Modern Rust-based port scanner — finds open ports in seconds and pipes results to Nmap for service detection.
Installation
Pick the install method that matches your stack. The Docker option is the cleanest for one-off scans where you don’t want to pollute your workstation.
Cargo
cargo install rustscanBinary release
wget https://github.com/RustScan/RustScan/releases/latest/download/rustscan_amd64.deb && sudo dpkg -i rustscan_amd64.debDocker
docker run -it --rm rustscan/rustscan -a target.comCore commands
The handful of invocations you’ll actually run on 90% of engagements:
Default scan + auto-pipe to Nmap
rustscan -a target.comScan all ports faster
rustscan -a target.com -p 1-65535Multiple targets
rustscan -a target.com,10.0.0.5,scanme.nmap.orgAdaptive scan + custom Nmap args
rustscan -a target.com -- -sV --script vulnAdjust timing
rustscan -a target.com -b 5000 -t 1500Performance optimisation
What separates a junior who runs the default invocation from a practitioner who knows the knobs:
-b 4500batch size = ports scanned in parallel. Default 4500 works for most. Lower on flaky networks.-t 1500timeout in ms per port. Drop to 500 on LAN, raise to 3000 for slow internet.- Adaptive learning: RustScan auto-adjusts batch size based on response success — leave defaults alone for first run.
-u 5000raises ulimit (open files limit) — prevents “too many open files” on /16+ scans.
Common pitfalls
Real failure modes that bite people on engagements. Most are recoverable; a few are reputation-damaging.
- It’s a wrapper around port discovery + Nmap. The Nmap part is what takes time — RustScan only speeds up the discovery phase.
- Adaptive batch sizing can spam fragile targets — set
-b 1000on production prod. - Output formats limited compared to Nmap. Use Nmap directly when you need XML/JSON for reporting tools.
Modern alternatives in 2026
The ecosystem moves fast. These are tools you should at least be aware of:
- Naabu — slower but cleaner pipe ergonomics.
- Masscan — for internet-scale.
- Nmap — when you need everything.
India context and engagement notes
For first-pass scanning: rustscan -a target.com -- -sV -sC gets you 80% of what an Nmap full-scan returns, in 1/10 the wall-clock time. CERT-In reports still expect the Nmap XML output, so finalize with that.
⚖️ Legal: Use only on systems you own or have explicit written authorisation to test. In India, unauthorised access is punishable under Section 66 of the IT Act, 2000 (up to 3 years imprisonment + fine). Pair every engagement with a signed Statement of Work or Rules of Engagement before running anything from this page.
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.