Radar is a small but efficient network scanner written in Rust heavily inspired
by masscan.
These are the main features:
- Userspace TCP, UDP, DHCP and ARP implementations, thanks to
pnet - Being asynchronous
- Randomized IP/ports scanning with no pre-allocation/shuffling
- Rate limiting
- Monitor mode that notifies about different kind of network events
- JSON output
- 100% statically built. Use it on pwned machines during pentests :P
As masscan, it aims to be as fast as possible. On my 1Gbit network it achieves
circa 300k packets per second.
After downloading the binary from the release page do:
xz -d radar-x86_64-musl.xz
mv radar-x86_64-musl radar
chmod +x radarYou can easily obtain a nix shell via: nix shell github:deade1e/radar
First of all open a radar console:
$ sudo ./radar -i default consolesudo or the equivalent permission is required to use the raw sockets.
This opens the scanner in console mode, where you can issue various commands.
To see all of them, just type help. The console mode is based on
Hackshell.
Show the help with all commands and brief description:
radar> helpShow the internal ARP table:
radar> arpPerform an ARP scan on all the interface's subnets:
radar> arpscan -aView the scan command help:
radar> scan --help
Error: Scan the network
Usage: scan [OPTIONS] -p <PORTS> <SUBNET>
Arguments:
<SUBNET> The subnet to scan
Options:
-p <PORTS> The ports to scan
-u, --udp Use UDP instead of TCP
-a, --arp-mode Enables ARP mode for scanning only the local network. When this option is enabled the packets are sent directly to the target MAC address instead of the router MAC address. An ARP
scan will be performed before the actual port scan while using this option
-r, --max-rate <MAX_RATE> The maximum rate of packets to send per second. Default = 1000
-j, --json JSON output
--json-content Include response packet content in the JSON output
-b, --blacklist <BLACKLIST> Blacklist file of subnets not to be scanned or ever contacted in any way. Mandatory when a /0 (global IPv4) scan is performed
-m, --router-mac <ROUTER_MAC> Router MAC address. Used when the router cannot be detected automatically or for benchmarking purposes
-c, --content <CONTENT> The content of the packet to send. Must be a base64 encoded string. Only used in UDP mode
-h, --help Print helpPerform a basic scan of an internal subnet:
radar> scan -p 1-1000 192.168.1.0/24This mode uses the default gateway to route packets, as masscan does.
By adding -a the ARP mode is enabled and therefore individual MAC addresses
get resolved before sending the ethernet frames.
If you want to go faster you must set the --max-rate parameter. Be cautious,
it might crash the router/network.
Perform a UDP scan with a preloaded content in search of DNS servers:
radar> scan -p 53 192.168.1.0/24 -u -c kOQBAAABAAAAAAABBmdvb2dsZQNjb20AAAEAAQAAKQSwAAAAAAAAThis base64 content is a DNS request for google.com.
Sometime UDP services are just a bit shy, help it by feeding them the correct payloads!
Monitor for DHCP requests on your interface:
radar> monitor -f dhcp-reqYou can monitor for other events too! Check monitor --help to see all of them.
View the current ongoing tasks:
radar> task
Task Started at
---- ----------
monitor 2026-01-07 00:09:34 Terminate a task:
radar> task -t monitorScript the console to execute a list of commands on start:
$ sudo ./radar -i default console -r script.txtWant to save the output?
$ sudo ./radar -i default console -r script.txt > scan_output.logStatus messages are printed on stderr while command execution results are
printed on stdout.
One shot scan command:
$ sudo ./radar -i default scan --helprustup default stable
rustup target add x86_64-unknown-linux-musl
rustup component add rustfmt rust-analyzer rust-src clippy
export CARGO_BUILD_TARGET="x86_64-unknown-linux-musl"
cargo buildnix buildnix developThe project aims to be an extended and more pluggable/hackable version of
masscan. It both works in local networks and non RFC1918 ones, so yes, you can
theoretically scan the whole internet with it.
The usage of this program to scan the whole internet or not authorized hosts might get you fined and/or arrested. Triple check before doing anything.
You have been warned.