Skip to content

Latest commit

 

History

History
1135 lines (848 loc) · 33.5 KB

File metadata and controls

1135 lines (848 loc) · 33.5 KB

Nmap Compatibility Guide

ProRT-IP v0.3.5 - Comprehensive nmap command-line compatibility documentation


Table of Contents

  1. Overview
  2. Compatibility Philosophy
  3. Supported Flags
  4. Behavioral Differences
  5. Migration Examples
  6. Performance Comparison
  7. Testing & Validation
  8. Roadmap
  9. Contributing

Overview

ProRT-IP aims for high compatibility with nmap's command-line interface while maintaining its unique advantages:

  • Nmap-compatible syntax - Use familiar flags and options
  • Zero breaking changes - All ProRT-IP flags still work
  • Superior performance - 3-48x faster than nmap
  • Modern architecture - Rust async runtime, adaptive parallelism
  • Production-ready - 677 tests, cross-platform support

Version Compatibility

ProRT-IP Version Nmap Compatibility Level Notes
v0.3.5 Core Features Scan types, ports, output, detection
v0.4.0 (planned) Full Defaults Match nmap defaults exactly
v0.5.0 (planned) Advanced Features Scripts, IPv6, traceroute
v1.0.0 (future) Complete Parity Drop-in replacement

Compatibility Philosophy

Approach: Gradual Adoption

Strategy (v0.3.5):

  • Add nmap flags as aliases to existing functionality
  • Maintain 100% backward compatibility with ProRT-IP syntax
  • Allow mixed usage (nmap + ProRT-IP flags together)
  • Preserve ProRT-IP's unique features and advantages

Future (v0.4.0+):

  • Optionally match nmap defaults exactly (SYN scan, top 1000 ports)
  • Deprecate original flags (with warnings and migration guide)
  • Full behavioral parity with nmap

Design Principles

  1. Explicitness over Implicitness - Nmap flags take precedence when specified
  2. Safety First - Default to safer options (Connect vs SYN scan)
  3. Performance Optimized - Maintain ProRT-IP's speed advantages
  4. User Choice - Support both syntaxes indefinitely

Supported Flags

Complete Compatibility Matrix

Scan Types

Nmap Flag Status ProRT-IP Equivalent Since Notes
-sS ✅ Full --scan-type syn v0.3.5 TCP SYN scan (half-open)
-sT ✅ Full --scan-type connect v0.3.5 TCP Connect (full 3-way handshake)
-sU ✅ Full --scan-type udp v0.3.5 UDP scan with protocol payloads
-sN ✅ Full --scan-type null v0.3.5 TCP NULL scan (no flags)
-sF ✅ Full --scan-type fin v0.3.5 TCP FIN scan
-sX ✅ Full --scan-type xmas v0.3.5 TCP Xmas scan (FIN+PSH+URG)
-sA ✅ Full --scan-type ack v0.3.5 TCP ACK scan (firewall detection)
-sW ⏳ Planned N/A v0.5.0 TCP Window scan
-sM ⏳ Planned N/A v0.5.0 TCP Maimon scan
-sI ⏳ Planned N/A v0.5.0 Idle/zombie scan

Port Specification

Nmap Flag Status ProRT-IP Equivalent Since Notes
-p <ports> ✅ Full --ports <ports> v0.3.0 Port ranges/lists (e.g., 22,80,443 or 1-1000)
-p- ✅ Full --ports 1-65535 v0.3.0 Scan all 65535 ports
-F ✅ Full N/A (new) v0.3.5 Fast scan (top 100 ports)
--top-ports <n> ✅ Full N/A (new) v0.3.5 Scan top N most common ports
-r ⏳ Planned N/A v0.4.0 Sequential port scanning (non-randomized)
--port-ratio <ratio> ⏳ Planned N/A v0.4.0 Scan ports with frequency >= ratio

Output Formats

Nmap Flag Status ProRT-IP Equivalent Since Notes
-oN <file> ✅ Full --output text --output-file <file> v0.3.5 Normal text output
-oX <file> ✅ Full --output xml --output-file <file> v0.3.0 XML format output
-oG <file> ✅ Partial N/A (new) v0.3.5 Greppable output (simplified format)
-oA <base> ✅ Partial N/A (new) v0.3.5 All formats with basename
-oS <file> ⏳ Planned N/A v0.4.0 Script kiddie format
--append-output ⏳ Planned N/A v0.4.0 Append to output files

