Smap is a duplicate of Nmap which makes use of shodan.io’s free API for port scanning. It takes similar command line arguments as Nmap and produces the identical output which makes it a drop-in replacament for Nmap.
Options
- Scans 200 hosts per second
- Would not require any account/api key
- Vulnerability detection
- Helps all nmap’s output codecs
- Service and model fingerprinting
- Makes no contact to the targets
Set up
Binaries
You possibly can obtain a pre-built binary from right here and use it immediately.
Handbook
go set up -v github.com/s0md3v/smap/cmd/[email protected]
Confused or one thing not working? For extra detailed directions, click on right here
AUR pacakge
Smap is accessible on AUR as smap-git (builds from supply) and smap-bin (pre-built binary).
Homebrew/Mac
Smap can be avaible on Homebrew.
brew replace
brew set up smap
Utilization
Smap takes the identical arguments as Nmap however choices aside from -p
, -h
, -o*
, -iL
are ignored. If you’re unfamiliar with Nmap, this is how one can use Smap.
Specifying targets
You may as well use a listing of targets, seperated by newlines.
Supported codecs
1.1.1.1 // IPv4 deal with
instance.com // hostname
178.23.56.0/8 // CIDR
Output
Smap helps 6 output codecs which can be utilized with the -o*
as follows
smap instance.com -oX output.xml
If you wish to print the output to terminal, use hyphen (-
) as filename.
Supported codecs
oX // nmap's xml format
oG // nmap's greppable format
oN // nmap's default format
oA // output in all 3 codecs above without delay
oP // IP:PORT pairs seperated by newlines
oS // customized smap format
oJ // json
Notice: Since Nmap does not scan/show vulnerabilities and tags, that information will not be accessible in nmap’s codecs. Use
-oS
to view that information.
Specifying ports
Smap scans these 1237 ports by default. If you wish to show outcomes for sure ports, use the -p
possibility.
smap -p21-30,80,443 -iL targets.txt
Issues
Since Smap merely fetches existent port information from shodan.io, it’s tremendous quick however there’s extra to it. It is best to use Smap if:
You need
- vulnerability detection
- a brilliant quick port scanner
- outcomes for most typical ports (high 1237)
- no connections to be made to the targets
You might be okay with
- not having the ability to scan IPv6 addresses
- outcomes being as much as 7 days previous
- a couple of false negatives