โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ โ
โ โโโโโโโโโโโ โโโโโโโโโ โโโ โโโโโโ โ
โ โโโโโโโโโโโ โโโโโโโโโ โโโโโโโโโโโ โ
โ โโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโ โ
โ โโโโโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโ โ
โ โโโโโโโโโโโ โโโโโโ โโโโโโโ โโโ โโโ โ
โ โโโโโโโโโโโ โโโโโโ โโโโโ โโโ โโโ v2.0 โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
เฅ THE COSMIC DESTROYER OF VULNERABILITIES เฅ
โโโ AdiscLabs | @Aditya Bhosale | เฅ เคจเคฎเค เคถเคฟเคตเคพเคฏ เฅ โโโ
The Third Eye opens. Every port is revealed. Nothing is hidden.
Inspired by Lord Shiva โ The Hindu God of Destruction and Transformation
SHIVA (Scanner for Host Introspection, Vulnerability Analysis) is an advanced network port scanner written from scratch in Python. Named after the Hindu God of Destruction, SHIVA channels the power of Shiva's Third Eye โ the all-seeing eye that perceives what is hidden โ to expose every open port, service, banner, and vulnerability on a target network.
Unlike basic scanners, SHIVA combines:
- 750+ service fingerprints with intelligent detection
- 6 scan modes from quick recon to full aggressive analysis
- CVE-mapped vulnerability intel for 40+ critical services
- SSL/TLS certificate inspection built-in
- OS detection via TTL analysis
- CIDR subnet scanning for entire network ranges
- JSON export for reporting and integration
โ ๏ธ SHIVA is for authorized security testing ONLY. Only scan systems you own or have explicit written permission to test. Unauthorized scanning is illegal in most jurisdictions.
Every element of SHIVA is inspired by Lord Shiva:
| Symbol | Shiva Meaning | SHIVA Tool Meaning |
|---|---|---|
| Third Eye (เคคเฅเคคเฅเคฏ เคจเฅเคคเฅเคฐ) | Sees beyond illusion, burns ignorance | Scans beyond firewalls, reveals hidden services |
| Trishul (เคคเฅเคฐเคฟเคถเฅเคฒ) | Trident destroying past, present, future | Three-phase scan: detect, fingerprint, exploit |
| Vasuki (เคตเคพเคธเฅเคเฅ) | King cobra โ deadly but controlled | Payload probes that extract service banners |
| Neelakantha (เคจเฅเคฒเคเคฃเฅเค ) | Blue throat โ consumed poison for others | Absorbs network noise to find signal |
| Nataraja (เคจเคเคฐเคพเค) | Cosmic dance of destruction & creation | The scanning dance โ methodical destruction of ignorance |
| Rudra (เคฐเฅเคฆเฅเคฐ) | The Howler, fierce destroyer | Aggressive mode โ tears through all defenses |
| Ganga (เคเคเคเคพ) | Sacred river flowing from Shiva's hair | Data stream flowing from target to analyst |
| OM (เฅ) | The primordial sound, beginning of all | The first packet sent โ the beginning of the scan |
Python 3.8 or higher
pip install rich # For colored terminal output (recommended)# Clone or download
git clone https://github.com/adisclabs/shiva # or download shiva.py directly
# Install dependency
pip install rich
# Make executable (Linux/macOS)
chmod +x shiva.py
# Run
python3 shiva.py --helpsudo cp shiva.py /usr/local/bin/shiva
sudo chmod +x /usr/local/bin/shiva
# Now run from anywhere
shiva -t 192.168.1.1 --mode vuln# See the full help + banner
python3 shiva.py --help
# Basic scan of a single host
python3 shiva.py -t 192.168.1.1
# Vulnerability scan
python3 shiva.py -t 192.168.1.1 --mode vuln
# Full aggressive scan with banner grabbing
python3 shiva.py -t 192.168.1.1 --mode aggressive
# Scan your entire local subnet
python3 shiva.py -t 192.168.1.0/24 -p top100 --mode quick
# Save results to JSON
python3 shiva.py -t myserver.com --mode full -o report.jsonpython3 shiva.py -t TARGET [OPTIONS]
| Flag | Long Form | Description | Default |
|---|---|---|---|
-t |
--target |
Target IP, hostname, CIDR, or comma-separated list | Required |
-p |
--ports |
Port specification (see formats below) | top1000 |
--mode |
Scan mode (see modes below) | quick |
|
--threads |
Number of concurrent threads | 300 |
|
--timeout |
Socket timeout in seconds | 1.0 |
|
-o |
--output |
Save results to JSON file | โ |
--no-color |
Disable rich colour output | โ | |
-h |
--help |
Show help menu and exit | โ |
-v |
--version |
Show version and exit | โ |
Fastest mode. Pure TCP connect scan. No banner grabbing or extra probes.
