networkscan

command module

v0.0.111 Latest Latest Go to latest Published: Dec 6, 2025 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Method-Security/networkscan

Links

Open Source Insights

README ¶

networkscan

networkscan offers security teams comprehensive network scanning, service enumeration, and penetration testing capabilities to help them gain visibility into their cloud and on-premise environments. The tool provides advanced features including stealth scanning modes, credential spraying, service-specific attacks, and extensive protocol support. Designed with data-modeling and data-integration needs in mind, networkscan can be used on its own as an interactive CLI, orchestrated as part of a broader data pipeline, or leveraged from within the Method Platform.

Key Features

Network Discovery: Host discovery with multiple scan types, port scanning with stealth modes, service fingerprinting for TCP/UDP protocols
Service Enumeration: Deep inspection of network services including SSH, SMB, LDAP, SMTP, FTP, and gRPC
Penetration Testing: Credential spraying against multiple protocols, service-specific attacks, and advanced techniques like DCSync and Kerberos delegation
Stealth Operations: Configurable delays, jitter, and evasion techniques across all scanning modes
Built-in Wordlists: Integrated username and password lists for common attack scenarios
Flexible Output: Multiple output formats (JSON, YAML, Signal) with structured reporting

The types of scans that networkscan can conduct are constantly growing. For the most up to date listing, please see the documentation here

To learn more about networkscan, please see the Documentation site for the most detailed information.

Quick Start

Get networkscan

For the full list of available installation options, please see the Installation page. For convenience, here are some of the most commonly used options:

docker run methodsecurity/networkscan
docker run ghcr.io/method-security/networkscan
Download the latest binary from the Github Releases page
Installation documentation

General Usage

networkscan [command] [subcommand] <flags>

Examples

# Network Discovery
networkscan discover host --target 192.168.1.0/24
networkscan discover host --target 192.168.1.0/24 --sleep 2 --jitter 10 --reverse-lookup
networkscan discover port --target scanme.sh --top-ports 100
networkscan discover port --target scanme.sh --ports 22,80,443 --validate
networkscan discover service --target scanme.sh:22
networkscan discover service --target 192.168.1.1 --udp
networkscan discover tls --targets scanme.sh:443,example.com:443
networkscan discover domain --target 192.168.1.1

# Service Enumeration  
networkscan enumerate service --targets 192.168.1.10:22,192.168.1.11:21 --service ssh

# Credential Spraying
networkscan pentest spray password --targets 192.168.1.0/24 --service SMB --usernames admin,guest --passwords Password123,123456 --domain CORP
networkscan pentest spray password --targets 192.168.1.100:445 --service SMB --username-lists DOMAIN_USERNAMES --password-lists DOMAIN_PASSWORDS --sleep 2 --jitter 10
networkscan pentest spray username --targets dc.example.com:88 --service KERBEROS --domain EXAMPLE.COM --usernames admin,guest

# Service-Specific Penetration Testing
networkscan pentest service smb --targets 192.168.1.100:445 --usernames admin --passwords password --actions AUTH,SHARES_MAP
networkscan pentest service ssh --targets 192.168.1.100:22 --usernames root --passwords password --actions AUTH,EXEC --execute "whoami"
networkscan pentest service telnet --targets 192.168.1.100:23 --usernames admin --passwords password --actions AUTH
networkscan pentest service ldap --targets dc.example.com:389 --usernames user --passwords pass --domain EXAMPLE.COM --actions AUTH,DOMAINDUMP
networkscan pentest service msrpc --targets dc.example.com:445 --usernames admin --passwords Password123 --domain EXAMPLE.COM --actions DCSYNC
networkscan pentest service kerberos --targets dc.example.com:88 --usernames user --passwords pass --domain EXAMPLE.COM --actions SERVICE_TICKET --spn HTTP/server.example.com

Contributing

Interested in contributing to networkscan? Please see our organization wide Contribution page.

Want More?

If you're looking for an easy way to tie networkscan into your broader cybersecurity workflows, or want to leverage some autonomy to improve your overall security posture, you'll love the broader Method Platform.

For more information, visit us here

Community

networkscan is a Method Security open source project.

Learn more about Method's open source source work by checking out our other projects here or our organization wide documentation here.

Have an idea for a Tool to contribute? Open a Discussion here.

Documentation ¶

Overview ¶

Package main is the entry point for the networkscan application.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd Package cmd implements the CobraCLI commands for the networkscan CLI.	Package cmd implements the CobraCLI commands for the networkscan CLI.
internal
common/ntlm
config Package config contains common configuration values that are used by the various commands and subcommands in the CLI.	Package config contains common configuration values that are used by the various commands and subcommands in the CLI.
discover Package discover implements network discovery functionality for finding live hosts and services.	Package discover implements network discovery functionality for finding live hosts and services.
discover/host Package discover implements network discovery functionality for finding live hosts and services.	Package discover implements network discovery functionality for finding live hosts and services.
discover/port
discover/service Package service implements service fingerprinting functionality for discovering running services.	Package service implements service fingerprinting functionality for discovering running services.
discover/service/plugins Package plugins provides ARD (Apple Remote Desktop) service fingerprinting	Package plugins provides ARD (Apple Remote Desktop) service fingerprinting
enumerate Package enumerate implements service enumeration functionality for various network protocols.	Package enumerate implements service enumeration functionality for various network protocols.
enumerate/ftp
enumerate/grpc
enumerate/ldap
enumerate/smb
enumerate/smtp
enumerate/ssh
pentest
pentest/ftp
pentest/kerberos
pentest/ldap
pentest/msrpc
pentest/smb
pentest/ssh
pentest/telnet
protocol/kerberos
protocol/msrpc
protocol/smb Package smb provides SMB penetration testing functionality including secdump operations This file contains utility functions adapted from github.com/jfjallid/go-secdump	Package smb provides SMB penetration testing functionality including secdump operations This file contains utility functions adapted from github.com/jfjallid/go-secdump
utils Package utils provides utility functions used across the networkscan application.	Package utils provides utility functions used across the networkscan application.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL