How to scan a host with RustScan

Penetration Testing Wiki

How to scan a host with RustScan

When performing a penetration test, one of the most crucial parts is scanning and enumeration. Because if you lose any important port at this stage, you are letting go a juicy part of the attack vector to compromise the machine.

Nmap is the standard-de-facto for port scanning, however it’s great to know that there are other tools much more modern and pluggable such as Project Discovery port scanning tool, RustScan.

There are several ways to install the tool. We will use Docker this time because it is more independent of your operating system and local dependencies.

Of course, you’ll need docker already installed in your machine. Afterwards, you are ready to download the latest RustScan Docker image from the official repository:

docker pull rustscan/rustscan:2.0.0
[email protected]:~# docker pull rustscan/rustscan:2.0.0
2.0.0: Pulling from rustscan/rustscan
188c0c94c7c5: Pull complete 
0d8f984b5092: Pull complete 
6311e106f0ce: Pull complete 
Digest: sha256:9f7b2d282ab8f94005819a5d7011944e4071bdd5f5b4f67c5b659510d052266c
Status: Downloaded newer image for rustscan/rustscan:2.0.0
docker.io/rustscan/rustscan:2.0.0

To check that was downloaded succesfully:

[email protected]:~# docker images
REPOSITORY          TAG       IMAGE ID       CREATED         SIZE
rustscan/rustscan   2.0.0     6890f34e17b0   10 months ago   41.6MB

Once downloaded, the easiest way to run a scan is with the following command:

docker run rustscan/rustscan:2.0.0 -a $IP_ADDRESS

Let’s run it against our home router as an example:

Running RustScan from a Docker container