Protocol / Port Real-Time War Scanner for IP Networks

Executive Summary

• Rust-native port scanner delivering Masscan-scale throughput with Nmap-grade detection depth; v0.6.0 (2025-11-17) ships 2,151 tests passing, 54.92% coverage, Phase 6 (TUI + network optimizations) at 37.5% (3/8 sprints), with full IPv4/IPv6 dual-stack support and TUI dashboard in production.
• Phase 4 achieves lock-free scheduling, NUMA-”aware” hot paths, zero-copy buffers, and sendmmsg batching, yielding 65K-port SYN scans in 0.91s (198× faster), 2.56M ports in 15 minutes (10× faster), and filtered-network sweeps in 3.2s (17.5× faster) as per the benchmarking in docs/07-PERFORMANCE.md.
• Detection stack bundles include 187+ service probes (TLS handshakes, protocol-specific payloads), 2,000+ OS fingerprints, banner parsers, and Masscan-”compatible” outputs in JSON, XML, SQLite, and forthcoming PCAPNG formats, providing red teams with deep enumeration capabilities following rapid discovery.
• Security-first posture: immediate capability drops, hardened privilege separation, exhaustive CIDR/IP validation, adaptive rate limiting, configurable safety guards (scan confirmation, jitter, delay), and legal-compliance messaging per docs/08-SECURITY.md and docs/12-LEGAL.md.
• Active work: Phase 6 sprints (6.4–6.8) cover zero-copy rework, interactive target selection, TUI polish, configuration profiles, contextual help/tooltips; Phase 5/5.5 complete and archived; Phase 4 links retired. Sprint 6.3 delivered O(N) connection-state optimization, adaptive batch I/O, and CDN dedup benchmarks.
• Optimized CI/CD: 3–6 minute PR builds via matrix pruning, cache versioning, and reusable commands (/rust-check, /perf-profile, /doc-update, /sprint-*); release.yml handles eight platform artifacts, Changelog sync, and manual promotion pipelines.
• A comprehensive documentation corpus (~600 KB across docs/, benchmarks/, and bug_fix/) spans architecture, roadmap, security, performance tuning, sprint dossiers, and compliance references. /tmp/ProRT-IP/ mirrors sprint decks, workflow manifests, and release assets for quick lookup.

15. GitHub Cross-Links

• Rust-native IP war scanner unifying Masscan-scale discovery with Nmap-grade analysis; Phase 6 in progress (3/8) with production TUI; v0.6.0 ships 2,151 tests, 54.92% coverage; GPLv3.
• Current release: v0.6.0 (2025-11-17) bundles 2,151 automated tests, 54.92% coverage, Phase 6 Sprint 6.3 COMPLETE (O(N) connection-state, adaptive batch I/O, CDN dedup), with TUI dashboard in production and IPv6 100% coverage.
• Target operators include penetration testers, red teams, SOC/SecOps analysts, and threat hunters who require rapid situational awareness with built-in guardrails for lawful and authorized reconnaissance.

2. Architecture & Components

• Layered stack from CLI/TUI → orchestration → scan engines → protocol stack → OS interfaces; design pillars include modular crates, tokio-”powered” async runtime, zero-copy hot paths, and type-safe state machines.
• Crate roles: prtip-core (configuration, targets, filters, outputs), prtip-network (packet crafting, NUMA utilities, transport abstractions, checksum engines), prtip-scanner (schedulers, detection orchestration, adaptive control loops), prtip-cli (CLI UX, formatting, configuration ingestion, future TUI hookups).
• Key dependencies: tokio (async runtime), crossbeam (lock-free queues), pnet & raw socket builders, rusqlite (result storage), clap (CLI UX), caps/nix/windows (privilege control), with upcoming mlua integration for plugin runtime.

3. Scanning & Detection Surface

• Protocols & modes: TCP (SYN, Connect, FIN/NULL/Xmas, ACK, Idle), UDP with protocol-aware payloads (DNS, SNMP, NetBIOS, NTP, RPC, IKE, SSDP, mDNS), ICMP discovery, timing templates (T0–T5), decoys, fragmentation, spoofed source ports, and host delay controls with adaptive re-transmits.
• The detection pipeline matches banners against 187+ service probes, invokes TLS/STARTTLS handshakes, fingerprints OS signatures (over 2,000), enriches data with banner parsers, and writes synchronized outputs (SQLite, JSON, XML, greppable text, and PCAPNG in Sprint 4.18) with hooks prepared for Lua-”based” plugin post-processing.