scan4all is a Go-based tool to scan vulnerabilities of all kind.

Table of Contents


  • Port scanner (using Nmap).
  • Password blasting (RDP, SSH, FTP, etc.)
  • Web fingerprint scanner.
  • Support multiple output formats.
  • Cross-platform.
  • And more.


  1. Ensure Go and Nmap are installed:
     # Debian/Ubuntu
     sudo apt install golang nmap
     # Arch Linux
     sudo pacman -S go nmap
     # Fedora
     sudo dnf install golang nmap
  2. Then, install scan4all using Go:
     go install
    • Go to the Relases page to check what is the latest version.
  3. The application is installed in $HOME/go/bin. To be able to run scan4all without specifying the executable path, you need to add $HOME/go/bin to your PATH. Open $HOME/.bashrc and add a line (or edit it) to edit PATH environment variable:
     export PATH="$PATH:$HOME/go/bin"
  4. Execute .bashrc to apply the changes.
     source $HOME/.bashrc


Run scan4all -h to see the help page. Most simple command is:

scan4all -host <hostname or IP address>
# scan4all -host
# scan4all -host
  • To scan all ports (and run some tests) you need to run scan4all with root privileges (sudo scan4all -host <hostname/IP>).
  • You can scan subnets.
      scan4all -host
  • Specify ports with -p <ports> (separated by commas).
      scan4all -host -p 1000,7000
  • Output the results to JSON or CSV.
      scan4all -host -json -o res.json
      scan4all -host -csv -o res.csv
  • Only do port scanning and fingerprint recognition.
      scan4all -host -np
  • Set threads and thread rate
      scan4all -host -c 25 -rate 1000
  • Check for more info (it’s in chinese). English automatic translation. You can also run scan4all -h.
  • If you run scan4all with root privileges and then run it again but as an ordinary user, a permissions error may display.


scan4all vs. Metasploitable

I’m going to test scan4all with the Metasploitable, a vulnerable virtual machine used to test Metasploit Framework tools.

sudo scan4all -host

After the analysis is over, you can check the red lines (the ones that start with 成功密码破解, meaning “successful password cracking”):

成功密码破解: {"Protocol":"postgresql","Port":5432,"IPAddr":"","Auth":{"username":"postgres","password":"postgres","Other":{}},"status":true}
成功密码破解: {"Protocol":"ftp","Port":21,"IPAddr":"","Auth":{"username":"ftp","password":"ftp","Other":{}},"status":true}
成功密码破解: {"Protocol":"mysql","Port":3306,"IPAddr":"","Auth":{"username":"root","password":"","Other":{}},"status":true}

And the lines which refer to known vulnerabilities (CVE codes):

[2022-08-06 16:35:38] [CVE-2020-1938] [network] [critical]

If you have any suggestion, feel free to contact me via social media or email.