██████╗ ███╗ ███╗ █████╗ ██████╗
██╔══██╗████╗ ████║██╔══██╗██╔══██╗
██████╔╝██╔████╔██║███████║██████╔╝
██╔══██╗██║╚██╔╝██║██╔══██║██╔═══╝
██║ ██║██║ ╚═╝ ██║██║ ██║██║
╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═╝╚═╝
sehr quick network scanner built in Rust.
A fast, async TCP/UDP port scanner with service detection, OS fingerprinting, SSL certificate extraction, and more. Built on tokio for high-concurrency scanning with a clean terminal UI.
- Async TCP & UDP scanning — powered by tokio with configurable concurrency (up to 8000 simultaneous connections)
- Service/banner detection — grabs banners and identifies running services
- OS fingerprinting — TTL analysis + banner/port heuristics
- SSL/TLS certificate extraction — subject, issuer, validity, SANs
- Reverse DNS lookup
- Ping sweep — discover live hosts before scanning
- CIDR & IP range support — scan entire subnets (
192.168.1.0/24,10.0.0.1-50) - Timing profiles — T1 (sneaky) through T5 (insane)
- Multiple output formats — JSON, XML, CSV, TXT
- Target exclusion — by IP, CIDR, or file
- Rate limiting — configurable max connections per second
git clone https://github.com/aidanmcconnon/rmap.git
cd rmap
cargo build --releaseThe binary will be at target/release/rmap.
# Scan a single host (top ~1100 ports)
rmap 192.168.1.1
# Scan specific ports
rmap 192.168.1.1 -p 22,80,443
# Scan a port range
rmap 192.168.1.1 -p 1-1024
# Scan all 65535 ports
rmap 192.168.1.1 -p all
# Scan a subnet
rmap 192.168.1.0/24
# Full scan with all detections
rmap 192.168.1.1 -p top -S -O --ssl --rdns
# Fast aggressive scan
rmap 10.0.0.1 -T5 -p 1-65535
# Scan with UDP
rmap 192.168.1.1 -U
# Ping sweep then scan
rmap 192.168.1.0/24 --ping
# Save results
rmap 192.168.1.1 -o results.json
rmap 192.168.1.1 -o results.xml
rmap 192.168.1.1 -o results.csv
# Quiet mode (parseable output)
rmap 192.168.1.1 -q
# Exclude targets
rmap 192.168.1.0/24 --exclude 192.168.1.1,192.168.1.254
# Rate-limited scan
rmap 10.0.0.0/24 --rate 500| Flag | Description | Default |
|---|---|---|
-p, --ports |
Port spec: single, range, list, top, or all |
top |
-c, --concurrency |
Max concurrent connections | 2000 |
-t, --timeout-ms |
Connection timeout (ms) | 1500 |
-T, --timing |
Timing profile: 1-5 | 4 |
-S, --service-detect |
Service/banner detection | off |
-O, --os-detect |
OS fingerprinting | off |
-U, --udp |
UDP scan | off |
--ssl |
SSL/TLS certificate extraction | off |
--rdns |
Reverse DNS lookup | off |
--ping |
Ping sweep before scanning | off |
--randomize |
Randomize port scan order | off |
--rate |
Max connections/sec (0 = unlimited) | 0 |
--exclude |
Exclude targets (comma-separated) | |
--exclude-file |
File with targets to exclude | |
-o, --output |
Save results (.json/.xml/.csv/.txt) | |
-q, --quiet |
Quiet mode — only print results | off |
-4, --ipv4 |
IPv4 only | off |
-6, --ipv6 |
IPv6 only | off |
| Profile | Concurrency | Timeout |
|---|---|---|
| T1 — sneaky | 50 | 5000ms |
| T2 — polite | 200 | 3000ms |
| T3 — normal | 800 | 2000ms |
| T4 — aggressive | 2000 | 1500ms |
| T5 — insane | 8000 | 800ms |
MIT