passive Nmap like scanner built with shodan.io
Smap is a replica of Nmap which uses shodan.io's free API for port scanning. It takes same command line arguments as Nmap and proudces the same output which makes it a drop-in replacament for Nmap.
- Scans 200 hosts per second
- Vulnerability detection
- Supports all nmap's output formats
- Service and version fingerprinting
- Makes no contact to the targets
- Doesn't require any account/api key
go install -v github.com/s0md3v/smap/cmd/[email protected]
Smap takes the same arguments as Nmap but options other than
-iL are ignored. If you are unfamiliar with Nmap, here's how to use Smap.
smap -sV 127.0.0.1 127.0.0.2
You can also use a list of targets, seperated by newlines.
smap -iL targets.txt
184.108.40.206 // IPv4 address example.com // hostname 220.127.116.11/8 // CIDR 18.104.22.168-87 // Range
SMap supports Nmap's 3 major output formats
smap example.com -oX output.xml
If you want to print the output to terminal, use hyphen (
-) as filename.
oX // xml oG // greppable format oN // nmap format oA // output in all 3 formats at once
SMap scans these 1237 ports by default. If you want to display results for certain ports, use the
smap -p21-30,80,443 -iL targets.txt
Since Smap simply fetches existent port data from shodan.io, it is super fast but there's more to it. You should use Smap if:
- vulnerability detection
- a super fast port scanner
- results for most common ports (top 1237)
- no connections to be made to the targets
You are okay with
- not being able to scan IPv6 addresses
- results being up to 7 days old
- a few false negatives
Released on aur
Hi, I start maintaining the the aur for smap.
Can be found here: https://aur.archlinux.org/packages/smap-git Source can be found here: https://github.com/b-reich/aur
This could be referenz in the readme if you like. (I can open the PR)
Version string not matching with the release
This should be bump to 0.1.11 (better 0.1.12 because the source in the releases doenst include this at the moment) https://github.com/s0md3v/Smap/blob/5775197d4407ebf24dff0d87b1c8ca9015e420eb/internal/global/variables.go#L35
Smap not found [linux]
When we setup the tool it's seems still didn't installed correctly, go installed and confirmed working
$go version go version go1.17.8 linux/amd64
sudo go install -v github.com/s0md3v/smap/cmd/[email protected]
smap bash: smap: command not found
Renaming module will break the build
The module name change from github.com/s0md3v/smap will cause an error with the require statement:
By the way I checked out your v.0.1.1 and there is still mismatched tag problem in ther XML output. The port tag is not closed if no service string is found. Can it be you build the releases with the wrong checkout?
XML output cannot be parsed by e.g. python. Double "product" element and in case shodan fails to deliver a service string, the port tag is not closed.
[Question] Smap display cve
With Nmap, if I use vulners scripts, I can have a possible cve list that permit me to know if my system has a cve not patched.
the following nmap command is: nmap -sV --script vulners
With Smap, is it possible to have the result in order to know actives cve on network/hosts? If yes, what is the command to execute?
Thank you Best regars Anthony
add port format A-B
-p arg can accept A-B format port now
Improper Signature Verification - [VULNERABILITY FIX]
Affected versions of this package are vulnerable to Improper Signature Verification. An attacker can craft an ssh-ed25519 or [email protected] public key, such that the library will panic when trying to verify a signature with it. Clients can deliver such a public key and signature to any golang.org/x/crypto/ssh server with a PublicKeyCallback, and servers can deliver them to any golang.org/x/crypto/ssh client.
Smap not found [windows]
Can we print output like
example.com:80 example.com:443 example.com:8080 example.com:8888
sub.example.com:80 sub.example.com:443 sub.example.com:8080 sub.example.com:8888
github actions ci/cd
This PR allows GitHub Actions to use
goreleaserto automatically build Release binaries for you.
tagis created with a command set like:
draftrelease which allows you to review it before publishing to a full release.
Host is up.
Hi when running smap with just one target it worked perfectly. Then I tried smap -iL ips.txt and all the results were "Host is up." so I tried again with just one target and now I get no results other than "Host is up."