{"id":13398393,"url":"https://github.com/OffensivePython/Nscan","last_synced_at":"2025-03-14T02:31:19.143Z","repository":{"id":26601012,"uuid":"30055957","full_name":"OffensivePython/Nscan","owner":"OffensivePython","description":"Nscan: Fast internet-wide scanner","archived":false,"fork":false,"pushed_at":"2015-02-23T08:48:31.000Z","size":489,"stargazers_count":525,"open_issues_count":3,"forks_count":153,"subscribers_count":39,"default_branch":"master","last_synced_at":"2024-07-31T19:16:04.664Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OffensivePython.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-01-30T04:20:57.000Z","updated_at":"2024-07-25T02:35:39.000Z","dependencies_parsed_at":"2022-09-25T04:20:59.599Z","dependency_job_id":null,"html_url":"https://github.com/OffensivePython/Nscan","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OffensivePython%2FNscan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OffensivePython%2FNscan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OffensivePython%2FNscan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OffensivePython%2FNscan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OffensivePython","download_url":"https://codeload.github.com/OffensivePython/Nscan/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243511660,"owners_count":20302595,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-30T19:00:24.666Z","updated_at":"2025-03-14T02:31:18.706Z","avatar_url":"https://github.com/OffensivePython.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# Nscan\nNscan is a fast Network scanner optimized for internet-wide scanning purposes and inspired by Masscan and Zmap. It has it's own tiny TCP/IP stack and uses Raw sockets to send TCP SYN probes. It doesn't need to set SYN Cookies so it doesn't wastes time checking if a received packet is a result of it's own scan, that makes Nscan faster than other similar scanners.\n\nNscan has a cool feature that allows you to extend your scan by chaining found ip:port to another scripts where they might check for vulnerabilities, exploit targets, look for Proxies/VPNs... \n\nNscan is a free tool, but consider donating here: 1Gi5Rpz5RBEUpGknSwyRgqzk7b5bQ7Abp2\n\n# Getting Nscan to work\n\nInstalling Nscan on Debian/Ubuntu boxes:\n```\n$ git clone https://github.com/OffensivePython/Nscan\n$ cd Nscan/latest\n$ chmod +x nscan.py\n```\n\nCheck if Nscan executes\n```\n$ ./nscan.py\nUsage: \nnscan.py x.x.x.x/x [options]\nnscan.py iface load/unload : Load/Unload Nscan alias interface\nnscan.py resume filename.conf: resume previous scan\n\n\nOptions:\n  -h, --help            show this help message and exit\n  -s STYPE              Scan type S:SYN U:UDP (default=S)\n  -p PORTS, --port=PORTS\n                        Port(s) number (e.g. -p21-25,80)\n  -t THREADS, --threads=THREADS\n                        Threads used to send packets (default=1)\n  --import=IMPORTS      Nscan scripts to import (e.g.\n                        --import=ssh_key:22+check_proxy:80-85,8080)\n  -b, --banner          Fetch banners\n  -n COUNT              Number of results to get\n  -o FILE, --output=FILE\n                        Output file\n  -c N,T, --cooldown=N,T\n                        Every N (int) packets sent sleep P (float)\n                        (Default=1000,1)\n```\n\n# Usage\nNscan is simple to use, it works just the way you expect.\n\nIf this your first run, you need to load nscan alias interface before launching a Scan\n```\n$ ./nscan.py iface load\nPress enter key to load nscan alias interface\n\n[....] Running /etc/init.d/networking restart is deprecated because it may not [warnable some interfaces ... (warning).\n[ ok ] Reconfiguring network interfaces...done.\nNscan alias interface loaded: 10.0.2.16\n```\nSimple Scan:\n-----------\nTo scan your local network for port 22,80:\n```\n$ ./nscan.py 192.168.0.0/16 -p22,80\n\n    _   __                    \n   / | / /_____________ _____ \n  /  |/ / ___/ ___/ __ `/ __ \\\n / /|  (__  ) /__/ /_/ / / / /\n/_/ |_/____/\\___/\\__,_/_/ /_/ \n@OffensivePython             1.0\nURL: https://github.com/OffensivePython/Nscan\n\nScanning [192.168.0.0 -\u003e 192.169.0.0] (65536 hosts/2 ports)\n[MAIN] Starting the scan (Fri Jan 30 07:11:02 2015)\n...