
for subnet in 192.168.\\{1..10\\}.0/24; do rustscan -a $subnet -p 22,80,443 & done wait
Distributed scanning
rustscan -a 10.0.0.0/8 --split 4 --part 1
Resume interrupted scan
rustscan -a 192.168.1.0/24 --resume scan_state.json ```_
Automatisierungsskripte
Massennetzwerk Scanning
```bash
!/bin/bash
RustScan mass network scanning script
NETWORKS_FILE="networks.txt" OUTPUT_DIR="rustscan_results" COMMON_PORTS="22,23,25,53,80,110,111,135,139,143,443,993,995,1723,3306,3389,5432,5900,8080"
mkdir -p $OUTPUT_DIR
echo "Starting mass network scanning with RustScan"
while IFS= read -r network; do echo "Scanning network: $network"
# Create network-specific output file
output_file="$OUTPUT_DIR/rustscan_$(echo $network|tr '/' '_').txt"
# Perform RustScan
rustscan -a $network -p $COMMON_PORTS -b 4000 -t 1500 > $output_file
# Extract open ports and pipe to Nmap for detailed analysis
if [ -s $output_file ]; then
echo "Found open ports in $network, running detailed Nmap scan"
nmap_output="$OUTPUT_DIR/nmap_$(echo $network|tr '/' '_').xml"
rustscan -a $network -p $COMMON_PORTS -- -sV -sC -oX $nmap_output
fi
echo "Completed scanning: $network"
sleep 2
done < "$NETWORKS_FILE"
echo "Mass scanning completed" ```_
Kontinuierliche Überwachung
```python
!/usr/bin/env python3
RustScan continuous monitoring script
import subprocess import json import time import smtplib from email.mime.text import MIMEText from datetime import datetime
class RustScanMonitor: def init(self, targets, ports, interval=3600): self.targets = targets self.ports = ports self.interval = interval self.baseline = \\{\\} self.alerts = []
def run_rustscan(self, target):
"""Run RustScan against target"""
cmd = [
"rustscan",
"-a", target,
"-p", self.ports,
"-b", "4000",
"-t", "1500",
"--output", "json"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True)
if result.returncode == 0:
return self.parse_rustscan_output(result.stdout)
else:
print(f"Error scanning \\\\{target\\\\}: \\\\{result.stderr\\\\}")
return None
except Exception as e:
print(f"Exception scanning \\\\{target\\\\}: \\\\{e\\\\}")
return None
def parse_rustscan_output(self, output):
"""Parse RustScan JSON output"""
try:
# RustScan output parsing logic
lines = output.strip().split('\n')
open_ports = []
for line in lines:
if "Open" in line and ":" in line:
port = line.split(':')[1].strip().split()[0]
open_ports.append(int(port))
return sorted(open_ports)
except Exception as e:
print(f"Error parsing output: \\\\{e\\\\}")
return []
def establish_baseline(self):
"""Establish baseline for all targets"""
print("Establishing baseline...")
for target in self.targets:
ports = self.run_rustscan(target)
if ports is not None:
self.baseline[target] = ports
print(f"Baseline for \\\\{target\\\\}: \\\\{len(ports)\\\\} open ports")
print("Baseline established")
def detect_changes(self):
"""Detect changes from baseline"""
changes = \\\\{\\\\}
for target in self.targets:
current_ports = self.run_rustscan(target)
if current_ports is not None and target in self.baseline:
baseline_ports = set(self.baseline[target])
current_ports_set = set(current_ports)
new_ports = current_ports_set - baseline_ports
closed_ports = baseline_ports - current_ports_set
if new_ports or closed_ports:
changes[target] = \\\\{
'new_ports': list(new_ports),
'closed_ports': list(closed_ports),
'timestamp': datetime.now().isoformat()
\\\\}
return changes
def send_alert(self, changes):
"""Send alert for detected changes"""
if not changes:
return
alert_message = "RustScan Monitoring Alert\n\n"
for target, change in changes.items():
alert_message += f"Target: \\\\{target\\\\}\n"
alert_message += f"Timestamp: \\\\{change['timestamp']\\\\}\n"
if change['new_ports']:
alert_message += f"New open ports: \\\\{change['new_ports']\\\\}\n"
if change['closed_ports']:
alert_message += f"Closed ports: \\\\{change['closed_ports']\\\\}\n"
alert_message += "\n"
print(alert_message)
# Add email notification logic here if needed
def monitor(self):
