{"id":13635104,"url":"https://github.com/kongbytes/arp-scan-rs","last_synced_at":"2026-02-20T12:32:20.131Z","repository":{"id":52138807,"uuid":"365042579","full_name":"kongbytes/arp-scan-rs","owner":"kongbytes","description":"A minimalistic ARP scan tool written in Rust for fast local network scans","archived":false,"fork":false,"pushed_at":"2025-11-18T15:24:05.000Z","size":191,"stargazers_count":151,"open_issues_count":2,"forks_count":22,"subscribers_count":3,"default_branch":"master","last_synced_at":"2026-02-16T00:35:50.253Z","etag":null,"topics":["arp","network","networking","rust","scanner","scans","security-tools"],"latest_commit_sha":null,"homepage":"https://kongbytes.io/docs/arp-scan","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kongbytes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-05-06T21:33:52.000Z","updated_at":"2026-02-02T04:16:25.000Z","dependencies_parsed_at":"2024-01-18T00:45:41.317Z","dependency_job_id":null,"html_url":"https://github.com/kongbytes/arp-scan-rs","commit_stats":null,"previous_names":["saluki/arp-scan-rs"],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/kongbytes/arp-scan-rs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kongbytes%2Farp-scan-rs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kongbytes%2Farp-scan-rs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kongbytes%2Farp-scan-rs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kongbytes%2Farp-scan-rs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kongbytes","download_url":"https://codeload.github.com/kongbytes/arp-scan-rs/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kongbytes%2Farp-scan-rs/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29650865,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-20T09:27:29.698Z","status":"ssl_error","status_checked_at":"2026-02-20T09:26:12.373Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arp","network","networking","rust","scanner","scans","security-tools"],"created_at":"2024-08-02T00:00:40.733Z","updated_at":"2026-02-20T12:32:20.095Z","avatar_url":"https://github.com/kongbytes.png","language":"Rust","readme":"# ARP scanner CLI\n\n[![Build Status](https://saluki.semaphoreci.com/badges/arp-scan-rs/branches/master.svg?style=shields)](https://saluki.semaphoreci.com/projects/arp-scan-rs)\n[![dependency status](https://deps.rs/repo/github/Saluki/arp-scan-rs/status.svg)](https://deps.rs/repo/github/Saluki/arp-scan-rs)\n![crates.io](https://img.shields.io/crates/v/arp-scan.svg)\n\nFind all hosts in your local network using this fast ARP scanner. The CLI is written in Rust and provides a minimal scanner that finds all hosts using the ARP protocol. Inspired by the awesome [arp-scan project](https://github.com/royhills/arp-scan).\n\n✔ Minimal Rust binary \u0026 fast ARP scans\n\n✔ Scan customization (ARP, timings, interface, DNS, ...)\n\n✔ MAC vendor search\n\n✔ JSON, YAML \u0026 CSV exports\n\n✔ Pre-defined scan profiles (default, fast, stealth \u0026 chaos)\n\n## Examples\n\nStart by listing all network interfaces on the host.\n\n```bash\n# List all network interfaces\n$ arp-scan -l\n\nlo                   ✔ UP      00:00:00:00:00:00    127.0.0.1/8\nenp3s0f0             ✔ UP      4f:6e:cd:78:bb:5a    \nenp4s0               ✖ DOWN    d0:c5:e9:40:00:4a    \nwlp1s0               ✔ UP      d2:71:d8:29:a8:72    192.168.1.21/24\ndocker0              ✔ UP      49:fd:cd:60:73:77    172.17.0.1/16\nbr-fa6dc54a91ee      ✔ UP      61:ab:c1:a7:50:79    172.18.0.1/16\n\nFound 6 network interfaces, 5 seems up for ARP scan\nDefault network interface will be wlp1s0\n\n```\n\nPerform a default ARP scan on the local network with safe defaults.