A fast, async port scanner with service fingerprinting. Scans 65k ports in under a second on a LAN, outputs structured JSON, and identifies services without sending exploit traffic.
why another port scanner
nmap is the right tool for most jobs. I built this one to learn
tokio properly, and because I wanted machine-readable output that
piped cleanly into jq without post-processing the nmap XML format.
features
- Async scanning —
tokiotasks, one per port range shard - Banner grabbing — reads the first 512 bytes after connect
- Service fingerprinting — matches banners against a compact signature database (shipped as a single TOML file)
- JSON output — every field typed and documented
example output
{
"target": "10.0.0.1",
"scan_ms": 340,
"ports": [
{ "port": 22, "state": "open", "service": "ssh", "banner": "SSH-2.0-OpenSSH_9.3" },
{ "port": 80, "state": "open", "service": "http", "banner": "nginx/1.25.3" },
{ "port": 443, "state": "open", "service": "https", "banner": null }
]
}
performance
Scanning all 65535 ports on a local host:
| tool | time |
|---|---|
| nmap (SYN) | 1.8s |
| portscanner | 0.34s |
| masscan | 0.21s |
masscan wins on raw speed; portscanner wins on output quality and
no-root requirement. SYN scanning needs raw socket access; portscanner
uses async TCP connect so it runs as a normal user.
install
cargo install portscanner