replica of nmap that uses shodan's free API for scanning

  • By Somdev Sangwan
  • Last update: Jan 9, 2023
  • Comments: 12

Smap logo

passive Nmap like scanner built with

Smap demo

Smap is a replica of Nmap which uses's free API for port scanning. It takes same command line arguments as Nmap and proudces the same output which makes it a drop-in replacament for Nmap.


  • Scans 200 hosts per second
  • Vulnerability detection
  • Supports all nmap's output formats
  • Service and version fingerprinting
  • Makes no contact to the targets
  • Doesn't require any account/api key


go install -v


Smap takes the same arguments as Nmap but options other than -p, -h, -o*, -iL are ignored. If you are unfamiliar with Nmap, here's how to use Smap.

Specifying targets

smap -sV

You can also use a list of targets, seperated by newlines.

smap -iL targets.txt

Supported formats         // IPv4 address     // hostname   // CIDR     // Range


SMap supports Nmap's 3 major output formats

smap -oX output.xml

If you want to print the output to terminal, use hyphen (-) as filename.

Supported formats

oX    // xml
oG    // greppable format
oN    // nmap format
oA    // output in all 3 formats at once

Specifying ports

SMap scans these 1237 ports by default. If you want to display results for certain ports, use the -p option.

smap -p21-30,80,443 -iL targets.txt


Since Smap simply fetches existent port data from, it is super fast but there's more to it. You should use Smap if:

You want

  • vulnerability detection
  • a super fast port scanner
  • results for most common ports (top 1237)
  • no connections to be made to the targets

You are okay with

  • not being able to scan IPv6 addresses
  • results being up to 7 days old
  • a few false negatives



  • 1

    Released on aur

    Hi, I start maintaining the the aur for smap.

    Can be found here: Source can be found here:

    This could be referenz in the readme if you like. (I can open the PR)

  • 2

    Version string not matching with the release

    This should be bump to 0.1.11 (better 0.1.12 because the source in the releases doenst include this at the moment)

  • 3

    Smap not found [linux]


    When we setup the tool it's seems still didn't installed correctly, go installed and confirmed working

    $go version go version go1.17.8 linux/amd64

    sudo go install -v


    smap bash: smap: command not found

  • 4

    Renaming module will break the build

    The module name change from will cause an error with the require statement:

    go install -v
            module declares its path as: smap
                    but was required as:

    By the way I checked out your v.0.1.1 and there is still mismatched tag problem in ther XML output. The port tag is not closed if no service string is found. Can it be you build the releases with the wrong checkout?

  • 5

    Update xml.go

    XML output cannot be parsed by e.g. python. Double "product" element and in case shodan fails to deliver a service string, the port tag is not closed.

  • 6

    [Question] Smap display cve


    With Nmap, if I use vulners scripts, I can have a possible cve list that permit me to know if my system has a cve not patched.

    the following nmap command is: nmap -sV --script vulners

    With Smap, is it possible to have the result in order to know actives cve on network/hosts? If yes, what is the command to execute?

    Thank you Best regars Anthony

  • 7

    add port format A-B

    -p arg can accept A-B format port now

    ./smap 80,90,1-443
    Starting Nmap 9.99 ( ) at 2022-10-19 17:22 CST
    Nmap scan report for (
    Host is up.
    53/tcp  open  domain?  
    80/tcp  open  http?    
    443/tcp open  https?   
    Service detection performed. Please report any incorrect results at .
    Nmap done: 1 IP address (1 host up) scanned in 0.65 seconds
  • 8

    Improper Signature Verification - [VULNERABILITY FIX]

    Affected versions of this package are vulnerable to Improper Signature Verification. An attacker can craft an ssh-ed25519 or [email protected] public key, such that the library will panic when trying to verify a signature with it. Clients can deliver such a public key and signature to any server with a PublicKeyCallback, and servers can deliver them to any client.

  • 9

    Smap not found [windows]

    'smap' is not recognized as an internal or external command,
    operable program or batch file.
    'smap.exe' is not recognized as an internal or external command,
    operable program or batch file.
  • 10


    Can we print output like

  • 11

    github actions ci/cd

    This PR allows GitHub Actions to use goreleaser to automatically build Release binaries for you.


    • This only occurs when a tag is created with a command set like:
    git tag -a "v${CURRENT}" -m "releasing version ${CURRENT}"
    git push origin "v${CURRENT}"
    • This also creates a draft release which allows you to review it before publishing to a full release.
  • 12

    Host is up.

    Hi when running smap with just one target it worked perfectly. Then I tried smap -iL ips.txt and all the results were "Host is up." so I tried again with just one target and now I get no results other than "Host is up."