Skip to main content

Introduction

scan4all is a powerful CLI security scanner tool that combines port scanning, vulnerability detection, and service enumeration capabilities. The tool is designed for security researchers, penetration testers, and system administrators who need comprehensive network scanning functionality.

Basic Usage

scan4all [flags]

Quick Examples

Basic Host Scan

scan4all -host example.com

Scan from File with Custom Ports

scan4all -l hosts.txt -p 80,443,8080

Fast Scan with JSON Output

scan4all -host 192.168.1.1 -tp 1000 -o results.json -json

Full Scan with All Features

scan4all -l targets.txt -p 1-65535 -verify -o scan_results.txt

Command Groups

The scan4all CLI is organized into the following functional groups:

Input Options

Define targets and exclusions for your scan.

Port Configuration

Specify which ports to scan and exclude.

Rate Limiting

Control scan speed and concurrency.

Output Formats

Configure how scan results are saved.

Scan Configuration

Customize scan behavior and techniques.

Optimization

Fine-tune performance and reliability.

Debug & Monitoring

Control logging and scan statistics.

Scan Types

scan4all supports two primary scan types:

SYN Scan (Default)

  • Requires root/administrator privileges
  • Faster and more stealthy
  • Default when running with elevated privileges
  • Flag: -s s or -scan-type s

CONNECT Scan

  • Works without root privileges
  • Uses full TCP connection
  • Automatically selected for non-privileged users
  • Flag: -s c or -scan-type c

Workflow

A typical scan4all workflow consists of:
  1. Port Scanning - Identifies open ports on target hosts
  2. Service Detection - Determines services running on open ports
  3. HTTP Analysis - Analyzes web services with httpx integration
  4. Vulnerability Scanning - Runs security checks (unless disabled with -np)

Integration Features

  • Nmap Integration: Invoke nmap for detailed scans with -nmap-cli
  • DNS Resolution: Custom resolvers with -r
  • Proxy Support: Route traffic through SOCKS5 proxy with -proxy
  • Resume Capability: Continue interrupted scans with -resume
  • Stream Mode: Real-time output for large scans with -stream

Best Practices

  1. Start with default port ranges before full scans
  2. Use -verify to confirm open ports
  3. Enable -stats for long-running scans
  4. Set appropriate -rate limits to avoid network congestion
  5. Use -exclude-cdn to skip CDN IP ranges
  6. Save results with -o for later analysis

Getting Help

Display help information: 
scan4all -h
Check version: 
scan4all -version
Update to latest version: 
scan4all -update

Build docs developers (and LLMs) love

Get started for freeTalk to us