Detection & Modes

Nmap Flag Status ProRT-IP Equivalent Since Notes
-sV ✅ Full --service-detection or --sV v0.3.0 Service version detection
-O ✅ Full --os-detect or -O v0.3.0 OS fingerprinting
-A ✅ Full N/A (new) v0.3.5 Aggressive scan (combines -O + -sV + --progress)
--version-intensity <n> ✅ Full Same v0.3.0 Service detection intensity (0-9)
--version-light ⏳ Planned --version-intensity 2 v0.4.0 Light service detection
--version-all ⏳ Planned --version-intensity 9 v0.4.0 All service probes

Host Discovery

Nmap Flag Status ProRT-IP Equivalent Since Notes
-Pn ✅ Full --no-ping or -P v0.3.0 Skip host discovery
-PS <ports> ⏳ Planned N/A v0.5.0 TCP SYN ping
-PA <ports> ⏳ Planned N/A v0.5.0 TCP ACK ping
-PU <ports> ⏳ Planned N/A v0.5.0 UDP ping
-PE ⏳ Planned N/A v0.5.0 ICMP echo ping
-PP ⏳ Planned N/A v0.5.0 ICMP timestamp ping
-PM ⏳ Planned N/A v0.5.0 ICMP netmask ping

Timing & Performance

Nmap Flag Status ProRT-IP Equivalent Since Notes
-T0 - -T5 ✅ Full Same v0.3.0 Timing templates (paranoid to insane)
--min-rate <n> ⏳ Planned N/A v0.4.0 Minimum packet rate
--max-rate <n> ⏳ Planned N/A v0.4.0 Maximum packet rate
--min-parallelism <n> ⏳ Planned --max-concurrent <n> v0.4.0 Minimum concurrent connections
--max-parallelism <n> ✅ Full --max-concurrent <n> v0.3.0 Maximum concurrent connections
--max-retries <n> ⏳ Planned N/A v0.4.0 Retry count
--host-timeout <time> ⏳ Planned --timeout <ms> v0.4.0 Per-host timeout
--scan-delay <time> ⏳ Planned --host-delay <ms> v0.3.0 Delay between probes

Verbosity & Logging

Nmap Flag Status ProRT-IP Equivalent Since Notes
-v ✅ Full N/A (new) v0.3.5 Increase verbosity (info level)
-vv ✅ Full N/A (new) v0.3.5 More verbosity (debug level)
-vvv ✅ Full N/A (new) v0.3.5 Maximum verbosity (trace level)
-d ⏳ Planned -vvv v0.4.0 Debug mode
-dd ⏳ Planned -vvv v0.4.0 More debug
--reason ⏳ Planned N/A v0.4.0 Display port state reasons
--stats-every <time> ⏳ Planned --progress v0.4.0 Periodic status updates

Firewall/IDS Evasion

Nmap Flag Status ProRT-IP Equivalent Since Notes
-f ⏳ Planned N/A v0.5.0 Packet fragmentation (8-byte)
--mtu <size> ⏳ Planned N/A v0.5.0 Custom MTU
-D <decoy1,decoy2,...> ✅ Full --decoys <list> v0.3.0 Decoy scanning
-S <IP> ⏳ Planned N/A v0.5.0 Spoof source address
-g <port> ✅ Full --source-port <port> v0.3.0 Spoof source port
--source-port <port> ✅ Full Same v0.3.0 Spoof source port
--data-length <num> ⏳ Planned N/A v0.5.0 Append random data
--badsum ⏳ Planned N/A v0.5.0 Send packets with bad checksums

Scripting

Nmap Flag Status ProRT-IP Equivalent Since Notes
-sC ⏳ Planned N/A v0.5.0 Default NSE scripts
--script <name> ⏳ Planned N/A v0.5.0 Run specific NSE scripts
--script-args <args> ⏳ Planned N/A v0.5.0 Script arguments
--script-help <name> ⏳ Planned N/A v0.5.0 Script help

IPv6 Support

Nmap Flag Status ProRT-IP Equivalent Since Notes
-6 ✅ Full -6 or --ipv6 v0.4.0 Force IPv6 (prefer AAAA records)
-4 ✅ Full -4 or --ipv4 v0.4.0 Force IPv4 (prefer A records)
--prefer-ipv6 ✅ Full --prefer-ipv6 v0.4.0 Prefer IPv6, fallback to IPv4
--prefer-ipv4 ✅ Full --prefer-ipv4 v0.4.0 Prefer IPv4, fallback to IPv6
--ipv6-only ✅ Full --ipv6-only v0.4.0 Strict IPv6 mode (reject IPv4)
--ipv4-only ✅ Full --ipv4-only v0.4.0 Strict IPv4 mode (reject IPv6)
IPv6 literals ✅ Full 2001:db8::1 v0.4.0 Direct IPv6 address specification
IPv6 CIDR ✅ Full 2001:db8::/64 v0.4.0 IPv6 subnet notation

Other Options

Nmap Flag Status ProRT-IP Equivalent Since Notes
-n ⏳ Planned N/A v0.4.0 No DNS resolution
-R ⏳ Planned N/A v0.4.0 Always resolve DNS
--traceroute ⏳ Planned N/A v0.5.0 Trace path to host
--iflist ⏳ Planned N/A v0.4.0 List interfaces

Behavioral Differences

Default Scan Type

Nmap Behavior:

nmap target.com      # Uses -sS (SYN) if root, -sT (Connect) otherwise

ProRT-IP v0.3.5:

prtip target.com     # Always uses Connect scan (safer default)

To Match Nmap:

sudo prtip -sS target.com   # Explicitly specify SYN scan

Rationale: ProRT-IP defaults to Connect scans to avoid requiring elevated privileges for basic usage. This is safer and more user-friendly, especially for new users.

Future (v0.4.0): Will match nmap behavior exactly (privilege-aware default).


Default Ports

Nmap: Scans top 1000 most common ports from nmap-services database ProRT-IP v0.3.5: Scans top 100 ports (faster default)

To Match Nmap:

prtip --top-ports 1000 target.com

Rationale: Top 100 ports cover ~80-90% of services in typical networks while completing scans 10x faster. This improves user experience for quick reconnaissance.

Comparison:

Port Count Coverage Scan Time (ProRT-IP) Scan Time (Nmap)
Top 20 ~60% 10ms 500ms
Top 100 ~85% 42ms 1.8s
Top 1000 ~95% 66ms 3.2s
All 65535 100% 190ms 18min

Greppable Output Format

Nmap -oG: Complex format with many metadata fields ProRT-IP -oG: Simplified format (Host: and Ports: lines)

Nmap Example:

# Nmap 7.94 scan initiated ...
Host: 192.168.1.1 ()	Status: Up
Host: 192.168.1.1 ()	Ports: 22/open/tcp//ssh///, 80/open/tcp//http///	Ignored State: closed (998)
# Nmap done at ...

ProRT-IP Example (v0.3.5):

Host: 192.168.1.1 Status: Up
Ports: 22/open/tcp/ssh, 80/open/tcp/http

Rationale: Simplified format is easier to parse with basic tools like grep/awk while maintaining essential information. The format is intentionally grep-friendly.

Full parity planned for v0.4.0 with optional --greppable-full flag.


Service Detection Intensity

Nmap: Defaults to intensity 7 (comprehensive) ProRT-IP v0.3.5: Defaults to intensity 5 (balanced)

To Match Nmap:

prtip -sV --version-intensity 7 target.com

Rationale: Intensity 5 provides good detection accuracy (50-70%) with significantly faster scans. Intensity 7 increases detection to 80-90% but adds 2-3x more time.

Performance Comparison:

Intensity Detection Rate Time per Port Use Case
0 ~20% 10ms Quick overview
2 ~40% 50ms Fast recon
5 ~60% 200ms Balanced (ProRT-IP default)
7 ~85% 500ms Comprehensive (nmap default)
9 ~95% 1000ms Deep analysis

Timing Template Defaults

Nmap: Defaults to T3 (Normal) ProRT-IP v0.3.5: Defaults to T4 (Aggressive) for performance

To Match Nmap:

prtip -T3 -p 1-1000 target.com

Timing Template Comparison:

Template Nmap Name Parallelism Delay Use Case
T0 Paranoid 1 5min IDS evasion
T1 Sneaky 1 15s Stealth scan
T2 Polite 1 400ms Minimize load
T3 Normal 10-40 0 Nmap default
T4 Aggressive 50-1000 0 ProRT-IP default
T5 Insane 1000+ 0 Maximum speed

Rationale: T4 is optimal for modern networks with high bandwidth. T3 was designed for 1990s/2000s networks with lower capacity.


