🔥
Red Team
  • Welcome
    • About
  • Methodologies & Resources
    • Enumeration
    • Gaining Access
    • Payloads
    • Cheat Sheets
      • Transferring Files
      • Privilege Escalation
        • Linux
          • Scripts
            • Bruteforce su
        • Windows
          • Recon Scripts
      • LFI / RFI
      • Buffer Overflow
        • Fuzzers
      • Command Injection
      • Credential Harvesting
      • Password Attacks
      • Command Injection
      • SQL Injection
      • Bypass File Upload
      • Burp
      • Static Binaries
      • File Info Gathering & Script Abuse
      • Credential Gathering & Cracking
      • Other Cheat sheets
      • Lateral Movement and Pivoting
      • Vulnerabilities Seen
      • Active Directory
      • Web
      • Enumeration & Brute Force
  • Walkthroughs
    • Tryhackme
      • Hydra
        • Container Vulnerabilities
      • Blue
      • Steel Mountain
      • Alfred
      • HackPark
      • Game Zone
      • Skynet
      • Daily Bugle
      • Overpass 2 - Hacked
      • Relevant
      • Internal
      • Buffer Overflow Prep
      • File Inclusion
      • Brainstorm
      • Gatekeeper
      • Brainpan 1
      • Upload Vulnerabilities
      • Pickle Rick
      • John The Ripper
      • Attacktive Directory
      • Weaponization
      • Attacking Kerberos
      • Post-Exploitation Basics
      • Common Linux Privesc
      • Linux PrivEsc
      • Basic Pentesting
      • Net Sec Challenge
      • Linux Privilege Escalation
      • Windows Privilege Escalation
      • Password Attacks
      • The Lay of the land
      • Enumeration
      • Windows Local Persistence
      • Lateral Movement and Pivoting
      • Bypassing UAC
      • Hacking with PowerShell
      • Corp
      • Mr Robot CTF
      • Retro
      • Breaching Active Directory
      • Enumerating Active Directory
      • Exploiting Active Directory
      • Persisting Active Directory
      • Credentials Harvesting
      • Red Team Capstone Challenge
      • Crack the hash
      • Ice
      • Bounty Hunter
      • Agent Sudo
      • LazyAdmin
      • Wgel CTF
      • Cyborg
      • Year of the Rabbit
      • Brute It
      • Lian_Yu
      • ToolsRus
      • Chill Hack
      • Bolt
      • source
      • Brooklyn Nine Nine
      • Anthem
      • GamingServer
      • Chocolate Factory
      • Archangel
      • Easy Peasy
      • ColddBox: Easy
      • Fowsniff CTF
      • Blaster
      • The Cod Caper
      • SQL Injection Lab
      • Agent T
      • Avengers Blog
      • Mustacchio
      • Team
      • Tech_Supp0rt: 1
      • Gallery
      • Jack-of-All-Trades
      • Mother's Secret
      • Traverse
      • Anonforce
      • Dav
      • Thompson
      • VulnNet: Internal
      • Library
      • Flatline
      • b3dr0ck
      • Lesson Learned?
      • Opacity
      • Plotted-TMS
      • GLITCH
      • Hacker vs. Hacker
      • Valley
      • magician
      • HeartBleed
      • Expose
      • dogcat
      • Madeye's Castle
        • Old Madeye's Castle
      • Startup
      • Overpass
      • 0day
      • Mindgames
      • HaskHell
      • Annie
      • ContainMe
      • Develpy
      • Watcher
      • Spring
      • Anonymous
      • Boiler CTF
      • Wonderland
      • Blog
      • Biohazard
      • UltraTech
      • The Marketplace
      • CMesS
      • FINISH - Linux Agency
      • Road
      • Tokyo Ghoul
      • GoldenEye
      • Oh My WebServer
      • HA Joker CTF
      • Ollie
      • Looking Glass
      • VulnNet
      • Olympus
      • Wekor
      • Bookstore
      • biteme
      • CMSpit
      • Peak Hill
      • SQHell
      • Zeno
      • ffuf
      • Burp Suite: Repeater
      • Burp Suite: Intruder
      • Burp Suite: Other Modules
      • Burp Suite: Extensions
      • Linux PrivEsc Arena
      • tomghost
      • The Docker Rodeo
      • Empline
      • The Great Escape
      • VulnNet: Active
      • battery
      • Hip Flask
      • TryHack3M: Bricks Heist
      • One Piece
      • Inferno
      • Kitty
      • AVenger
      • Umbrella
      • Stealth
      • Athena
      • Napping
      • CyberLens
      • Obscure
      • Wordpress: CVE-2021-29447
      • File Inclusion, Path Traversal
      • NoSQL Injection
      • Advanced SQL Injection
      • XXE Injection
      • LDAP Injection
      • XSS
      • DOM-Based Attacks
      • CSRF
      • TryHack3M: Sch3Ma D3Mon
      • PrintNightmare
      • GitLab CVE-2023-7028
      • Python for Pentesters
      • PowerShell for Pentesters
      • Web Enumeration
      • Holo
      • Linux: Local Enumeration
      • Linux Process Analysis
      • Windows Network Analysis
      • Bypass
      • CVE-2023-38408
      • SQLMAP
      • Deja Vu
      • SSTI
      • DNS Manipulation
      • Linux Backdoors
      • Linux Modules
      • RustScan
      • Windows PrivEsc
      • Windows PrivEsc Arena
      • Wreath
Powered by GitBook
On this page
  • Scanning Time!
  • Multiple IP Scanning
  • Host Scanning
  • CIDR support
  • Hosts file as input
  • Individual Port Scanning
  • Multiple selected port scanning
  • Ranges of ports
  • Adjusting the Nmap arguments
  • Random Port Ordering
  • Answer the questions
  1. Walkthroughs
  2. Tryhackme

