A rust-based scanner with built in exploit searching.
Only scan systems you own or have explicit permission to test.
git clone https://github.com/NotSmartMan/OxideScanner.git
cd OxideScanner
./install.shRun without flags for interactive arrow-key prompts.
Common options
| Option | Description | Example |
|---|---|---|
-Nk |
Scan N×1000 ports | -1k = 1000, -5k = 5000 |
-N |
Scan N ports | -1000 = exactly 1000 ports |
--ports N |
Scan port count | --ports 1000 |
--udp |
UDP scan mode | --udp |
--both |
TCP + UDP scan | --both |
--script CAT |
NSE script category | --script vuln |
--json |
JSON output | --json |
--threads N |
Worker threads | --threads 8 |
--scan-timeout MS |
Connection timeout | --scan-timeout 50 |
--exploit-timeout MS |
Exploit search timeout | --exploit-timeout 5000 |
Command Syntax
oxscan <target> [options]Configuration
export OXIDE_THREADS=8 # Parallel scanning
export OXIDE_SCAN_TIMEOUT=50 # Connection timeout
export OXIDE_LOG_LEVEL=info # Logging level
export OXIDE_ENABLE_RATE_LIMIT=true # Enable rate limitinggit clone https://github.com/3xecutablefile/OxideScanner.git
cd OxideScanner
chmod +x install.sh
./install.sh# Prerequisites
sudo apt install nmap ruby git
brew install nmap ruby git
# Build from source
git clone https://github.com/3xecutablefile/OxideScanner.git
cd OxideScanner
cargo build --release
sudo cp target/release/oxscan /usr/local/bin/oxscan scanme.nmap.org scanme.nmap.org scanning top 1000 ports
2 open tcp ports 1 filtered port 997 closed
open
22/tcp
80/tcp
filtered
25/tcp
svc
22/tcp ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13
80/tcp http Apache httpd 2.4.7
os
Linux, Ubuntu (85%)
◆ critical 80/tcp http Apache httpd 2.4.7 17 exploits
1. Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution
/opt/homebrew/opt/exploitdb/share/exploitdb/exploits/php/remote/29290.c
...
17 exploits total
- scanner - High-performance parallel port scanning (TCP + UDP)
- exploit - Exploit database integration and risk scoring
- external - Nmap, NSE, and searchsploit tool abstractions
- config - CLI args + interactive prompts with arrow-key selection
- validation - Input validation and sanitization
- utils - Networking utilities and target resolution
- Added UDP scan mode (
--udp,--both) - Added NSE script execution (
--script CATEGORY) - Interactive arrow-key prompts via inquire (no flags needed)
- Per-port concurrent service detection (one nmap per port, async)
- Automatic OS detection (banner inference + nmap -O fallback)
- Auto-lookup NSE categories in interactive menu
- Port range input support (e.g.
1-2300)
- Fixed searchsploit JSON parsing with correct field mappings
- Added intelligent query filtering for targeted exploit search
- Improved performance by filtering generic service queries
- Enhanced documentation with comprehensive examples
- Cleaned codebase and removed unused dependencies
- Initial release with basic port scanning and exploit integration
MIT License - see LICENSE for details.
- Issues: GitHub Issues
- Discussions: GitHub Discussions
3xecutablefile
random kid
Fast Port Scanning with Smart Exploit Discovery