Basic Usage

Quick Start

The simplest way to run scan4all is to provide a target host:

scan4all -host 127.0.0.1

This will:

Scan common HTTP ports on the target
Perform service detection
Run vulnerability checks (POCs)

Scan Types

scan4all supports two primary scan types:

SYN Scan (Default)
CONNECT Scan

SYN scan is faster but requires root/administrator privileges.

sudo scan4all -host 192.168.1.1 -s SYN

SYN scan is the default mode when running with root privileges. It uses raw sockets for faster port scanning.

CONNECT scan works without elevated privileges but is slower.

scan4all -host 192.168.1.1 -s CONNECT

CONNECT scan is automatically used when running without root privileges.

Common Use Cases

Scan a Single Host

Scan all common HTTP ports on a single IP address:

scan4all -host 192.168.1.100

Scan a CIDR Range

Scan an entire subnet:

scan4all -host 192.168.1.0/24

This will scan all 254 hosts in the subnet.

Scan Specific URL

Skip port scanning and test a specific URL directly:

scan4all -host http://127.0.0.1:7001

When providing a full URL, port scanning is skipped and only the specified endpoint is tested.

Controlling Scan Behavior

Skip POC Checks

To only perform port scanning and fingerprinting without vulnerability testing:

scan4all -host 192.168.1.1 -np

Verbose Output

Enable detailed logging to see what’s happening during the scan:

scan4all -host 192.168.1.1 -v

Debug Mode

For troubleshooting, enable debug output:

scan4all -host 192.168.1.1 -debug

Performance Tuning

Threads

Control the number of concurrent workers (default: 25):

scan4all -host 192.168.1.0/24 -c 50

Rate Limiting

Control packets per second to avoid overwhelming the network (default: 1000):

scan4all -host 192.168.1.0/24 -rate 500

Lower rate values are more stealthy but slower. Higher values are faster but may trigger IDS/IPS systems.

Display Options

Silent Mode

Display only results without extra information:

scan4all -host 192.168.1.1 -silent

Disable Colors

Remove color formatting from output (useful for logs):

scan4all -host 192.168.1.1 -no-color

Statistics

Display real-time scan statistics:

scan4all -host 192.168.1.0/24 -stats

Example Terminal Output

Here’s what a typical scan looks like:

Terminal

$ sudo scan4all -host 192.168.1.100 -v

[INF] Running SYN scan with CAP_NET_RAW privileges
[INF] Port scan starting....
[INF] Found 5 ports on host 192.168.1.100 (192.168.1.100)
192.168.1.100:22
192.168.1.100:80
192.168.1.100:443
192.168.1.100:8080
192.168.1.100:3306
[INF] Port scan over, web scan starting

Next Steps

Input Methods

Learn different ways to provide targets

Port Selection

Control which ports to scan

Output Formats

Save results in various formats

Advanced Options

Explore advanced scanning features

Get Started

Core Features

Usage Guide

Configuration

POC & Detection

Quick Start

Scan Types

Common Use Cases

Controlling Scan Behavior

Skip POC Checks

Verbose Output

Debug Mode

Performance Tuning

Threads

Rate Limiting

Display Options

Silent Mode

Disable Colors

Statistics

Example Terminal Output

Next Steps

Input Methods

Port Selection

Output Formats

Advanced Options

Build docs developers (and LLMs) love

Get Started

Core Features

Usage Guide

Configuration

POC & Detection

​Quick Start

​Scan Types

​Common Use Cases

​Controlling Scan Behavior

​Skip POC Checks

​Verbose Output

​Debug Mode

​Performance Tuning

​Threads

​Rate Limiting

​Display Options

​Silent Mode

​Disable Colors

​Statistics

​Example Terminal Output

​Next Steps

Input Methods

Port Selection

Output Formats

Advanced Options

Build docs developers (and LLMs) love

Quick Start

Scan Types

Common Use Cases

Controlling Scan Behavior

Skip POC Checks

Verbose Output

Debug Mode

Performance Tuning

Threads

Rate Limiting

Display Options

Silent Mode

Disable Colors

Statistics

Example Terminal Output

Next Steps