"""Start continuous monitoring"""
self.establish_baseline()
print(f"Starting continuous monitoring (interval: \\\\{self.interval\\\\}s)")
while True:
try:
changes = self.detect_changes()
if changes:
self.send_alert(changes)
# Update baseline with changes
for target, change in changes.items():
current_ports = self.run_rustscan(target)
if current_ports is not None:
self.baseline[target] = current_ports
time.sleep(self.interval)
except KeyboardInterrupt:
print("Monitoring stopped")
break
except Exception as e:
print(f"Monitoring error: \\\\{e\\\\}")
time.sleep(60)
Usage
if name == "main": targets = ["192.168.1.1", "192.168.1.10", "192.168.1.20"] ports = "22,80,443,3389,5900"
monitor = RustScanMonitor(targets, ports, interval=1800)
monitor.monitor()
```_
Integration von Sicherheitswerkzeugen
```python
!/usr/bin/env python3
RustScan integration with security tools
import subprocess import json import requests
class RustScanIntegration: def init(self): self.results = \\{\\}
def run_rustscan(self, target, ports="1-65535"):
"""Run RustScan and return results"""
cmd = ["rustscan", "-a", target, "-p", ports, "-b", "4000"]
try:
result = subprocess.run(cmd, capture_output=True, text=True)
if result.returncode == 0:
open_ports = self.parse_ports(result.stdout)
self.results[target] = open_ports
return open_ports
else:
print(f"RustScan error: \\\\{result.stderr\\\\}")
return []
except Exception as e:
print(f"Error running RustScan: \\\\{e\\\\}")
return []
def parse_ports(self, output):
"""Parse RustScan output for open ports"""
open_ports = []
for line in output.split('\n'):
if "Open" in line and ":" in line:
try:
port = int(line.split(':')[1].strip().split()[0])
open_ports.append(port)
except:
continue
return sorted(open_ports)
def integrate_with_nmap(self, target, ports):
"""Run detailed Nmap scan on discovered ports"""
if not ports:
return None
port_list = ",".join(map(str, ports))
cmd = [
"nmap", "-sV", "-sC", "-O",
"-p", port_list,
target,
"-oX", f"nmap_\\\\{target.replace('.', '_')\\\\}.xml"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True)
return result.stdout
except Exception as e:
print(f"Nmap integration error: \\\\{e\\\\}")
return None
def integrate_with_nuclei(self, target, ports):
"""Run Nuclei vulnerability scan"""
if not ports:
return None
# Create target list for Nuclei
targets = []
for port in ports:
if port in [80, 8080, 8000]:
targets.append(f"http://\\\\{target\\\\}:\\\\{port\\\\}")
elif port in [443, 8443]:
targets.append(f"https://\\\\{target\\\\}:\\\\{port\\\\}")
if not targets:
return None
target_file = f"nuclei_targets_\\\\{target.replace('.', '_')\\\\}.txt"
with open(target_file, 'w') as f:
f.write('\n'.join(targets))
cmd = [
"nuclei",
"-l", target_file,
"-t", "/path/to/nuclei-templates/",
"-o", f"nuclei_\\\\{target.replace('.', '_')\\\\}.txt"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True)
return result.stdout
except Exception as e:
print(f"Nuclei integration error: \\\\{e\\\\}")
return None
def integrate_with_masscan(self, target_range):
"""Use Masscan for initial discovery, then RustScan for verification"""
cmd = [
"masscan",
target_range,
"-p1-65535",
"--rate=1000",
"--output-format", "list"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True)
# Parse Masscan results
discovered_targets = set()
for line in result.stdout.split('\n'):
if line.strip():
parts = line.split()
if len(parts) >= 4:
ip = parts[3]
discovered_targets.add(ip)
# Run RustScan on discovered targets
for target in discovered_targets:
print(f"Running RustScan verification on \\\\{target\\\\}")
self.run_rustscan(target)
return list(discovered_targets)
except Exception as e:
print(f"Masscan integration error: \\\\{e\\\\}")
return []
def generate_report(self):
"""Generate comprehensive scan report"""
report = \\\\{
"scan_timestamp": time.strftime("%Y-%m-%d %H:%M:%S"),
"total_targets": len(self.results),
"targets": self.results
\\\\}
with open("rustscan_report.json", "w") as f:
json.dump(report, f, indent=2)
