Rustscan

rustscan --ulimit 2500 -a 10.10.185.105 -- -Pn -sC -sV

  1. rustscan: This is the command to run RustScan, a modern port scanner that is faster than traditional scanners like Nmap. It's designed to perform very fast port scans and then automatically pipe the open ports into Nmap for further analysis.

  2. --ulimit 5000: The --ulimit option in RustScan sets the maximum number of open file descriptors that RustScan can use. File descriptors are used for network sockets, and increasing this limit allows RustScan to perform more network operations in parallel. 5000 is the number of these file descriptors. A higher value leads to faster scanning but requires more system resources and may be blocked by some firewalls or intrusion detection systems.

  3. -a <target ip>: The -a option specifies the target IP address or hostname for RustScan to scan. Replace <target ip> with the actual IP address or hostname of your target.

  4. --: This double dash is used in command line syntax to signify the end of command options. After the --, no more options will be processed for the preceding command (rustscan in this case). This allows the following arguments to be passed to another command.

  5. -Pn: This is an Nmap option that skips the discovery phase. Normally, Nmap starts with a discovery phase to determine which hosts are online, but -Pn tells Nmap to assume the host is online and proceed with scanning. This is useful if the host does not respond to ping requests or if you already know that the host is online.

  6. -sC: This Nmap option runs a script scan using the default set of scripts. It's equivalent to --script=default. These scripts perform a variety of services such as additional enumeration, vulnerability detection, and other useful checks.

  7. -sV: This option enables version detection in Nmap. It tries to determine the version of the services running on open ports discovered during the scan.

Putting it all together:

  • RustScan is used to quickly scan all 65535 ports on the target.
  • The --ulimit 5000 option allows RustScan to perform many operations in parallel for speed.
  • Once RustScan finds open ports, it passes these to Nmap.
  • Nmap then runs (without first checking if the host is up, due to -Pn), performs script scanning with -sC, and tries to determine service versions with -sV.