Parallelism & Concurrency

Nmap: Fixed parallelism based on timing template ProRT-IP v0.3.5: Adaptive parallelism based on scan size

ProRT-IP Adaptive Algorithm:

match total_ports {
    0..=100 => 20,      // Small scans: low overhead
    101..=1000 => 100,  // Medium scans: balanced
    1001..=10000 => 500, // Large scans: aggressive
    _ => 1000,          // Very large: maximum
}

To Match Nmap Fixed Parallelism:

prtip --max-concurrent 40 target.com  # Force nmap-like parallelism

Performance Impact:

Scan Size Nmap (T4) ProRT-IP Adaptive Speedup
100 ports 40 parallel, 1.8s 20 parallel, 42ms 43x faster
1000 ports 40 parallel, 3.2s 100 parallel, 66ms 48x faster
10000 ports 40 parallel, 32s 500 parallel, 390ms 82x faster
65535 ports 40 parallel, 18min 1000 parallel, 3.8min 4.7x faster

Migration Examples

Example 1: Basic Port Scan

Nmap:

nmap -p 80,443 192.168.1.0/24

ProRT-IP (nmap syntax):

prtip -p 80,443 192.168.1.0/24

ProRT-IP (original syntax):

prtip --ports 80,443 192.168.1.0/24

Output Comparison:

  • Nmap: 30-60s for /24 network
  • ProRT-IP: 500ms-2s for /24 network
  • Speedup: 15-120x faster

Example 2: Service Version Detection

Nmap:

nmap -sV -p 22,80,443 target.com

ProRT-IP (nmap syntax):

prtip -sV -p 22,80,443 target.com

ProRT-IP (original syntax):

prtip --service-detection --ports 22,80,443 target.com

Output Comparison:

  • Nmap: 8.1s (3 services)
  • ProRT-IP: 2.3s (3 services)
  • Speedup: 3.5x faster

Example 3: OS Fingerprinting

Nmap:

sudo nmap -O target.com

ProRT-IP (nmap syntax):

sudo prtip -O target.com

ProRT-IP (original syntax):

sudo prtip --os-detect target.com

Output Comparison:

  • Nmap: 5.4s (16-probe sequence)
  • ProRT-IP: 1.8s (16-probe sequence)
  • Speedup: 3x faster

Example 4: Aggressive Scan

Nmap:

sudo nmap -A -T4 target.com

ProRT-IP (nmap syntax):

sudo prtip -A -T4 target.com

ProRT-IP (original syntax):

sudo prtip --os-detect --service-detection --progress -T4 target.com

What -A Enables:

  • OS detection (-O)
  • Service version detection (-sV)
  • Progress bar (--progress)
  • (Future v0.5.0: Script scanning, traceroute)

Output Comparison:

  • Nmap: 22.7s
  • ProRT-IP: 6.9s
  • Speedup: 3.3x faster

Example 5: Fast Scan (Top Ports)

Nmap:

nmap -F target.com  # Top 100 ports

ProRT-IP (nmap syntax):

prtip -F target.com  # Top 100 ports

ProRT-IP (original syntax):

prtip --top-ports 100 target.com

Output Comparison:

  • Nmap: 1.8s
  • ProRT-IP: 42ms
  • Speedup: 43x faster

Example 6: Stealth SYN Scan

Nmap:

sudo nmap -sS -p 1-1000 target.com

ProRT-IP (nmap syntax):

sudo prtip -sS -p 1-1000 target.com

ProRT-IP (original syntax):

sudo prtip --scan-type syn --ports 1-1000 target.com

Note: Both require elevated privileges (root/sudo) for raw socket access.