python3 shiva.py -t 192.168.1.1 --mode quick- TCP connect scan on specified ports
- Identifies open / closed / filtered state
- Service name lookup from database
- Risk level classification
- OS hint via TTL
Best for: Initial reconnaissance, subnet sweeps, time-sensitive scans
Complete scan with banner grabbing, version detection, UDP probing, and SSL info.
python3 shiva.py -t 192.168.1.1 --mode full- Everything in
quickmode - Banner grabbing on all open ports
- Version string extraction (Apache, nginx, OpenSSH, MySQL, etc.)
- UDP scan on key ports (DNS/53, NTP/123, SNMP/161, etc.)
- SSL/TLS certificate info (CN, expiry, cipher, TLS version)
Best for: Thorough host enumeration, service inventory
Evades IDS/IPS by randomising port order and introducing timing jitter.
python3 shiva.py -t 192.168.1.1 --mode stealth --threads 50 --timeout 2- Port scan order randomised (not sequential 1,2,3...)
- Slower pacing to stay below threshold-based alerts
- Reduces signature of pattern-based detection
- Recommended: lower threads (50-100) and higher timeout (2-3s)
Best for: Avoiding detection during authorized red team engagements
Aggressive banner grabbing with multiple probe types per service.
python3 shiva.py -t 192.168.1.1 --mode banner- Everything in
fullmode - Multiple banner probe payloads tried per port
- Extended read timeout to catch slow responders
- Deep version string extraction with 20+ regex patterns
- Catches services that don't respond to generic probes
Best for: Service version enumeration before exploit research
Full scan plus CVE-mapped vulnerability intelligence for every open service.
python3 shiva.py -t 192.168.1.1 --mode vuln- Everything in
fullmode - Vulnerability hints per open port from built-in CVE database
- Covers 40+ critical services with specific CVE references
- Risk prioritisation: CRITICAL > HIGH > MEDIUM > LOW
- Flags known default-credential and no-authentication services
Best for: Security audits, pentest prep, vulnerability assessment
Maximum information gathering. Everything SHIVA has.
python3 shiva.py -t 192.168.1.1 --mode aggressive- Everything in
vulnmode - SSL/TLS deep inspection on ALL potentially TLS ports
- Maximum banner probe coverage
- All UDP probes
- Highest information density output
Best for: Full security assessment, CTF, authorized penetration testing
| Format | Description | Example |
|---|---|---|
| Single port | One specific port | -p 80 |
| Comma list | Multiple specific ports | -p 22,80,443,3306,6379 |
| Range | Inclusive port range | -p 1-1000 |
top100 |
Top 100 well-known ports | -p top100 |
top1000 |
Top 1000 ports (default) | -p top1000 |
vuln |
High-risk ports only | -p vuln |
all |
All 65535 ports | -p all |
Tip for
all: Use--threads 1000 --timeout 0.5for speed:python3 shiva.py -t 192.168.1.1 -p all --threads 1000 --timeout 0.5
# Single IP
python3 shiva.py -t 192.168.1.1
# Hostname
python3 shiva.py -t myserver.com
# CIDR subnet (scans all hosts in range)
python3 shiva.py -t 192.168.1.0/24
# Multiple targets (comma-separated)
python3 shiva.py -t 192.168.1.1,192.168.1.2,192.168.1.50
# Mix of formats
python3 shiva.py -t 10.0.0.1,10.0.0.0/29,myserver.localSHIVA classifies every open port by risk level:
| Level | Color | Criteria | Examples |
|---|---|---|---|
CRITICAL |
๐ด Red | Known unauthenticated access, default creds, direct RCE surface | Redis, MongoDB, Docker API, Telnet, Memcached |
HIGH |
๐ Orange | Well-known services on standard ports | SSH, FTP, SMB, RDP, MySQL |
MEDIUM |
๐ก Yellow | Services on non-standard ports (1024โ7999) | Custom apps, alternate HTTP |
LOW |
๐ข Green | Services on high ports | Dev servers, metrics endpoints |