\n```\nThis scans the 65536 hosts in your local network\nScanning the Entire Internet:\n----------------------------\nScan the entire IPv4 address space for port 80\n```\n$ ./nscan.py 0.0.0.0/0 -p80\n```\n\nMultithreading the scan:\n-----------------------\nuse '-t' to specify how many sending thread you want to use, it decreases the elapsed time of the scan by n times:\n```\n$ ./nscan.py 192.168.0.0/16 -p3389,5900-5910 -t3 \n```\nThis splits the 65536 hosts in 3 ranges (3 threads), every thread is going to scan 21845 host\n\nGrabbing banners and saving logs in a file:\n----------------------------------------\nuse '-b' to grab banners and '-o' to save logs in a file\n```\n$ ./nscan.py 192.168.0.0/16 -p3389,5900-5910 -t3 -b -o nscan.log\n```\n\nScanning to find N results:\n----------------------------\nIn order to stop the scan after receiving 10 results:\n```\n$ ./nscan.py 192.168.0.0/16 -p443 -b -n10\n```\n\nImporting Nscripts:\n-------------------\nTo import Nscripts, use '--import' with filename (without extension '.py') and specify the port and/or range of ports\n```\n$ ./nscan.py xxx.xxx.161.152/24 -p1080 --import=proxy:1080\n\n    _   __                    \n   / | / /_____________ _____ \n  /  |/ / ___/ ___/ __ `/ __ \\\n / /|  (__  ) /__/ /_/ / / / /\n/_/ |_/____/\\___/\\__,_/_/ /_/ \n@OffensivePython             1.0\nURL: https://github.com/OffensivePython/Nscan\n\nScanning [xxx.xxx.161.152 -\u003e xxx.xxx.162.0] (104 hosts/1 ports)\n[MAIN] Starting the scan (Fri Jan 30 09:14:14 2015)\n[SEND] Sent: 104 packets\n[RECV] Received: 7 packets\n[MAIN] xxx.xxx.161.152:1080\n[MAIN] xxx.xxx.161.173:1080\n[MAIN] xxx.xxx.161.195:1080\n[MAIN] xxx.xxx.161.196:1080\n[MAIN] xxx.xxx.161.194:1080\n[MAIN] xxx.xxx.161.239:1080\n[MAIN] xxx.xxx.161.193:1080\n[PROXY] xxx.xxx.161.152:1080 | SOCKS4\n[PROXY] xxx.xxx.161.195:1080 | SOCKS4\n[PROXY] xxx.xxx.161.196:1080 | SOCKS4\n[PROXY] xxx.xxx.161.194:1080 | SOCKS4\n[PROXY] xxx.xxx.161.193:1080 | SOCKS4\n[MAIN] Packets sent in 0.0 minutes\n[MAIN] Total elapsed time: 0.7 minutes\n[MAIN] Done (Fri Jan 30 09:14:58 2015)\n```\nEvery ip has the port 1080 open, will be chained to the Nscript proxy, which checks if a SOCKS service is running behind it.\n\nThis will chain every ip:port that has the port 1080,3127,3128,3129 open:\n```\n$ ./nscan.py xxx.xxx.xxx.xxx/xx -p8080,1080,3127-3129 --import=proxy:1080,3127-3129\n```\nP.S: Port 8080 will not be chained to the script, since it's not specified\n\nSuspending/Resuming a Scan:\n---------------------------\nIf you have a large range of hosts to scan, and your bandwidth can't finish the scan really quick, You can suspend a scan and resume it later where it's stopped.\n\nTo suspend a running scan, hit [CTRL]+C, Nscan will save where it's paused in 'resume.conf'.\nThe resume configuration file looks something like this:\n```\n$ cat resume.conf\n[NSCAN]\nhosts = [167772160, 184549376L]\nports = [[80, 81]]\nthreads = 1\nimports = None\nbanner = True\ncount = None\noutput = None\nindexes = [(16777216L, 4194304L, -249, 16776967L, 249)]\ncooldown = (1000, 1.0)\n```\nTo resume a previous scan, simply type:\n```\n$ ./nscan.py resume resume.conf\n```\n\nCooling Down the Transfer rate:\n-------------------------------\nThis is a very important option to regulate Nscan with your bandwidth, If you don't choose this properly, Nscan will probably knock off your router and force it to restart since it sends more traffic than your router could handle.\nYou can specify the number of packets that needs to be sent before Nscan should cool down and sleep for a while\n```\n$ ./nscan.py 10.0.0.0./16 -p21-25,8080 --cooldown=100,0.1\n```\nThis tells Nscan, \"for every 100 packets sent, sleep for 0.1 second(s)\"\nP.S: The size of one packet is 54 bytes\n\nIf you have a gigabit Ethernet connection, you probably want to disable this:\n```\n$ ./nscan.py 0.0.0.0./0 -p21-25,8080 --cooldown=[ANY],0\n```\n\n# Write your Own Nscripts\nEvery nscan script should have a run() function, that takes two arguments:\n\nqueue: queue where your script receives ip:port\n\nevent: This tells your script that Nscan is completed the scan, and waiting for your script to finsish before it exits\n\nMake sure that your script is under '~/nscan/nscripts' folder.\n\nEvery Nscript has this simple skeleton:\n```Python\nimport Queue\nimport logging\n# Import any module you need here\n\ndef run(queue, event):\n    while True:\n        if queue.empty() and event.isSet():\n            # If the Scan is completed and the queue is empty (no more results)\n            break\n        else:\n            try:\n                ip, port = queue.get(False, TIMEOUT) # Should be non-blocking\n                # Do something useful with IP:PORT\n            except KeyboardInterrupt: # Scan suspended, should exit\n                break\n            except Queue.Empty: # No results\n                pass\n                \n```\nUse the logging module to output your results:\n```\nSCRIPT = 'MYSCRIPT'\nlogging.info('[{}] {}:{} | {}'.format(SCRIPT, IP, PORT, 'MY RESULTS'))\n```\n\n# Contribute and Share your Nscripts:\nTips, Requests, Improvements to make Nscan more stable and faster are always welcome.\n\nIf you want to share your Nscripts with everybody, tweet me at @OffensivePython #Nscan with a link of your script, and i will add it under the nscript folder here\n\n# CHANGELOG:\n  * UDP Scan Support\n  * PPP interfaces Support\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOffensivePython%2FNscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FOffensivePython%2FNscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOffensivePython%2FNscan/lists"}