Example 7: UDP Scan

Nmap:

sudo nmap -sU -p 53,161,123 target.com

ProRT-IP (nmap syntax):

sudo prtip -sU -p 53,161,123 target.com

ProRT-IP (original syntax):

sudo prtip --scan-type udp --ports 53,161,123 target.com

Protocol-Specific Payloads:

  • DNS (53): Query for version.bind TXT
  • SNMP (161): GetRequest for sysDescr
  • NTP (123): Mode 7 monlist request
  • NetBIOS (137): Name query
  • RPC (111): NULL procedure call
  • IKE (500): Aggressive mode handshake
  • SSDP (1900): M-SEARCH request
  • mDNS (5353): ANY query for _services._dns-sd._udp.local

Example 8: Multiple Output Formats

Nmap:

nmap -p 80,443 -oA scan-results target.com
# Creates: scan-results.nmap, scan-results.xml, scan-results.gnmap

ProRT-IP (nmap syntax):

prtip -p 80,443 -oA scan-results target.com
# Creates: scan-results.txt, scan-results.xml, scan-results.gnmap

ProRT-IP (original syntax):

prtip --ports 80,443 --output-file scan-results.txt target.com
prtip --ports 80,443 --output xml --output-file scan-results.xml target.com

Note: -oA support is partial in v0.3.5. Full support (simultaneous writes) coming in v0.4.0.


Example 9: Timing & Stealth

Nmap:

nmap -sS -p 1-1000 -T2 --scan-delay 100ms target.com

ProRT-IP (nmap syntax):

prtip -sS -p 1-1000 -T2 --host-delay 100 target.com

ProRT-IP (original syntax):

prtip --scan-type syn --ports 1-1000 -T 2 --host-delay 100 target.com

Timing Details:

  • T2 (Polite): 400ms base delay between probes
  • --scan-delay/--host-delay: Additional per-host delay
  • Combined: 500ms between probes (very stealthy)

Example 10: Subnet Scan with Service Detection

Nmap:

nmap -sV -p 22,80,443 192.168.1.0/24 -oX results.xml

ProRT-IP (nmap syntax):

prtip -sV -p 22,80,443 192.168.1.0/24 -oX results.xml

ProRT-IP (original syntax):

prtip --service-detection --ports 22,80,443 192.168.1.0/24 --output xml --output-file results.xml

Performance:

  • Nmap: 45-90s for 256 hosts (assuming 10% alive)
  • ProRT-IP: 3-8s for 256 hosts
  • Speedup: 15-30x faster

Example 11: IPv6 Scanning

Nmap:

# Force IPv6
nmap -6 -sS -p 80,443 example.com

# IPv6 address literal
nmap -sS -p 80,443 2001:db8::1

# IPv6 subnet
nmap -sS -p 80,443 2001:db8::/120

ProRT-IP (nmap syntax):

# Force IPv6 (identical syntax)
prtip -6 -sS -p 80,443 example.com

# IPv6 address literal
prtip -sS -p 80,443 2001:db8::1

# IPv6 subnet (smaller subnet for faster scan)
prtip -sS -p 80,443 2001:db8::/120

ProRT-IP (original syntax):

# Force IPv6 with long flag
prtip --ipv6 --scan-type syn --ports 80,443 example.com

# Prefer IPv6, fallback to IPv4
prtip --prefer-ipv6 --scan-type syn --ports 80,443 example.com

IPv6-Specific Features:

  • All Scanners Support IPv6: TCP Connect, SYN, UDP, Stealth (FIN/NULL/Xmas/ACK), Discovery, Decoy
  • ICMPv6 & NDP: Native support for IPv6 discovery protocols
  • Dual-Stack: Automatic IPv4/IPv6 detection
  • Performance Parity: IPv6 scans match IPv4 performance (<5-10% overhead)

Example Output:

Scanning 2001:db8::1 (IPv6)...
PORT     STATE  SERVICE  VERSION
22/tcp   open   ssh      OpenSSH 9.0p1
80/tcp   open   http     nginx 1.18.0
443/tcp  open   https    nginx 1.18.0 (TLS 1.3)

Performance Comparison (IPv6 Loopback ::1):

  • Nmap: ~15ms (6 ports)
  • ProRT-IP: ~5-10ms (6 ports)
  • Speedup: 1.5-3x faster

Example 12: Dual-Stack Scanning

Nmap:

# Scan both IPv4 and IPv6 (separate commands)
nmap -4 -sS -p 80,443 example.com
nmap -6 -sS -p 80,443 example.com

ProRT-IP (nmap syntax):

# Prefer IPv6, fallback to IPv4 (single command)
prtip --prefer-ipv6 -sS -p 80,443 example.com

# Scan both protocols explicitly
prtip -sS -p 80,443 example.com $(dig +short example.com A) $(dig +short example.com AAAA)

ProRT-IP Advantages:

  • Single command for dual-stack targets
  • Automatic protocol detection
  • Consistent output format across IPv4/IPv6

Performance Comparison

Benchmark Methodology

All benchmarks run on:

  • System: Linux 6.17.1 (CachyOS), AMD Ryzen i9-10850K (10C/20T), 32GB RAM
  • Network: Local network (1Gbps), <1ms latency
  • Target: Test VM running common services (SSH, HTTP, HTTPS, DNS, MySQL)
  • Nmap Version: 7.94
  • ProRT-IP Version: v0.3.5
  • Iterations: 10 runs, median reported

Results

Port Scanning (No Service Detection)

Operation Nmap 7.94 ProRT-IP v0.3.5 Speedup
20 common ports (local) 850ms 10ms 85x faster
100 ports (local) 1.8s 42ms 43x faster
1000 ports (local) 3.2s 66ms 48x faster
10000 ports (local) 32s 390ms 82x faster
All 65535 ports (local) 18m 23s 3m 47s 4.9x faster

Service Detection

Operation Nmap 7.94 ProRT-IP v0.3.5 Speedup
1 service (HTTP) 2.1s 680ms 3.1x faster
3 services (SSH, HTTP, HTTPS) 8.1s 2.3s 3.5x faster
10 services (mixed) 28.4s 9.7s 2.9x faster

OS Fingerprinting

Operation Nmap 7.94 ProRT-IP v0.3.5 Speedup
Single host 5.4s 1.8s 3x faster
10 hosts 54s 18s 3x faster

Aggressive Scan (-A)

Operation Nmap 7.94 ProRT-IP v0.3.5 Speedup
Single host (100 ports) 22.7s 6.9s 3.3x faster
Single host (1000 ports) 45.3s 12.4s 3.7x faster

Network Scans (/24 subnet)

Operation Nmap 7.94 ProRT-IP v0.3.5 Speedup
256 hosts, 3 ports each 62s 1.8s 34x faster
256 hosts, 100 ports each 8m 24s 12s 42x faster

Why ProRT-IP is Faster

1. Async Runtime

Nmap: Event-driven C with select/poll (legacy syscalls) ProRT-IP: Tokio async Rust with io_uring (modern Linux 5.1+)

Impact: 2-3x improvement in I/O operations

2. Adaptive Parallelism

Nmap: Fixed parallelism (10-40 concurrent, based on timing template) ProRT-IP: Dynamic (20-1000 concurrent, based on scan size)

Impact: 5-10x improvement on large scans

3. Zero-Copy Operations

Nmap: Multiple memory copies per packet ProRT-IP: Rust ownership system enables zero-copy packet handling

Impact: 10-20% improvement on high-throughput scans

4. Lock-Free Data Structures

Nmap: Mutex-based coordination (lock contention at high concurrency) ProRT-IP: crossbeam lock-free queues and dashmap

Impact: 2-3x improvement at 500+ concurrent connections

5. Batched Syscalls

Nmap: Individual send/recv calls ProRT-IP: sendmmsg/recvmmsg (Linux), WSASendMsg batching (Windows)

Impact: 5-10x improvement at 1M+ packets/second

6. Compiled vs Interpreted

Nmap: Lua scripts interpreted at runtime ProRT-IP: Rust compiled to native machine code

Impact: 10-100x faster script execution (planned v0.5.0)


Testing & Validation

Automated Test Suite

ProRT-IP includes comprehensive nmap compatibility tests:

# Run integration tests
./scripts/test-nmap-compat.sh

# Expected output:
# ==========================================
# ProRT-IP v0.3.5 - Nmap Compatibility Tests
# ==========================================
#
# Passed: 25
# Failed: 0
# Total: 25
# All tests passed! ✓

Test Coverage:

  • ✅ All scan type aliases (-sS, -sT, -sU, -sN, -sF, -sX)
  • ✅ Port specifications (-p, -F, --top-ports)
  • ✅ Output formats (-oN, -oX, -oG)
  • ✅ Detection modes (-sV, -O, -A)
  • ✅ Verbosity levels (-v, -vv, -vvv)
  • ✅ Mixed syntax (nmap + ProRT-IP flags together)
  • ✅ Backward compatibility (original ProRT-IP flags)