In vuln and aggressive mode, SHIVA surfaces known CVEs and security issues per service. Examples:
| Port | Service | Intel |
|---|---|---|
| 22 | SSH | OpenSSH username enumeration (CVE-2018-15473), cipher weakness check |
| 23 | Telnet | CRITICAL โ cleartext credentials, instant MitM |
| 445 | SMB | EternalBlue (MS17-010), EternalRomance, SMBv1 check |
| 3389 | RDP | BlueKeep (CVE-2019-0708), DejaBlue (CVE-2019-1181) |
| 6379 | Redis | Unauthenticated access โ arbitrary code execution, SSH key injection |
| 9200 | ElasticSearch | No-auth data exposure, dynamic scripting RCE |
| 2375 | Docker API | No TLS = full host compromise trivial |
| 8009 | AJP | Apache Ghostcat (CVE-2020-1938) |
| 27017 | MongoDB | Default no-auth in older versions |
| 11211 | Memcached | No auth + UDP amplification (50,000x DDoS factor) |
| 502 | Modbus | ICS/SCADA โ zero authentication on industrial systems |
โโโโโโโโโโโโโโโโโโโ SHIVA ยท 192.168.1.100 [192.168.1.100] โโโโโโโโโโโโโโโโโโ
OS: Linux / Unix / macOS (TTL=64) Open: 5 Closed: 995 Time: 3.2s
Port Proto State Service Risk RTT Version / Banner
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
22 TCP open SSH HIGH 12ms OpenSSH 8.9p1 Ubuntu
80 TCP open HTTP HIGH 8ms Apache/2.4.52
443 TCP open HTTPS HIGH 9ms CN=myserver.com | TLS=TLSv1.3
3306 TCP open MYSQL HIGH 11ms MySQL 8.0.33
6379 TCP open REDIS CRITICAL 6ms Redis 7.0.5
VULNERABILITY INTEL
PORT 6379 / REDIS
[CRIT] Redis โ unauthenticated access allows arbitrary code execution
[CRIT] Redis SLAVEOF can write files to disk (SSH key injection)
[
{
"target": "192.168.1.100",
"ip": "192.168.1.100",
"hostname": "myserver.local",
"os_hint": "Linux / Unix / macOS (TTL=64)",
"ttl": 64,
"scan_time": 3.21,
"timestamp": "2026-03-19T11:30:00",
"open_ports": [
{
"port": 22,
"state": "open",
"protocol": "TCP",
"service": "SSH",
"description": "Secure Shell",
"risk": "HIGH",
"response_ms": 12.3,
"version": "OpenSSH 8.9p1 Ubuntu",
"banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6",
"ssl_info": "",
"vuln_hints": ["[INFO] Check cipher suites: avoid arcfour, 3des-cbc"]
}
]
}
]# Scan entire /24 subnet for common services
python3 shiva.py -t 192.168.1.0/24 -p top100 --mode quick --threads 500# Aggressive scan of a web server with vuln intel
python3 shiva.py -t mywebserver.com -p 1-10000 --mode aggressive -o webserver_audit.json# Quick check of high-risk ports only
python3 shiva.py -t 192.168.1.1 -p vuln --mode vuln# Scan database-relevant ports
python3 shiva.py -t 10.0.0.50 -p 1433,1521,3306,5432,6379,27017,9200 --mode vuln# Low and slow โ evade detection
python3 shiva.py -t 10.0.0.1 -p top1000 --mode stealth --threads 30 --timeout 3# Maximum coverage โ be patient
python3 shiva.py -t 192.168.1.1 -p all --threads 1000 --timeout 0.5 -o full_sweep.json# Scan multiple targets and save combined report
python3 shiva.py -t 10.0.0.1,10.0.0.2,10.0.0.10 --mode vuln -o multi_host_report.json# Clean output for log files or piping
python3 shiva.py -t 192.168.1.1 --no-color --mode full | tee scan.log| State | Meaning |
|---|---|
open |
Port is accepting connections. Service is running. |
closed |
Port responded with RST โ host is up but nothing running there. |
filtered |
No response / ICMP unreachable โ firewall likely blocking. |
open|filtered |
UDP โ could not determine definitively. |
SHIVA uses ICMP ping TTL values to estimate the OS family:
| TTL Range | OS Hint |
|---|---|
| 1 โ 64 | Linux / Unix / macOS / Android |
| 65 โ 128 | Windows (NT/XP/7/10/11/Server) |
| 129 โ 255 | Network Device (Cisco/Juniper/Solaris/HP) |
Note: TTL decrements with each hop. A TTL of 57 from 7 hops away = original TTL of 64 = Linux.
