evilscan: NodeJS Simple Network Scanner

evilscan: NodeJS Simple Network Scanner

Evilscan is a network scanner designed to run on the NodeJS environment. It has a variety of options, allowing the user to scan a single IP address or a range of IP addresses. It also allows the user to choose to scan a single port or a range of ports.

evilscan: NodeJS Simple Network Scanner

With evilscan, the user can scan different hosts for open ports. Evilscan has multiple scanning methods including tcpconnect, tcpsyn and udp. The user can select the number of concurrent sockets to open while also selecting the amount of time to wait before closing a connection. This allows users to optimize evilscan according to their personal needs.


  • Individual IP or IP range scan
  • Individual port, ports list, or ports range
  • Banner grabbing (not fully implemented, works with native verbose ports only)
  • IAC negotiation for telnet
  • Reverse dns
  • Geolocation information
  • Stdout or json output
  • Optional progress details (event based)

Supported Platforms:

  • Linux


  • npm (Node Package Manager)


Clone the GitHub repo:

$ git clone https://github.com/eviltik/evilscan.git

Navigate to the working directory and install the requirements:

$ cd evilscan
$ npm install -g evilscan

Evilscan Usage

Enter the following command:

$ evilscan

Options available in Evilscan:

 --port          port(s) you want to scan, examples:
  --reverse       display DNS reverse lookup
  --reversevalid  only display results having a valid reverse dns, except if
                  ports specified
  --geo           display geoip (free maxmind)
  --banner        display banner
  --bannerlen     set banner length grabing
                  default 512
  --bannerraw     display raw banner (as a JSON Buffer)
  --progress      display progress indicator each seconds
  --status        ports status wanted in results (example --status=OT)
                  O(open, default)
  --scan          scan method
                  tcpconnect (full connect, default)
                  tcpsyn (half opened, not yet implemented)
                  udp (not yet implemented)

  --concurrency   max number of simultaneous socket opened
                  default 500
  --timeout       maximum number of milliseconds before closing the connection
                  default 2000
  --display       display result format (json,xml,console)
                  default console
  --json          shortcut for --display=json
  --xml           shortcut for --display=xml
  --console       shortcut for --display=console
  --help          display help
  --about         display about
  --version       display version number

Usage Examples

$ evilscan <fqdn|ipv4|cidr> [options]

Scan every port on localhost, grab banner and display only opened ports:

$ evilscan --port=0-65535 --banner

Scan ports on localhost, grab banner, display only opened ports, json output, progress status each seconds:

$ evilscan --port=0-65535 --banner --isopen --istimeout --progress --json
Author’s tip for concurrency and fast scan

The concurrency is 100 by default. If you want to scan large ip/port range use --concurrency option (e.g. 1000).

To break the limit of 1024 opened sockets (on some Linux distros), update the limit parameter: ulimit -u unlimited
Documentation Box
Download Box