{"id":48924260,"url":"https://github.com/assassin-marcos/portwave","last_synced_at":"2026-04-30T01:07:46.189Z","repository":{"id":351911657,"uuid":"1212955897","full_name":"assassin-marcos/portwave","owner":"assassin-marcos","description":"Ultra-fast hybrid IPv4/IPv6 port scanner with adaptive concurrency, banner grab, TLS sniff, and built-in httpx + nuclei recon pipeline — written in async Rust.","archived":false,"fork":false,"pushed_at":"2026-04-19T19:16:57.000Z","size":507,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-19T20:36:24.037Z","etag":null,"topics":["async","bug-bounty","cybersecurity","fast-port-scanner","httpx","ipv6","ipv6-scanner","masscan-alternative","network-scanner","nuclei","offensive-security","pentesting","port-scanner","port-scanning","recon-tool","reconnaissance","red-team","rust","rustscan-alternative","security-tools"],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/assassin-marcos.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-16T22:43:16.000Z","updated_at":"2026-04-19T19:17:01.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/assassin-marcos/portwave","commit_stats":null,"previous_names":["assassin-marcos/portwave"],"tags_count":42,"template":false,"template_full_name":null,"purl":"pkg:github/assassin-marcos/portwave","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/assassin-marcos%2Fportwave","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/assassin-marcos%2Fportwave/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/assassin-marcos%2Fportwave/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/assassin-marcos%2Fportwave/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/assassin-marcos","download_url":"https://codeload.github.com/assassin-marcos/portwave/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/assassin-marcos%2Fportwave/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32208480,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-24T03:15:14.334Z","status":"ssl_error","status_checked_at":"2026-04-24T03:15:11.608Z","response_time":64,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["async","bug-bounty","cybersecurity","fast-port-scanner","httpx","ipv6","ipv6-scanner","masscan-alternative","network-scanner","nuclei","offensive-security","pentesting","port-scanner","port-scanning","recon-tool","reconnaissance","red-team","rust","rustscan-alternative","security-tools"],"created_at":"2026-04-17T06:06:21.883Z","updated_at":"2026-04-30T01:07:46.183Z","avatar_url":"https://github.com/assassin-marcos.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# portwave\n\n**Fast IPv4/IPv6 port scanner with built-in HTTP(S) enrichment, SSL recon, and nuclei — one binary, no subprocess chain.**\n\n[![License: MIT](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)\n[![Rust](https://img.shields.io/badge/rust-stable-orange.svg)](https://www.rust-lang.org/)\n[![Platform](https://img.shields.io/badge/platform-linux%20%7C%20macos%20%7C%20windows-lightgrey.svg)]()\n[![X / Twitter](https://img.shields.io/badge/DM-%40assassin__marcos-1da1f2.svg)](https://twitter.com/assassin_marcos)\n\n```\n _\n _ __ ___ _ __| |___ ____ __ _____\n | '_ \\ / _ \\| '__| __\\ \\ /\\ / / _` |\\ / / _ \\\n | |_) | (_) | | | |_ \\ V V / (_| | V / __/\n | .__/ \\___/|_| \\__| \\_/\\_/ \\__,_|\\_/ \\___|\n |_| portwave · by assassin_marcos\n```\n\nTakes IPs, CIDRs, ranges, domains, or ASNs — mixed freely. Wildcard-DNS pre-filter, parallel resolution, adaptive Phase-A scan, native HTTP(S) probe, SSL/SAN recon, nuclei. Resume-safe, diff-aware, single static binary.