\n\n```bash\n# Perform a scan on the default network interface\n$ arp-scan\n\nSelected interface wlp1s0 with IP 192.168.1.21/24\nEstimated scan time 2068ms (10752 bytes, 14000 bytes/s)\nSending 256 ARP requests (waiting at least 800ms, 0ms request interval)\n\n| IPv4            | MAC               | Hostname     | Vendor       |\n|-----------------|-------------------|--------------|--------------|\n| 192.168.1.1     | 91:10:fb:30:06:04 | router.home  | Vendor, Inc. |\n| 192.168.1.11    | 45:2e:99:bc:22:b6 | host-a.home  |              |\n| 192.168.1.15    | bc:03:c2:92:47:df | host-b.home  | Vendor, Inc. |\n| 192.168.1.18    | 8d:eb:56:17:b8:e1 | host-c.home  | Vendor, Inc. |\n| 192.168.1.34    | 35:e0:6c:1e:e3:fe |              | Vendor, Inc. |\n\nARP scan finished, 5 hosts found in 1.623 seconds\n7 packets received, 5 ARP packets filtered\n\n```\n\n## Getting started\n\nDownload the `arp-scan` binary for Linux (Ubuntu, Fedora, Debian, ...). See the [releases page](https://github.com/Saluki/arp-scan-rs/releases) for other binaries.\n\n```bash\nwget -O arp-scan https://github.com/Saluki/arp-scan-rs/releases/download/v0.13.1/arp-scan-v0.13.1-x86_64-unknown-linux-musl \u0026\u0026 chmod +x ./arp-scan\n```\n\nOptionnaly, fetch the IEEE OUI reference file (CSV format) that contains all MAC address vendors.\n\n```bash\nwget -O /usr/share/arp-scan/ieee-oui.csv http://standards-oui.ieee.org/oui/oui.csv\n```\n\nList all available network interfaces.\n\n```bash\n./arp-scan -l\n```\n\nLaunch a scan on interface `wlp1s0`.\n\n```bash\n./arp-scan -i wlp1s0\n```\n\nEnhance the minimum scan timeout to 5 seconds (by default, 2 seconds).\n\n```bash\n./arp-scan -i wlp1s0 -t 5s\n```\n\nPerform an ARP scan on the default network interface, VLAN 45 and JSON output.\n\n```bash\n./arp-scan -Q 45 -o json\n```\n\n## Options\n\n#### Get help `-h`\n\nDisplay the main help message with all commands and available ARP scan options.\n\n#### List interfaces `-l`\n\nList all available network interfaces. Using this option will only print a list of interfaces and exit the process.\n\n#### Select scan profile `-p stealth`\n\nA scan profile groups together a set of ARP scan options to perform a specific scan. The scan profiles are listed below:\n\n- `default` : default option, this is enabled if the `-p` option is not used\n- `fast` : fast ARP scans, the results may be less accurate\n- `stealth` : slower scans that minimize the network impact\n- `chaos` : randomly-selected values for the ARP scan\n\n#### Select interface `-i eth0`\n\nPerform a scan on the network interface `eth0`. The first valid IPv4 network on this interface will be used as scan target. By default, the first network interface with an `up` status and a valid IPv4 will be selected.\n\n#### Set IPv4 network range `-n 172.17.0.0/24`\n\nBy default, the scan process will select the first IPv4 network on the interface and start a scan on the whole range. With the `--network` option, an IPv4 network can be defined _(this may be used for specific scans on a subset of network targets)_.\n\n#### Set global scan timeout `-t 15s`\n\nEnforce a timeout of at least 15 seconds. This timeout is a minimum value (scans may take a little more time). Default value is `2000ms`.\n\n#### Change ARP request interval `-I 39ms`\n\nBy default, a `10ms` gap will be set between ARP requests to avoid an ARP storm on the network. This value can be changed to reduce or increase the milliseconds between each ARP request.\n\n#### Enforce scan bandwidth limit `-B 1000`\n\nEnforce a bandwidth limit (expressed in bits per second) on ARP scans. The `--bandwidth` option conflicts with `--interval` since these 2 arguments change the same parameter underneath.\n\n#### Numeric mode `--numeric`\n\nSwitch to numeric mode. This will skip the local hostname resolution process and will only display IP addresses.\n\n#### Host retry count `-r 3`\n\nSend 3 ARP requests to the targets (retry count). By default, a single ARP request will be sent to each host.\n\n#### Change source IPv4 `-S 192.168.1.130`\n\nChange or force the IPv4 address sent as source in the broadcasted ARP packets. By default, a valid IPv4 address on the network interface will be used. This option may be useful for isolated hosts and security checks.