RustScan

PreviousLinux ModulesNextWindows PrivEsc

Last updated 5 months ago

Room Link:

Scanning Time!

The tool is really amazing in terms of scanning. It can scan all the ports really fast and then pipe the output to the Nmap. Now in this room, we'll scan our vulnerable machine. Basic format for RustScan is rustscan -r ports -a <Target-ip> -- <nmap cmds> Here's a full list of things you can do.

Multiple IP Scanning

You can scan multiple IPs using a comma-separated list like so:

rustscan -a 127.0.0.1,0.0.0.0

Host Scanning

RustScan can also scan hosts, like so:

➜ rustscan -a www.google.com, 127.0.0.1
Open 216.58.210.36:1
Open 216.58.210.36:80
Open 216.58.210.36:443
Open 127.0.0.1:53
Open 127.0.0.1:631

CIDR support

RustScan supports CIDR:

➜ rustscan -a 192.168.0.0/30

Hosts file as input

The file is a new line separated list of IPs / Hosts to scan:

hosts.txt

192.168.0.1
192.168.0.2
google.com
192.168.0.0/30
127.0.0.1

The argument is:

rustscan -a 'hosts.txt'

Individual Port Scanning

RustScan can scan individual ports, like so:

➜ rustscan -a 127.0.0.1 -p 53
53

Multiple selected port scanning

You can input a comma-separated list of ports to scan:

➜ rustscan -a 127.0.0.1 -p 53,80,121,65535
53

Ranges of ports

To scan a range of ports:

To run:

➜ rustscan -a 127.0.0.1 --range 1-1000    
53,631

Adjusting the Nmap arguments

RustScan, at the moment, runs Nmap by default.

You can adjust the arguments like so:

rustscan -a 127.0.0.1 -- -A -sC

To run:

nmap -Pn -vvv -p $PORTS -A -sC 127.0.0.1

Random Port Ordering

If you want to scan ports in a random order (which will help with not setting off firewalls) run RustScan like this:

➜ rustscan -a 127.0.0.1 --range 1-1000 --scan-order "Random"
53,631

Answer the questions

After scanning this, how many ports do we find open under 1000?

Kali

rustscan -a $VICTIM
2

Perform a service version detection scan, what is the version of the software running on port 22?

Kali

rustscan -a $VICTIM  -p 22 -- -A -sC
6.6.1p1

Perform an aggressive scan, what flag isn't set under the results for port 80?

Kali

rustscan -a $VICTIM  -p 80 -- -A -sC
httponly
https://tryhackme.com/r/room/rustscan