Skip to main content

Overview

scan4all provides extensive protocol support across two main categories:
  • 23 protocols for password cracking and authentication testing
  • 146 protocols for port scanning and service detection (via nmap integration)
This comprehensive protocol support makes scan4all a versatile tool for security assessments, penetration testing, and network reconnaissance.

Protocol Categories

Password Cracking

23 protocols supporting brute-force authentication testing with customizable dictionaries

Network Services

146 protocols for comprehensive port scanning and service fingerprinting

Password Cracking Protocols

The following 23 protocols support password brute-force testing:
  • MySQL - MariaDB and MySQL server authentication
  • MsSQL - Microsoft SQL Server authentication
  • Oracle - Oracle Database with SID enumeration support
  • PostgreSQL - PostgreSQL database authentication
  • MongoDB - MongoDB authentication with SCRAM-SHA-1
  • Redis - Redis AUTH command testing
  • Elasticsearch - via wap-wsp protocol
  • RDP - Remote Desktop Protocol with SSL/RDP protocol detection
  • SSH - Secure Shell with key and password authentication
  • Telnet - Telnet with multiple server type support
  • VNC - Virtual Network Computing authentication
  • Winrm - Windows Remote Management (WS-Management)
  • rsh-spx - Remote Shell protocol variant
  • FTP - File Transfer Protocol authentication
  • SMB - Server Message Block with MS17-010 and SMBGhost detection
  • Socks5 - SOCKS5 proxy authentication
  • SNMP - Simple Network Management Protocol community string testing
  • HTTP BasicAuth - HTTP Basic Authentication including WebDAV and SVN
  • Weblogic - Oracle WebLogic Server (T3, IIOP protocols)
  • Tomcat - Apache Tomcat manager authentication
  • Jboss - Red Hat JBoss application server
  • RouterOs - MikroTik RouterOS authentication
  • POP3/POP3S - Post Office Protocol v3 (plain and SSL)

Network Scanning Protocols

scan4all integrates with nmap to provide comprehensive port scanning across 146 protocols, including:
  • Standard TCP/UDP services
  • Application-layer protocols
  • Database and middleware services
  • Industrial control protocols
  • IoT and embedded device protocols
See Network Services for detailed information.

Key Features

Intelligent Scanning

Auto-Detection

Automatically detects protocol variants (e.g., RDP vs RDP-SSL) and adjusts scanning strategy

Smart Authentication

HTTP password blasting activates automatically when authentication is required

Dictionary Support

Customizable username and password dictionaries per protocol

Concurrent Testing

Thread-based concurrent authentication testing with configurable limits

Protocol-Specific Capabilities

  • Oracle: Automatic SID enumeration from extensive built-in list
  • SMB: Detects MS17-010 (EternalBlue) and SMBGhost (CVE-2020-0796) vulnerabilities
  • Telnet: Multiple server type detection and handling
  • RDP: Protocol negotiation between RDP and SSL variants
  • Weblogic: T3 and IIOP protocol support when used with nuclei

Configuration

Enabling Password Cracking

Password cracking is enabled via the priorityNmap configuration: 
# Enable password cracking (enabled by default)
priorityNmap=true ./scan4all -host target.com

# Disable nmap integration, use naabu for port scanning
priorityNmap=false ./scan4all -host target.com

Custom Dictionaries

Configure custom dictionaries through config/config.json or use environment variables: 
# Use custom wordlists
./scan4all -host target.com -user users.txt -pass passwords.txt

Timeout Configuration

Each protocol implements connection timeouts (typically 3-5 seconds) to balance thoroughness with speed:
  • SSH/FTP/MySQL/PostgreSQL: 5 second timeout
  • Redis/Telnet/Oracle: 5 second timeout
  • RDP/SMB: Context-based timeout with cancellation
  • MongoDB: 5 second context timeout

Performance Considerations

Network Traffic: Using nmap can generate significant network traffic. Consider using noScan=true if you already have port scan results.
Rate Limiting: Many services implement rate limiting or lockout policies. Configure appropriate delays between authentication attempts to avoid account lockouts or IP bans.

Integration with Other Tools

Protocol detection and testing integrates seamlessly with:
  • nuclei: POC detection for identified services
  • nmap: Port scanning and service fingerprinting
  • naabu: Fast port scanning alternative
  • httpx: HTTP service enumeration

Password Cracking

Detailed protocol implementations

Network Services

Port scanning protocols

Configuration

Advanced configuration options

Build docs developers (and LLMs) love

Get started for freeTalk to us