\n\n---\n\n## Install\n\n```bash\n# Linux / macOS\ngit clone https://github.com/assassin-marcos/portwave \u0026\u0026 cd portwave \u0026\u0026 bash install.sh\n\n# Windows\ngit clone https://github.com/assassin-marcos/portwave; cd portwave; powershell -ExecutionPolicy Bypass -File .\\install.ps1\n\n# Self-manage\nportwave -u # install latest\nportwave -c # check for updates\nportwave -X # uninstall\n```\n\n---\n\n## Quickstart\n\nFirst positional is a **folder name** for results (`./scans/\u003cfolder\u003e/`).\n\n```bash\nportwave scan 1.2.3.4 # one IP\nportwave scan 203.0.113.0/24 # CIDR\nportwave scan -d example.com # domain (CDN auto-skip)\nportwave scan -d \"a.site.com,b.site.com\" # multiple\nsubfinder -d target.com -silent | portwave bb -i - # subdomains via stdin\nportwave scan -a AS13335 --ipv4-only # full ASN, v4 only\nportwave scan 203.0.113.0/24 -p 22,80,443 # custom ports\nportwave scan x -i list.txt --top-ports 100 # mixed targets, top-100\nportwave big -a AS99999 --max-scan-time 30m --max-pps 200 # rate-limited\n```\n\nDefaults are tuned for fast + accurate. No flags needed for most scans.\n\n---\n\n## Pipeline\n\n```\n0. DNS / wildcard filter — resolve domains in parallel; collapse wildcard zones\n1. Phase A — adaptive TCP connect (2000→3000 workers, 800 ms timeout, retry 1)\n2. Phase B — banner grab + TLS sniff (pipelined with Phase A)\n3. Pass-C — native HTTP(S) probe (HTTP/2, title, redirects, lenient TLS)\n4. SSL recon — handshake reuse from Pass-C → SAN + issuer extraction\n5. nuclei — template-driven vulnscan on HTTP candidates (if installed)\n```\n\nHTTP/2 via ALPN, permissive TLS (bundled OpenSSL — accepts self-signed, expired, hostname-mismatched, malformed certs so the scanner sees responses, not handshake errors).\n\n**Domains.** Resolved in parallel via hickory DNS (15 trusted upstreams). Wildcard zones (`*.example.com → 1.2.3.4`) are detected by 3 random-label probes per parent suffix and collapsed to one representative — typically skips ~90 % of DNS work on big subdomain lists. Domains landing on a known CDN edge (Cloudflare, Akamai, Fastly, CloudFront, Gcore, Imperva, etc.) are skipped — override with `--allow-cdn`. Refresh CDN list with `portwave --refresh-cdn`.\n\n---\n\n## Output (`./scans/\u003cfolder\u003e/`)\n\n| File | Contents |\n|---|---|\n| `open_ports.jsonl` | One JSON per open port — ip, port, protocol, banner, title, final_url, cdn |\n| `enrichment_results.txt` | `URL [status] [length] [title]` per HTTP target |\n| `http_targets.txt` | URL list fed to nuclei |\n| `ssl_findings.txt` | `[ssl-dns-names]` lines per unique cert (nuclei-ssl format) |\n| `ssl_root_domains.txt` | Unique eTLD+1 domains aggregated across SAN entries |\n| `nuclei_results.txt` | nuclei findings |\n| `scan_summary.json` | Totals + timings + per-protocol/per-port/per-CDN counts |\n| `scan_diff.json` | New / closed opens vs the last run in this folder |\n| `domains.json` / `origin_domains.txt` | Domain resolution + CDN tagging (when `-d`/`-i` used) |\n\n```\n--- OPEN PORTS (8 total across 1 host) ---\n example.com → 203.0.113.5\n :22 [ssh]\n :80 [http] HTTP/1.1 301 Moved Permanently · \"301 Moved Permanently\"\n :443 [https] HTTP/1.1 200 OK · \"Acme Dashboard\"\n─── enrichment 2 target(s) · 0.35s ✓ 2 responding · 1 2xx · 1 3xx\n─── ssl recon 1 unique cert · 0.00s → ssl_findings.txt\n```\n\n---\n\n## IPv6\n\nA `/64` is 2⁶⁴ addresses. Exhaustive scanning is impossible.\n\n- Any scope \u003e **2²⁰ (≈1 M) hosts** is refused with three bypass options.\n- `--smart-ipv6` replaces ranges \u003e /108 with ~450 RFC-7707 likely-addresses (hexspeak, low-sequential, SLAAC landmarks). `/32` becomes a minute.\n- `--allow-huge-scope` overrides explicitly.\n\n```bash\nportwave gcloud 2a00:1450::/32 --smart-ipv6 --top-ports 10\n```\n\n---\n\n## Common flags\n\nFull list via `portwave -h`. Most-used:\n\n| Flag | Default | Purpose |\n|---|---|---|\n| `-d, --domain` | — | Comma-separated domains |\n| `-i, --input-file` | — | Mixed-target file (`-` for stdin) |\n| `-a, --asn` | — | ASN list, expanded via RIPE stat |\n| `-e, --exclude` | — | Ranges to skip |\n| `-p, --ports` / `--top-ports N` | bundled | Custom ports / top-N from bundled list |\n| `-U, --udp` | off | UDP discovery on well-known ports |\n| `-t, --threads` | 2000 | Phase-A pool (adaptive grows to 3000 / 1.5×) |\n| `-T, --timeout-ms` | 800 | Phase-A connect timeout |\n| `-r, --retries` | 1 | Retries on Phase-A timeouts |\n| `--enrich-timeout-ms` | 1500 | Phase-B banner timeout |\n| `-C, --probe-concurrency` | 150 | HTTP probe concurrency |\n| `--no-follow-redirects` | follow | Disable 3-hop redirect chain |\n| `--no-enrich` / `--no-banner` / `--no-tls-sniff` | all on | Disable Phase-B/C steps |\n| `--no-ssl-scan` | on | Skip SAN/issuer extraction |\n| `--no-wildcard-filter` | on | Resolve every input even on wildcard zones |\n| `--no-nuclei` | on | Skip nuclei |\n| `--ipv4-only` / `--ipv6-only` | both | Family filter |\n| `--smart-ipv6` / `--allow-huge-scope` | off | IPv6 scope handling |\n| `--allow-cdn` | skip | Scan CDN-fronted domains too |\n| `--max-pps` / `--max-scan-time` | — | Packet-rate / wallclock cap |\n| `--dry-run` | — | Print scan plan + exit |\n| `-n, --no-resume` | resume | Wipe prior artefacts, start fresh |\n| `-o, --output-dir` | `./scans` | Output root |\n| `-w, --webhook` `--webhook-on-diff-only` | — | POST summary on completion |\n| `--json-out` | — | NDJSON to stdout |\n| `-q, --quiet` | — | `--no-art --no-update-check` |\n| `-u` / `-c` / `-X` / `--refresh-cdn` | — | Self-management |\n\n---\n\n## Limitations\n\n- TCP-connect only (no SYN scan — no raw sockets, no root)\n- No service-version fingerprinting past 9-label protocol classify (chain `nmap -sV` if needed)\n- No IDS evasion (no decoys, fragments, source spoofing)\n- No ICMP host-discovery pre-flight\n- No passive subdomain enumeration — pair with `subfinder -silent | portwave -i -`\n\n---\n\n## FAQ\n\n**`cdn:fastly` next to a port?** The IP is in a published CDN edge range. The port belongs to the CDN, not the origin. `--allow-cdn` to scan anyway.\n\n**Heavy `local_err` / adaptive shrinks on macOS?** Your shell's FD soft limit is too low (default 256 from `launchctl`). Run `ulimit -n 65535` before portwave, or upgrade — recent versions auto-target the kernel ceiling.\n\n---\n\n## License / Contact\n\nMIT. Developed by [**@assassin_marcos**](https://twitter.com/assassin_marcos). Issues + PRs at https://github.com/assassin-marcos/portwave/issues. **nuclei** ([ProjectDiscovery](https://github.com/projectdiscovery/nuclei)) is resolved at scan time via `PATH` or `$PORTWAVE_NUCLEI_BIN`.\n\n**Disclaimer:** Security-research tool. **Only scan systems you own or have written permission to test.**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fassassin-marcos%2Fportwave","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fassassin-marcos%2Fportwave","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fassassin-marcos%2Fportwave/lists"}