return report
Usage example
if name == "main": integration = RustScanIntegration()
# Scan target
target = "192.168.1.100"
ports = integration.run_rustscan(target)
# Run additional tools
if ports:
integration.integrate_with_nmap(target, ports)
integration.integrate_with_nuclei(target, ports)
# Generate report
report = integration.generate_report()
print(f"Scan completed. Found \\\\{len(ports)\\\\} open ports on \\\\{target\\\\}")
```_
Leistungsoptimierung
System Tuning
Optimierungssystem für RustScan-Leistung:
```bash
Increase file descriptor limits
echo " soft nofile 65535" >> /etc/security/limits.conf echo " hard nofile 65535" >> /etc/security/limits.conf
Optimize network stack
echo 'net.core.rmem_default = 262144' >> /etc/sysctl.conf echo 'net.core.rmem_max = 16777216' >> /etc/sysctl.conf echo 'net.core.wmem_default = 262144' >> /etc/sysctl.conf echo 'net.core.wmem_max = 16777216' >> /etc/sysctl.conf
Apply changes
sysctl -p ulimit -n 65535 ```_
Benchmark Testing
```bash
!/bin/bash
RustScan performance benchmark
TARGET="192.168.1.1" PORTS="1-1000"
echo "RustScan Performance Benchmark" echo "=============================="
Test different batch sizes
for batch_size in 1000 2000 4000 8000; do echo "Testing batch size: $batch_size"
start_time=$(date +%s.%N)
rustscan -a $TARGET -p $PORTS -b $batch_size -q
end_time=$(date +%s.%N)
duration=$(echo "$end_time - $start_time"|bc)
echo "Duration: $\\\\{duration\\\\}s"
echo ""
done
Test different timeout values
for timeout in 1000 1500 2000 3000; do echo "Testing timeout: $\\{timeout\\}ms"
start_time=$(date +%s.%N)
rustscan -a $TARGET -p $PORTS -t $timeout -q
end_time=$(date +%s.%N)
duration=$(echo "$end_time - $start_time"|bc)
echo "Duration: $\\\\{duration\\\\}s"
echo ""
done ```_
Fehlerbehebung
Gemeinsame Themen
Eintrittsfehler: ```bash
Check ulimit settings
ulimit -n
Increase ulimit for current session
ulimit -n 65535
Run with sudo if needed
sudo rustscan -a 192.168.1.1
Check firewall rules
sudo iptables -L ```_
** Netzanschluss:** ```bash
Test basic connectivity
ping 192.168.1.1
Check routing
traceroute 192.168.1.1
Verify DNS resolution
nslookup example.com
Test with different source interface
rustscan -a 192.168.1.1 --interface eth0 ```_
Leistungsfragen: ```bash
Monitor system resources
top htop
Check network utilization
iftop nethogs
Reduce batch size for stability
rustscan -a 192.168.1.1 -b 1000
Increase timeout for slow networks
rustscan -a 192.168.1.1 -t 5000 ```_
Debugging
Debugging und Logging aktivieren:
```bash
Enable verbose output
rustscan -a 192.168.1.1 -v
Debug mode
RUST_LOG=debug rustscan -a 192.168.1.1
Trace mode
RUST_LOG=trace rustscan -a 192.168.1.1
Save debug output
RUST_LOG=debug rustscan -a 192.168.1.1 2> debug.log ```_
Sicherheitsüberlegungen
Operationelle Sicherheit
** Auswirkungen auf das Netz:** - Überwachen Sie die Bandbreitennutzung bei Scans - Verwenden Sie geeignete Chargengrößen für Netzwerkkapazität - Implementieren Sie Scanplanung, um Spitzenzeiten zu vermeiden - Auswirkungen auf Zielsysteme berücksichtigen - Monitor für defensive Antworten
** Nachweisvermeidung:** - Verwenden Sie Stealth-Scanning-Techniken - Randomize Scan Timing und Muster - Implementierung der Source IP Rotation - Monitor für IDS/IPS-Benachrichtigungen - Verwenden Sie legitim aussehende Scan-Muster
Rechtliche und ethische Überlegungen
Authorisiertes Scanning Nur: - ordnungsgemäße schriftliche Genehmigung erhalten - Definieren Sie klare Grenzen - Alle Scanaktivitäten erfassen - Verantwortliche Offenlegungspraktiken - Überprüfung der Systemverfügbarkeit und -leistung
Beste Praktiken: - Verwendung in kontrollierten Umgebungen - Regelmäßige Sicherheitsbewertungen - Ergänzungsquotenbegrenzung - Monitor für unbefugte Nutzung - Pflege umfassender Audit-Strecken
Referenzen
- [RustScan GitHub Repository](https://__LINK_5___
- (LINK_5)
- Network Scanning Techniques
- Port Scanning Best Practices
- [Network Reconnaissance Guide](__LINK_5___