Kali Linux

Jfscan : A Super Fast And Customisable Port Scanner, Based On Masscan And NMap

JFScan (Just Fu*king Scan) is a wrapper around a super-fast port scanner Masscan. It’s designed to simplify work when scanning for open ports on targets in a variety of formats. The JFScan accepts a target in the following forms: URL, domain, or IP (including CIDR). You can specify a file with targets using argument or use stdin.

The JFScan also allows you to output only the results and chain it with other tools like Nuclei. The domain:port output of JFScan is crucial if you want to discover vulnerabilities in web applications as the virtual host decides which content will be served.

Finally, it can scan discovered ports with Nmap. You can also define custom options and use Nmap’s amazing scripting capabilities.

Features

  • Perform a large-scale scans using Nmap! Allows you to use Masscan to scan targets and execute Nmap on detected ports with custom settings. Nmap on steroids. *
  • Scans targets in variety of formats, including domain names!
  • Results can be produced in domain:port format.
  • It works in stdin/stdout mode, allowing you to stream results to/from other tools.
  • Auto-adjusts a packet rate for masscan so you don’t have to (disable it by –disable-auto-rate).
  • Produces a standard Nmap XML report.
  • Fully supports IPv6.
  • Supports scope control, only targets defined in scope will be scanned.

Usage

usage: jfscan [-h] [–targets TARGETS] (-p PORTS | –top-ports TOP_PORTS | –yummy-ports) [–resolvers RESOLVERS] [–enable-ipv6] [–scope SCOPE] [-r MAX_RATE] [–wait WAIT] [–disable-auto-rate] [-i INTERFACE] [–source-ip SOURCE_IP]
[–router-ip ROUTER_IP] [–router-mac ROUTER_MAC] [–router-mac-ipv6 ROUTER_MAC_IPV6] [-oi] [-od] [-o OUTPUT] [-q | -v] [–nmap] [–nmap-options NMAP_OPTIONS] [–nmap-threads NMAP_THREADS] [–nmap-output NMAP_OUTPUT] [–version]
[target]
JFScan – Just Fu*king Scan
optional arguments:
-h, –help show this help message and exit
-p PORTS, –ports PORTS
ports, can be a range or port list: 0-65535 or 22,80,100-500,…
–top-ports TOP_PORTS
scan only N of the top ports, e. g., –top-ports 1000
–yummy-ports scan only for the most yummy ports
-q, –quite output only results
-v, –verbose verbose output
–nmap run nmap on discovered ports
–nmap-options NMAP_OPTIONS
nmap arguments, e. g., –nmap-options=’-sV’ or –nmap-options=’-sV –script ssh-auth-methods’
–nmap-threads NMAP_THREADS
number of nmaps to run concurrently, default 8
–nmap-output NMAP_OUTPUT
output results from nmap to specified file in standard XML format (same as nmap option -oX)
target a target or targets separated by a comma, accepted form is: domain name, IPv4, IPv6, URL
–targets TARGETS file with targets, accepted form is: domain name, IPv4, IPv6, URL
-oi, –only-ips output only IP adresses, default: all resources
-od, –only-domains output only domains, default: all resources
-o OUTPUT, –output OUTPUT
output masscan’s results to specified file
–resolvers RESOLVERS
custom resolvers separated by a comma, e. g., 8.8.8.8,1.1.1.1
–enable-ipv6 enable IPv6 support, otherwise all IPv6 addresses will be ignored in the scanning process
–scope SCOPE file path with IP adresses and CIDRs to control scope, expected format: IPv6, IPv4, IPv6 CIDR, IPv4 CIDR
-r MAX_RATE, –max-rate MAX_RATE
max kpps rate for the masscan
–wait WAIT a number of seconds to wait for packets to arrive (when scanning large networks), option for the masscan
–disable-auto-rate disable rate adjustment mechanism for masscan (more false positives/negatives)
-i INTERFACE, –interface INTERFACE
interface for masscan and nmap to use
–source-ip SOURCE_IP
IP address of your interface for the masscan
–router-ip ROUTER_IP
IP address of your router for the masscan
–router-mac ROUTER_MAC
MAC address of your router for the masscan
–router-mac-ipv6 ROUTER_MAC_IPV6
MAC address of your IPv6 router for the masscan
–version show program’s version number and exit

Please follow installation instructions before running. Do not run the JFScan under a root, it’s not needed since we set a special permissions on the masscan binary.

Example

Scan targets for only for ports 80 and 443 with rate of 10 kpps:

$ jfscan -p 80,443 --targets targets.txt -r 10000

Scan targets for top 1000 ports :

$ jfscan --top-ports 1000 1.1.1.1/24

You can also specify targets on stdin and pipe it to nuclei:

$ cat targets.txt | jfscan --top-ports 1000 -q | httpx -silent | nuclei

Or as positional parameter:

$ jfscan --top-ports 1000 1.1.1.1/24 -q | httpx -silent | nuclei

Or everything at once, the JFScan just does not care and scans all the targets specified:

$ echo target1 | jfscan --top-ports 1000 target2 --targets targets.txt -q | httpx -silent | nuclei

Utilize nmap to gather more info about discovered services:

$ cat targets.txt | jfscan -p 0-65535 --nmap --nmap-options="-sV --scripts ssh-auth-methods"

The targets.txt can contain targets in the following forms (IPv6 similarly):

http://domain.com/
domain.com
1.2.3.4
1.2.3.0/24
1.1.1.1-1.1.1.30

Installation

  • Before installation, make sure you have the latest version of Masscan installed (tested version is 1.3.2).

First, install a libpcap-dev (Debian based distro) or libcap-devel (Centos based distro):

sudo apt install libpcap-dev

Next, clone the official repository and install:

sudo apt-get –assume-yes install git make gcc
git clone https://github.com/robertdavidgraham/masscan
cd masscan
make
sudo make install

The Masscan requires root permissions to run. Since running binaries under root is not good idea, we will set a CAP_NET_RAW capability to the binary:

sudo setcap CAP_NET_RAW+ep /usr/bin/masscan

For installation of JFscan a python3 and pip3 is required.

sudo apt install python3 python3-pip

Install JFScan:

$ git clone https://github.com/nullt3r/jfscan.git
$ cd jfscan
$ pip3 install .

If you can’t run the jfscan directly from command line you should check if $HOME/.local/bin is in your path.

Add the following line to your ~/.zshrc or ~/.bashrc:

export PATH=”$HOME/.local/bin:$PATH”

R K

Recent Posts

SpyAI : Intelligent Malware With Advanced Capabilities

SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…

1 day ago

Proxmark3 : The Ultimate Tool For RFID Security And Analysis

The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…

1 day ago

Awesome Solana Security : Enhancing Program Development

The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…

1 day ago

IngressNightmare-POCs : Understanding The Vulnerability Exploitation Flow

The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…

1 day ago

AdaptixC2 : Enhancing Penetration Testing With Advanced Framework Capabilities

AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…

1 day ago

Bincrypter : Enhancing Linux Binary Security through Runtime Encryption And Obfuscation

Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…

1 day ago