passive Nmap like scanner built with shodan.io
- Scans 200 hosts per second
- Doesn’t require any account/api key
- Vulnerability detection
- Supports all nmap’s output formats
- Service and version fingerprinting
- Makes no contact to the targets
You can download a pre-built binary from here and use it right away.
go install -v github.com/s0md3v/smap/cmd/[email protected]
Confused or something not working? For more detailed instructions, click here
Smap is also avaible on Homebrew.
brew update brew install smap
Smap takes the same arguments as Nmap but options other than
-iL are ignored. If you are unfamiliar with Nmap, here’s how to use Smap.
smap 127.0.0.1 127.0.0.2
You can also use a list of targets, seperated by newlines.
smap -iL targets.txt
22.214.171.124 // IPv4 address example.com // hostname 126.96.36.199/8 // CIDR
Smap supports 6 output formats which can be used with the
-o* as follows
smap example.com -oX output.xml
If you want to print the output to terminal, use hyphen (
-) as filename.
oX // nmap's xml format oG // nmap's greppable format oN // nmap's default format oA // output in all 3 formats above at once oP // IP:PORT pairs seperated by newlines oS // custom smap format oJ // json
Note: Since Nmap doesn’t scan/display vulnerabilities and tags, that data is not available in nmap’s formats. Use
-oSto view that info.
Smap scans these 1237 ports by default. If you want to display results for certain ports, use the
smap -p21-30,80,443 -iL targets.txt
Since Smap simply fetches existent port data from shodan.io, it is super fast but there’s more to it. You should use Smap if:
- vulnerability detection
- a super fast port scanner
- results for most common ports (top 1237)
- no connections to be made to the targets
You are okay with
- not being able to scan IPv6 addresses
- results being up to 7 days old
- a few false negatives