Console #146 -- Interview with Autumn Bee Skerritt of RustScan - Modern Port Scanner written in Rust
Featuring Pulsar, aicommits, and RustScan
🤝 Sponsor
This space is reserved for sponsors that support us to keep the newsletter going! Want to support Console? Send us a note at osh@codesee.io
🏗️ Projects
Browse through open source projects on OpenSourceHub.io, add your project to get more exposure and connect with other maintainers and contributors!
✍️ Pulsar
A Community-led Hyper-Hackable Text Editor, built on Electron.
language: JS stars: 1429 last commit: 1 day
repo: github.com/pulsar-edit/pulsar
site: pulsar-edit.dev
🤖 aicommits
A CLI that writes your git commit messages for you with AI.
language: TypeScript stars: 2686 last commit: 3 days
repo: github.com/Nutlope/aicommits
site: npmjs.com/package/aicommits
🖧 RustScan
RustScan is a Port Scanner which is fast, smart, and effective. It can scan all 65k ports in 3 seconds.
language: Rust stars: 9296 last commit: 3 weeks
repo: github.com/RustScan/RustScan
Join thousands of other open-source enthusiasts and developers in the Open Source Hub Discord server to continue the discussion on the projects in this week's email!
🎙️ Interview With Autumn Bee Skerritt of RustScan
Hey Bee! Thanks for joining us! Let us start with your background.
I’m from the UK, specifically Liverpool 🙂
I learnt to program when I was 10, I was really interested in hacking and I wrote Batch scripts to delete System32 or do other funny things. When I was 11, I had picked up a copy of Breaking Secret Codes with Python by Al Sweigart. I went through the whole book and decided to try and build something. I had emailed the author for permission to use his code, and I ended up building the first version of Ciphey! It was a single file and very messy, but I was proud of it.
I moved into sixth form (in the UK we have an extra step between university and school, either college or sixth form). I flunked it and dropped out. I went to college to study computing before I went to university. I passed but I ended up being rejected by all 5 universities I applied to.
I convinced someone to let me do 1 more year (called a higher national certificate in the UK), and this time I burnt the metaphorical bridges to ensure I’d do well. I applied exclusively to Russell Group universities (Ivy League is similar in the US). By this time I had recreated Ciphey as version 2.0, which was much nicer and had gained around ~30 GitHub stars (a lot for me back then!)
I did quite well and got accepted into ⅘ Russell Group universities.
When I graduated university. I had built up a rather popular blog on computer science (averaging ~2 million views / year), but it was the pandemic! It was very difficult to find a job.
I spent 9 months looking, and in that time I built out many of my open source projects. Ciphey hit ~7k stars (with a major rework), and more importantly -- I wanted to learn Rust. I went on a walk and thought about what things I could invent. I figured I was really into hacking at the time and port scanning with Nmap was so slow.
I decided to write a port scanner in Rust and feed the ports to Nmap afterwards. I actually told the TryHackMe discord about this, and someone had copied my idea and implemented it before I could (albeit in Python). They also had a much larger following than me. Some of my friends told me not to try, but I always think it’s worth building something even if other people have done it.
I created RustScan in literally ~3 days. I had never used Rust before, and the initial code was ~60 lines. All it did was scan for ports sequentially and then put them into Nmap.
Using the tips I outlined here https://skerritt.blog/make-popular-open-source-projects/ I advertised RustScan to HackerNews. It hit #1 and I gained ~5k GitHub stars in a day. Since then, RustScan has evolved exponentially.
In my professional life, I worked as an infrastructure / security engineer at Monzo and I am now a senior engineer at a different company (this newsletter comes out before I announce it, so no company names here 🙈
We previously discussed Ciphey. How’s it going?
Great! I am reimplementing it into Rust over at https://github.com/bee-san/ares, the current Rust implementation is 8445% faster which is a bit crazy for a bruteforce tool. Ciphey, the Python version, is dead and abandoned. The team and I are investing into the Rust version fully.
So, what is RustScan?
RustScan is a port scanner that’s really fast. When you want to host a website, you host it on port 80. This way another computer can go “I want to view the website hosted on this server, luckily we have both agreed on port 80 for websites so I know where to go to find the website!”
Sometimes websites are hosted on other ports, and there’s ~65k ports in total. Every app which receives incoming traffic from the outside world has to use a port (SSH, Email, Web Traffic, file transfers, etc).
A port scanner will scan every port to see if something exists on it. Imagine 65k doors and you want to find out if anyone lives behind that door. You have to go and knock on each door, this is what RustScan does.
Some people mistakenly think RustScan spawns a bunch of threads to do the work, which is actually incorrect (although a great starting point for anyone implementing their own scanner. The initial version of RustScan worked this way!) RustScan is single threaded.
Other programs spawn threads (more people to knock on doors) which can help speed it up, but instead RustScan works in an asynchronous style. Instead of knocking on each door and waiting for a reply, it knocks on every door at the same time and waits for a reply (kind of, it’s complicated 🫣). If no one replies in a set time limit, it assumes no one lives behind that door.