| Scenario | Threads | Timeout | Notes |
|---|---|---|---|
| Single host, quick | 300 | 1.0s | Default โ good balance |
| Single host, all ports | 1000 | 0.5s | Fast sweep |
| Subnet scan | 200 | 1.0s | Avoid overwhelming network |
| Stealth scan | 30โ50 | 2โ3s | Low and slow |
| Cloud target (high latency) | 100 | 2.0s | Compensate for RTT |
# Fastest (may miss filtered ports)
--threads 1000 --timeout 0.3
# Balanced (default)
--threads 300 --timeout 1.0
# Most accurate (slower)
--threads 100 --timeout 3.0shiva.py โ Single file, no dependencies except `rich`
report.json โ Optional JSON output (generated when -o is used)
SHIVA is intentionally a single-file tool. No config files, no databases, no installation beyond pip install rich.
| Feature | SHIVA | nmap |
|---|---|---|
| Language | Python โ readable, modifiable | C โ fast, compiled |
| Service DB | 750+ entries, custom | 10,000+ entries |
| Vuln intel | Built-in 40+ CVE hints | Via NSE scripts |
| SSL inspection | Built-in | Via scripts |
| Output | Rich terminal + JSON | Multiple formats |
| Setup | pip install rich |
System package |
| Customisable | Full Python source | C/Lua scripts |
| Root required | No (TCP connect) | Yes (SYN scan) |
| Learning value | High โ read the source | Black box |
SHIVA's advantage is that it is 100% readable Python โ you can understand every probe, every decision, every output line. It's designed to be learned from, not just run.
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ LEGAL WARNING โ
โ โ
โ Scanning systems you do not own or have explicit written โ
โ permission to test is ILLEGAL in most countries worldwide. โ
โ โ
โ This includes: โ
โ โข The Computer Fraud and Abuse Act (CFAA) โ USA โ
โ โข Computer Misuse Act โ UK โ
โ โข IT Act 2000 โ India โ
โ โข Similar laws in EU, Australia, and most nations โ
โ โ
โ SHIVA is intended ONLY for: โ
โ โข Your own systems and networks โ
โ โข Systems with explicit written authorization โ
โ โข Authorized CTF challenges and lab environments โ
โ โข Security research with proper disclosure โ
โ โ
โ The authors (AdiscLabs / @Aditya Bhosale) are NOT โ
โ responsible for any misuse of this tool. โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ DEVELOPED BY โ
โ AdiscLabs โ
โ @Aditya Bhosale โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฃ
โ SHIVA v2.0 โ
โ The Destroyer of Vulnerabilities โ
โ เฅ เคจเคฎเค เคถเคฟเคตเคพเคฏ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Inspired by: Lord Shiva โ the Hindu god of destruction, transformation, and the cosmic dance of creation and annihilation.
Built with:
- Python 3.8+ standard library (
socket,ssl,threading,concurrent.futures) - Rich โ beautiful terminal output
Concept inspired by: nmap, masscan, rustscan โ but written from scratch to be fully understandable and extensible.
"The Third Eye opens. Every port is revealed. Nothing is hidden."
เฅ เคจเคฎเค เคถเคฟเคตเคพเคฏ โ Har Har Mahadev