Kloudle
academy

Scanning IPv6 with RustScan

Riyaz Walikar
#rustscan#cloudsecurity
Feature image

Introduction

RustScan is a fast port scanner capable of scanning both IPv4 and IPv6 networks. The tool also claims to use Adaptive Learning to improve itself over time. This article features a short guide on setting up and using the RustScans port scanning capabilities.

RustScan is the next tool on our list that can be used to scan for IPv6 addresses for open ports and to discover services running on them. RustScan internally uses nmap to do all the scanning and is more a multithreaded wrapper on top of nmap than an independent scanner in itself.

RustScan is an insanely fast scanner. The documentation pegs the scanning speed at all 65k ports in 3 seconds! All of this is possible using Rust’s threading capabilities that allows multiple instances of nmap to run in parallel and manage their socket connections.

This article will guide you through the installation of RustScan and how to use the tool to scan an IPv6 network.

Notes:

  1. RustScan has support for most Linux operating systems, though the tool does not officially support Windows. However, it is possible to run RustScan on Windows (and other OSes) using Docker.
  2. RustScan requires nmap since it is the scanning engine it uses.
  3. Make sure that the scans are conducted on the networks where you are allowed to do so with appropriate permissions.

Before we begin

Like any other IPv6 scanning tool, your system needs to support IPv6 in order to utilise RustScan’s scanning capabilities. To verify that your system and network are properly configured to have IPv6 access, you can run either of the following commands:

  1. ip -6 addr

    system and network configured IPv6 access

  2. ifconfig | grep inet6

    system and network configured with IPv6

Setting up RustScan

According to the documentation, Docker is the recommended way of installing RustScan. The following advantages are highlighted in the documentation regarding the same:

Using Docker, the following command can be used to run RustScan

docker run -it --rm --name rustscan rustscan/rustscan:latest --help

rustscan

Scanning IPv6 with RustScan

The GitHub documentation is a little vague about how to operate RustScan with docker and IPv6 addresses. However, some experimentation led us to the following results:

Let’s take an example, the following docker command will pull the latest image of RustScan, share the host networking stack with the container and perform an IPv6 scan on the address 2600:1f18:478:f700:f4b3:2721:c3fb:55be for TCP ports 22,80 and 443 by assuming the system is online (no ping scan confirmation before port scan - nmap specification).

docker run --net=host -it --rm --name rustscan rustscan/rustscan:latest -b 10 -p 22,80,443 -a 2600:1f18:478:f700:f4b3:2721:c3fb:55be -- -6 -Pn

rustscan IPv6 scan

Conclusion

In this article we looked at RustScan, which is essentially a wrapper on top of nmap that is written to utilise the operating systems capabilities of sending many network probes without being restricted by nmap’s limitations.

The most recommended way of running RustScan is using its Docker image. RustScan supports all nmap flags and its reporting capabilities are the same as that of nmap.

This article is part of a series on scanning IPv6 addresses. Come back for our next article in the series in which we will take a look at another IPv6 scanner - masscan.

← Back to Academy