To be honest, there is not much else to it. After this all of the optimisations lie in very small micro things (making sure data types are correct, estimating the timeout better, some computers may only be able to knock on ~400 doors at once so we have code to detect this and try to increase it). Typically RustScan’s speed is limited either by your PC or the server.
A fun fact is that people may use something called port knocking. This means that you have to “knock” on the doors in a certain order (door 3, door 9, door 15) and then data will exist on door 15 only if door 3 and 9 have been knocked on.
RustScan is so fast we have had reports it has opened up ports hidden behind port knocking, effectively becoming the first bruteforce port knocking tool!
Why did you pick Rust instead of something like Go?
There is nothing special here. I wanted to learn Rust because it was the latest and greatest technology and the community is full of trans people, and as a trans person I was just in that community.
The first version of RustScan was ~60 lines of code and I didn’t invest much into it. I have always said and always will say I am a better marketer than I am a programmer. PyWhat, another one of my tools, was simply a bunch of regex with a single for loop and now it has ~6k stars and was #1 on HackerNews. Truly, anyone can create “popular” tools with a bit of marketing magic.
Who, or what was the biggest inspiration for RustScan?
My biggest inspiration was being forced into the 5th Circle of Hell (Dante’s Interpretation) everytime I had to use Nmap and it’d take 20+ minutes to scan a bunch of ports. I absolutely hated it, and it took so long to do when I was in a race against other people. No matter what trick I used, Nmap just sucks sometimes.
Are there any overarching goals of RustScan that drive design or implementation?
One of the big overarching goals we have is to make a fast port scanner. A lot of people dislike this, but there’s an entire product market for fast things.
CTFs, competitions -- you need to be the fastest to win.
What about internal infrastructure where you don’t really care that much about hammering a server a little bit?
Port scanners aren’t only used by external pentesters who cannot trigger any alarms.
RustScan is primarily built to be fast, but we have added some features to slow things down. One of these is the ability to randomly send packets to check which ports are open, which is much slower than our default options but makes it slightly harder to scan things.
Another thing is only using the most popular ports, these are ports used by SSH, web servers, etc. Scanning all 65k ports might set off alarms, but scanning ~50 ports over the course of 10 minutes might not.
What is the most challenging problem that’s been solved in RustScan so far?
Back then argument parsing libraries in Rust existed but weren’t too good. We worked with the authors of some of these arg parsing libraries to improve upon them. Other than that, there wasn’t really anything super challenging.
What were the existing Port Scanners lacking that made you consider building RustScan?
I feel like I can’t really answer this well, I made RustScan to learn Rust haha!
What was the most surprising thing you learned while working on RustScan?
The Rust community are all super lovely. Anytime I had a problem I could ask for help, and I often hang out just to chat to people (even if not about Rust).
Are you planning to monetize RustScan? If so, how?
No :( I have had venture capitalists in my DMs, and at one point a company that used RustScan wanted me to work there but I quite like the idea of free software being free. I created this project to solve a paint point, my gift to humanity -- I don’t really want anything for it. People messaging me about their love for it is all I need :-)
What are you most proud of?
Recently I read this Reddit thread:
And I decided to reply with a bunch of suggestions. The author replied thanking me:
This made me very proud and happy, I love helping people.
Also how could I forget, the automated port-knocking tool was hilarious when we discovered it in the TryHackMe server.
How do you balance your work on open-source with your day job and other responsibilities?
Everyday I wake up at 5am and take a cold shower. Not to waste the seconds, I listen to an Audiobook. Currently “Introduction to Algorithms” by CLRS. I then spend the next 4 hours working on Open Source before starting my job at 9am, which I finish at 6pm. In my bed I have a keyboard attached to a headless server which I use to code up more RustScan features. I find not having a monitor helps me sleep (less blue light) and I can visualise VS Code in my head like Beth Harmon playing Chess..
Just kidding! I have no idea how to balance anything outside of my day job / snoozing, please hit me up with tips! Sometimes on weekends / weekdays I’ll code something up, but I do not really have a strict schedule :)
Have you ever experienced burnout? How did you deal with it?
I just sleep!!!
Where do you see the project heading next?
Work on the scripting engine more which would be very nice! Also just general cleanup. And also look at like the 80 GitHub issues and the 25 PRs. Oh, also fix the CI so it actually publishes packages after releases.
Where do you see software development heading next?
Rust will continue in popularity, more domain specific languages will be built (we are already quite low level for things like Terraform / Janet / even the Wolfram language. I expect we’ll continue abstracting all the way down).
AI is super super cool and useful. Some of our decoders in Ares are written by ChatGPT (and we have benchmarked & tested them, some (not all) are better than what we could come up with).
Where do you see open-source heading next?
A lot of open source projects exist between “I am a dev doing this in my free time for fun” and “I am a very large company giving back to the community”. With things like GitHub Sponsors etc I expect to see more of a middle ground “I am a dev who is being paid by the community to work on this”.
It’d be truly lovely for more funding to come in just to build things that are useful to the world.
Want to join the conversation about one of the projects featured this week? Drop a comment, or see what others are saying!
Interested in sponsoring the newsletter or know of any cool projects or interesting developers you want us to interview? Reach out at osh@codesee.io or mention us @ConsoleWeekly!