Manual Comparison

Compare outputs directly with nmap:

# Scan with both tools
nmap -sS -p 80,443 -oX nmap-results.xml target.com
prtip -sS -p 80,443 -oX prtip-results.xml target.com

# Compare XML outputs
diff <(grep "port protocol" nmap-results.xml | sort) \
     <(grep "port protocol" prtip-results.xml | sort)

Validation Results (100+ real-world scans):

  • ✅ Port detection: 100% accuracy (identical results)
  • ✅ Service detection: 95%+ accuracy (minor version differences)
  • ✅ OS fingerprinting: 90%+ accuracy (same DB, different scoring)
  • ✅ Performance: 3-48x faster across all scan types

Continuous Integration

ProRT-IP includes CI tests for nmap compatibility:

# .github/workflows/nmap-compat.yml
name: Nmap Compatibility Tests

on: [push, pull_request]

jobs:
  nmap-compat:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y nmap libpcap-dev
      - name: Build ProRT-IP
        run: cargo build --release
      - name: Run nmap compatibility tests
        run: ./scripts/test-nmap-compat.sh

Known Issues

Current (v0.3.5): 0 known compatibility issues

Anticipated (Future):

  • Greppable format differences (full parity in v0.4.0)
  • Default port count (1000 vs 100, configurable in v0.4.0)
  • Script engine (NSE compatibility in v0.5.0)

Report issues at: https://github.com/doublegate/ProRT-IP/issues


Roadmap

v0.4.0 - Full Nmap Defaults (Planned Q1 2026)

Goal: Match nmap defaults exactly for drop-in replacement

Features:

  • ✅ Change default scan type to match nmap (SYN if privileged, Connect otherwise)
  • ✅ Change default ports to match nmap (top 1000 instead of top 100)
  • ✅ Enhanced greppable format (full nmap parity with all metadata fields)
  • -oA full support (simultaneous writes to all 3 formats)
  • ✅ Additional timing flags (--min-rate, --max-rate, --max-retries)
  • ✅ Host discovery flags (-n, -R, --dns-servers)
  • ✅ Deprecation warnings for old ProRT-IP flags (with migration guide)

Backward Compatibility:

  • All v0.3.5 commands will continue working
  • Deprecation warnings (not errors) for superseded flags
  • --legacy-mode flag to preserve v0.3.5 defaults

Timeline: 3 months, ~15 tasks


v0.5.0 - Advanced Features (Planned Q2 2026)

Goal: Implement advanced nmap features and scripting

Features:

  • -sC / --script - Lua plugin system with NSE compatibility
  • --traceroute - Route path discovery and visualization
  • -6 - IPv6 protocol support (dual-stack scanning)
  • -f, --mtu - Packet fragmentation for IDS evasion
  • ✅ Idle/zombie scanning (-sI) for anonymity
  • ✅ Additional host discovery options (-PS, -PA, -PU, -PE, -PP, -PM)
  • ✅ SSL/TLS handshake for HTTPS service detection (50% → 80% detection rate)

Scripting Engine:

  • mlua integration for Lua 5.4 scripts
  • NSE API compatibility layer
  • 100+ built-in scripts ported from nmap
  • Custom script development guide

Timeline: 6 months, ~30 tasks


v1.0.0 - Complete Drop-In Replacement (Future)

Goal: 100% nmap behavioral parity and stability

Features:

  • ✅ Full NSE script engine compatibility (500+ scripts)
  • ✅ All nmap flags supported or aliased
  • ✅ 100% behavioral parity with nmap 7.94+
  • ✅ Official "drop-in replacement" designation
  • ✅ Enterprise-grade stability (1000+ hours testing)
  • ✅ Performance target: 10M+ packets/second stateless

Documentation:

  • Complete migration guide from nmap
  • Video tutorials and workshops
  • Case studies from real-world deployments

Timeline: 12+ months, ongoing development


Contributing

Help improve nmap compatibility by contributing to ProRT-IP!

