Key Capabilities
Port Scanning
Fast port discovery supporting 146 protocols and 90000+ rules with nmap and naabu integration
Vulnerability Detection
15000+ POC detection capabilities including nuclei, vscan, and custom POCs
Password Cracking
Brute force support for 23 protocols with intelligent dictionary management
Web Fingerprinting
7000+ web fingerprints for technology detection and CMS identification
HTTP Smuggling
Advanced HTTP request smuggling detection supporting CL-TE, TE-CL, and more
File Discovery
Automated sensitive file and backup discovery with intelligent fuzzing
Integrated Scanning Engines
scan4all integrates several best-in-class security tools:Nuclei Integration
Embedded nuclei templates with 3922 YAML POCs covering CVEs, panels, exposures, and more. Includes custom DSL helpers for advanced matching.
VScan Engine
Integrated vscan POCs including xray 2.0 with 300+ POCs and custom Go-based vulnerability checks.
Port Scanning
Dual-engine support with nmap (for comprehensive protocol detection) and naabu (for high-speed scanning).
Technical Highlights
Performance Optimizations
- Intelligent Deduplication: When multiple domains share the same IP, port scans are merged to improve efficiency
- Smart SSL Analysis: Automatically correlates and scans domain names found in SSL certificates (*.xxx.com)
- Concurrent Processing: Optimized goroutine pools with configurable thread counts and rate limiting
- Result Caching: Intelligent caching prevents redundant scans of the same targets
Advanced Features
Smart Abnormal Page Detection- Automatically learns and identifies honeypot signatures (enable with
EnableHoneyportDetection=true) - Intelligent 404 detection using similarity algorithms
- Abnormal page fingerprint calculation and learning
- Automated supply chain identification and scanning
- Dependency vulnerability detection
- Technology stack enumeration
- JSON, CSV, and plain text output formats
- Elasticsearch integration for centralized result storage
- Structured output for easy parsing and automation
Sensitive File Detection
scan4all includes an intelligent file fuzzing engine that discovers:- Backup files (
.bak,.old,.backup, etc.) - Configuration files (
config.php,web.config, etc.) - Sensitive endpoints (
/admin,/console, etc.) - Development artifacts (
.git,.svn,.env, etc.)
- Smart 404 detection with similarity algorithms (Levenshtein distance)
- Content-Type header analysis to identify file types
- Automatic stopping when honeypots are detected
- Context-aware dictionary selection
The file fuzzing feature can be disabled with the
enableFileFuzz=false configuration option.Workflow Architecture
The scan4all workflow follows a waterfall model:Detection Statistics
Nuclei Templates Coverage
| Category | Count | Severity | Count |
|---|---|---|---|
| CVE | 1430 | Critical | 478 |
| Panels | 655 | High | 1009 |
| WordPress | 419 | Medium | 818 |
| XSS | 491 | Low | 225 |
| RCE | 337 | Info | 1474 |
Supported Protocols (Password Cracking)
RDP
SSH
MySQL
MSSQL
Oracle
PostgreSQL
Redis
FTP
MongoDB
SMB
Telnet
VNC
SNMP
Elasticsearch
RouterOS
WinRM
POP3/POP3S
SOCKS5
Configuration Flexibility
scan4all is highly customizable throughconfig/config.json:
Next Steps
Port Scanning
Learn about port scanning with nmap and naabu
Vulnerability Detection
Explore POC-based vulnerability detection
Password Cracking
Master multi-protocol password brute forcing
Web Fingerprinting
Discover technology stack identification