\n\n#### Change destination MAC `-M 55:44:33:22:11:00`\n\nChange or force the MAC address sent as destination ARP request. By default, a broadcast destination (`00:00:00:00:00:00`) will be set.\n\n#### Change source MAC `-M 11:24:71:29:21:76`\n\nChange or force the MAC address sent as source in the ARP request. By default, the network interface MAC will be used.\n\n#### Randomize target list `-R`\n\nRandomize the IPv4 target list before sending ARP requests. By default, all ARP requests are sent in ascending order by IPv4 address.\n\n#### Use custom MAC OUI file `--oui-file ./my-file.csv`\n\nUse a [custom OUI MAC file](http://standards-oui.ieee.org/oui/oui.csv), the default path will be set to `/usr/share/arp-scan/ieee-oui.csv\"`.\n\n#### Set VLAN ID `-Q 42`\n\nAdd a 802.1Q field in the Ethernet frame. This fields contains the given VLAN ID for outgoing ARP requests. By default, the Ethernet frame is sent without 802.1Q fields (no VLAN).\n\n#### Customize ARP operation ID `--arp-op 1`\n\nChange the ARP protocol operation field, this can cause scan failure.\n\n#### Customize ARP hardware type `--hw-type 1`\n\nChange the ARP hardware type field, this can cause scan failure.\n\n#### Customize ARP hardware address length `--hw-addr 6`\n\nChange the ARP hardware address length field, this can cause scan failure.\n\n#### Customize ARP protocol type `--proto-type 2048`\n\nChange the ARP protocol type field, this can cause scan failure.\n\n#### Customize ARP protocol adress length `--proto-addr 4`\n\nChange the ARP protocol address length field, this can cause scan failure.\n\n#### Set output format `-o json`\n\nSet the output format to either `plain` (a full-text output with tables), `json`, `yaml` or `csv`.\n\n#### Show version `--version`\n\nDisplay the ARP scan CLI version and exits the process.\n\n## Roadmap \u0026 features\n\nThe features below will be shipped in the next releases of the project.\n\n- Make ARP scans faster\n    - with a per-host retry approach\n    - add a back-off factor for retries\n    - ~~by closing the response thread faster~~  - released in 0.8.0\n- ~~Scan profiles (standard, attacker, light, ...)~~ - released in 0.10.0\n- Complete VLAN support\n- ~~Exports (JSON \u0026 YAML)~~ - released in 0.7.0\n- ~~Full ARP packet customization (Ethernet protocol, ARP operation, ...)~~ - released in 0.10.0\n- ~~Time estimations \u0026 bandwidth~~ - released in 0.10.0\n- ~~MAC vendor lookup in the results~~ - released in 0.9.0\n- ~~Fine-grained scan timings (interval)~~ - released in 0.8.0\n- ~~Wide network range support~~ - released in 0.13.0\n- ~~Partial results on SIGINT~~ - released in 0.11.0\n- ~~Read network targets from file~~ - released in 0.12.0\n- Adding advanced packet options (padding, LLC, ...)\n    - add padding bits after ARP payload\n    - support RFC 1042 LLC framing with SNAP\n- ~~Enable bandwith control (exclusive with interval)~~ - released in 0.12.0\n- Stronger profile defaults (chaos \u0026 stealth)\n- Other platforms (Windows, ...)\n- Read targets from *stdout*\n- Change verbose options (for debug, network details, quiet mode, ...)\n- Avoid packet copy in userspace for faster scans (BPF filtering)\n\n## Building the project\n\n#### Linux and Mac\n\nRun the `cargo build` command.\n\n#### Windows\n\nSee [github.com/libpnet/libpnet#windows](https://github.com/libpnet/libpnet#windows).\nIn additional for what they described there, \nfor linking `Packet.lib` you can just place it in the root of this project.\n\n\n## Contributing\n\nFeel free to suggest an improvement, report a bug, or ask something: https://github.com/saluki/arp-scan-rs/issues\n","funding_links":[],"categories":["Applications"],"sub_categories":["Security tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkongbytes%2Farp-scan-rs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkongbytes%2Farp-scan-rs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkongbytes%2Farp-scan-rs/lists"}