loading
loading
Network
Node.js simple network scanner with a wrapper to run on a list of targets.
overview
evilscan-loop wraps the evilscan port scanner so it runs across a whole file of targets instead of one host at a time. Give it a list of IP addresses or subnets, set the ports you care about, and it connects to each combination over TCP and reports what answered. The loop wrapper is what makes it practical for a fleet of hosts rather than a single box.
Beyond a plain open or closed verdict, it can grab service banners, do reverse DNS lookups, and attach free MaxMind geoip data, so a scan resolves into a richer picture of each live service. Status filtering lets you keep only the open ports or also see timeouts, refusals, and unreachable results when you need the full story.
On Trickest, evilscan-loop is a Network node that takes a targets file and writes a folder and a file of results. Run it after subnet expansion or asset discovery to find listening services, then feed the open hosts into a prober or a vulnerability scanner downstream.
source github.com/eviltik/evilscan
use cases
Point it at a file of IPs and CIDR ranges, set the port list, and let the loop scan every host so you get one combined view of what is listening across the range.
Enable banner grabbing to capture the service strings on open ports, which helps fingerprint software and versions before deeper testing.
Keep results that resolve to a valid reverse DNS name so a noisy scan narrows to hosts that look like real, named infrastructure.
Pass the discovered open services to an HTTP prober or vulnerability scanner so the next stage runs only against ports that answered.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| targets | FILE | · | List of targets (IP addresses or subnets) to scan. |
| ports | STRING | --port | Port(s) to scan, example: --port=21,22,23,5900-5902. |
| scan-method | STRING | --scan | Scan method (tcpconnect full connect, default). |
| status | STRING | --status | Port statuses wanted in results: T (timeout), R (refused), O (open, default), U (unreachable). |
| banner | BOOLEAN | --banner | Display the service banner for open ports. |
| concurrency | STRING | --concurrency | Max number of simultaneous sockets opened (default 500). |
| timeout | STRING | --timeout | Maximum milliseconds before closing the connection (default 2000). |
| result-format | STRING | --display | Display result format (json, xml, console). |
Showing key inputs. evilscan-loop exposes 14 inputs in total.
| Name | Type | Flag | Description |
|---|---|---|---|
| targets | FILE | · | List of targets (IP addresses or subnets) to scan. |
| ports | STRING | --port | Port(s) to scan, for example --port=21,22,23,5900-5902. |
| scan-method | STRING | --scan | Scan method: tcpconnect (full connect, default); tcpsyn and udp are listed but not implemented. |
| status | STRING | --status | Port statuses to keep in results: T (timeout), R (refused), O (open, default), U (unreachable). |
| banner | BOOLEAN | --banner | Display the service banner grabbed on open ports. |
| banner-length | STRING | --bannerlen | Length of banner to grab (default 512). |
| concurrency | STRING | --concurrency | Maximum number of simultaneous sockets opened (default 500). |
| timeout | STRING | --timeout | Maximum milliseconds before closing the connection (default 2000). |
| display-dns-lookup | BOOLEAN | --reverse | Display the DNS reverse lookup for each host. |
| valid-dns | BOOLEAN | --reversevalid | Only show results with a valid reverse DNS, unless ports are specified. |
| geoip | BOOLEAN | --geo | Display MaxMind geoip data for each host (free database). |
| result-format | STRING | --display | Result format to print: json, xml, or console. |
| progress | BOOLEAN | --progress | Print a progress indicator every second. |
| hugescan | BOOLEAN | --hugescan | Allow an IP/port combination count greater than 16,580,355. |
example
# loop evilscan over every IP or subnet in the file, banners onwhile read target; do evilscan "$target" --port=22,80,443,3389,8080 --banner --status=Odone < targets.txt198.51.100.7 22 open SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6198.51.100.7 80 open Server: nginx/1.24.0198.51.100.12 443 open198.51.100.24 3389 open198.51.100.41 8080 open Server: gunicorn/21.2.0203.0.113.9 22 open SSH-2.0-OpenSSH_9.6p1203.0.113.9 25 open 220 mail.example.com ESMTP Postfix203.0.113.18 443 openguidance
Reach for evilscan-loop when you have a file of IPs or subnets and want a quick TCP sweep with banners and reverse DNS. For high-rate internet-scale scanning use masscan or zmap, and for richer service detection use a dedicated scanner like naabu plus nmap.
Asynchronous scanner built for internet-scale speed. evilscan-loop adds banner and reverse-DNS detail per host.
Fast Go port scanner that pairs cleanly with nmap. A lighter modern alternative for the same discovery step.
Quick port discovery that hands ports to nmap. Faster sweep, less built-in banner and geoip detail.
faq
related
Quickly map an organization's network ranges using ASN information.
Maximize your resolver count by combining the target's DNS servers with public resolvers.
Expand CIDR ranges into a list of IP addresses easily.
Expand CIDR ranges into a list of IP addresses easily, from a file.
Maintain a list of IPv4 DNS servers verified against baseline servers for accurate responses.
Patched dnsvalidator that keeps only IPv4 resolvers verified against baseline servers.
A file of subnets feeds evilscan-loop, which TCP-scans every host and writes the open ports and banners as a queryable output.
Facts on this page come from the live Trickest tool library.