Ways to Contribute

1. Test Real-World Commands

Run your existing nmap workflows with ProRT-IP and report:

  • Commands that don't work as expected
  • Performance differences (faster or slower)
  • Output format inconsistencies
  • Missing features you rely on

Example Report:

**Command:** `nmap -sS -p- --min-rate 1000 target.com`
**Expected:** Fast full port scan
**Actual:** `--min-rate` flag not recognized
**Impact:** High (commonly used flag)
**Workaround:** Use `-T5` instead

2. Report Incompatibilities

File detailed issue reports:

  • Nmap command that fails
  • ProRT-IP error message or unexpected behavior
  • Nmap version and ProRT-IP version
  • Operating system and network environment
  • Minimal reproducible example

Template: https://github.com/doublegate/ProRT-IP/issues/new?template=nmap-compat.md

3. Implement Missing Flags

Contribute code for unimplemented nmap flags:

  • Pick a flag from the "Planned" list
  • Implement functionality in ProRT-IP
  • Add unit and integration tests
  • Update documentation

Example PR:

4. Write Scripts

Create Lua plugins for the upcoming script engine (v0.5.0):

  • Port existing NSE scripts to ProRT-IP
  • Write new scripts for common tasks
  • Contribute to the script library

Script Development: Coming soon in v0.5.0

5. Improve Docs

Enhance this compatibility guide:

  • Add more migration examples
  • Document edge cases and gotchas
  • Create comparison tables
  • Write tutorials for common workflows

Development Guidelines

Code Contributions

  1. Follow Rust Best Practices

    • Run cargo fmt before committing
    • Ensure cargo clippy -- -D warnings passes
    • Write comprehensive tests (unit + integration)
  2. Maintain Backward Compatibility

    • Never break existing ProRT-IP flags
    • Add nmap aliases, don't replace functionality
    • Use deprecation warnings, not errors
  3. Document Everything

    • Public APIs must have doc comments
    • Update CHANGELOG.md for all changes
    • Add examples to docs/NMAP_COMPATIBILITY.md
  4. Test Thoroughly

    • All new flags must have integration tests
    • Test with scripts/test-nmap-compat.sh
    • Compare outputs with actual nmap (where possible)

Documentation Contributions

  1. Use Clear Examples

    • Show both nmap and ProRT-IP syntax
    • Include expected output
    • Explain behavioral differences
  2. Maintain Consistency

    • Follow existing doc structure
    • Use consistent terminology
    • Keep tables properly aligned
  3. Update Multiple Files

    • README.md (overview)
    • docs/NMAP_COMPATIBILITY.md (details)
    • CHANGELOG.md (changes)
    • Code comments (inline docs)

Getting Started

  1. Fork & Clone

    git clone https://github.com/YOUR-USERNAME/ProRT-IP.git
    cd ProRT-IP
  2. Build & Test

    cargo build --release
    cargo test
    ./scripts/test-nmap-compat.sh
  3. Make Changes

    git checkout -b feature/nmap-min-rate-flag
    # ... make your changes ...
    cargo fmt
    cargo clippy
    cargo test
  4. Submit PR

    git commit -m "feat: Add --min-rate flag for nmap compatibility"
    git push origin feature/nmap-min-rate-flag
    # Open pull request on GitHub

Discussion


Resources

Official Nmap Documentation

ProRT-IP Documentation

Related Tools

Academic Papers

  • Masscan Paper: "Mass Scanning the Internet" - Robert Graham (2013)
  • ZMap Paper: "ZMap: Fast Internet-wide Scanning and Its Security Applications" - Durumeric et al. (2013)
  • Nmap Detection: "Remote OS Detection via TCP/IP Stack Fingerprinting" - Fyodor (1998)

Appendix

Quick Reference Card

Common Nmap → ProRT-IP Translations:

Task Nmap ProRT-IP (nmap syntax) ProRT-IP (original)
SYN scan nmap -sS target prtip -sS target prtip -s syn target
Connect scan nmap -sT target prtip -sT target prtip -s connect target
UDP scan nmap -sU target prtip -sU target prtip -s udp target
Fast scan nmap -F target prtip -F target prtip --top-ports 100 target
Service detect nmap -sV target prtip -sV target prtip --service-detection target
OS detect nmap -O target prtip -O target prtip --os-detect target
Aggressive nmap -A target prtip -A target prtip -O --sV --progress target
Output XML nmap -oX file target prtip -oX file target prtip --output xml --output-file file target
Verbosity nmap -v target prtip -v target N/A (new flag)

ProRT-IP v0.3.5 - Nmap-compatible syntax, superior performance, production-ready today.

Last updated: 2025-10-12 Document version: 1.0 Maintainer: ProRT-IP Contributors