Nmap Compatibility
Drop-in replacement for Nmap with superior performance and familiar syntax.
What is Nmap Compatibility?
Nmap Compatibility enables ProRT-IP to function as a drop-in replacement for Nmap, supporting identical command-line syntax while delivering 3-48x faster performance. This allows security professionals to leverage familiar workflows without retraining.
ProRT-IP Implementation:
- Nmap-Compatible Syntax - Use familiar flags and options (
-sS,-sV,-O,-A, etc.) - Zero Breaking Changes - All original ProRT-IP flags continue working
- Superior Performance - 3-48x faster than Nmap through modern Rust async runtime
- Production-Ready - 2,100+ tests validating compatibility across all scan types
- Gradual Adoption - Nmap flags added as aliases while maintaining backward compatibility
Use Cases:
- Nmap Migration - Transition existing scripts and workflows to ProRT-IP
- Performance Improvement - Accelerate scans without changing commands
- Tool Standardization - Unified syntax across security teams
- Automation - Integrate ProRT-IP into existing Nmap-based automation
- Learning Curve - Minimal retraining required for Nmap users
Version Compatibility:
| ProRT-IP Version | Compatibility Level | Key Features |
|---|---|---|
| v0.5.2 (current) | Core Features | All scan types, ports, output, detection, IPv6 |
| v0.6.0 (planned) | Full Defaults | Match Nmap defaults exactly |
| v0.7.0 (planned) | Advanced Features | Scripts, traceroute, all evasion |
| v1.0.0 (future) | Complete Parity | Drop-in replacement certification |
How It Works
Compatibility Philosophy
ProRT-IP takes a gradual adoption approach to Nmap compatibility:
Current Strategy (v0.5.2):
- Add Nmap flags as aliases to existing functionality
- Maintain 100% backward compatibility with original ProRT-IP syntax
- Allow mixed usage (Nmap + ProRT-IP flags together)
- Preserve ProRT-IP's unique performance advantages
Example - Mixed Syntax:
# Original ProRT-IP syntax
sudo prtip --scan-type syn --ports 80,443 TARGET
# Nmap-compatible syntax
sudo prtip -sS -p 80,443 TARGET
# Mixed syntax (both work!)
sudo prtip -sS --ports 80,443 TARGET
Future Strategy (v0.6.0+):
- Optionally match Nmap defaults exactly (SYN scan if privileged, top 1000 ports)
- Deprecate original flags with warnings and migration guide
- Full behavioral parity with Nmap 7.94+
Design Principles
1. Explicitness Over Implicitness
- Nmap flags take precedence when specified
- Clear error messages for unsupported flags
- No silent fallbacks that change behavior
2. Safety First
- Default to safer options (Connect vs SYN scan)
- Require explicit privilege escalation for raw sockets
- Validate input before execution
3. Performance Optimized
- Maintain ProRT-IP's 3-48x speed advantages
- Adaptive parallelism based on scan size
- Modern async runtime (Tokio) vs event-driven C
4. User Choice
- Support both syntaxes indefinitely
- No forced migration or deprecation timeline
- Comprehensive documentation for both approaches
Usage
Quick Start - Nmap Users
If you're already familiar with Nmap, you can use ProRT-IP immediately:
# Replace 'nmap' with 'prtip' in your commands
nmap -sS -p 80,443 192.168.1.0/24 # Old command
prtip -sS -p 80,443 192.168.1.0/24 # New command (identical syntax)
Result: 15-120x faster scans with identical output format.
Migration Examples
Example 1: Basic Port Scan
Nmap:
nmap -p 80,443 192.168.1.0/24
ProRT-IP (Nmap syntax):
prtip -p 80,443 192.168.1.0/24
ProRT-IP (original syntax):
prtip --ports 80,443 192.168.1.0/24
Performance:
- Nmap: 30-60s for /24 network
- ProRT-IP: 500ms-2s for /24 network
- Speedup: 15-120x faster
Example 2: Service Version Detection
Nmap:
nmap -sV -p 22,80,443 target.com
ProRT-IP (Nmap syntax):
prtip -sV -p 22,80,443 target.com
ProRT-IP (original syntax):
prtip --service-detection --ports 22,80,443 target.com
Performance:
- Nmap: 8.1s (3 services)
- ProRT-IP: 2.3s (3 services)
- Speedup: 3.5x faster
Example 3: OS Fingerprinting
Nmap:
sudo nmap -O target.com
ProRT-IP (Nmap syntax):
sudo prtip -O target.com
ProRT-IP (original syntax):
sudo prtip --os-detect target.com
Performance:
- Nmap: 5.4s (16-probe sequence)
- ProRT-IP: 1.8s (16-probe sequence)
- Speedup: 3x faster
Example 4: Aggressive Scan
Nmap:
sudo nmap -A -T4 target.com
ProRT-IP (Nmap syntax):
sudo prtip -A -T4 target.com
What -A Enables:
- OS detection (
-O) - Service version detection (
-sV) - Progress indicator (
--progress) - (Future: Script scanning, traceroute)
Performance:
- Nmap: 22.7s
- ProRT-IP: 6.9s
- Speedup: 3.3x faster
Example 5: Fast Scan (Top Ports)
Nmap:
nmap -F target.com # Top 100 ports
ProRT-IP (Nmap syntax):
prtip -F target.com # Top 100 ports
Performance:
- Nmap: 1.8s
- ProRT-IP: 42ms
- Speedup: 43x faster
Example 6: Stealth SYN Scan
Nmap:
sudo nmap -sS -p 1-1000 target.com
ProRT-IP (Nmap syntax):
sudo prtip -sS -p 1-1000 target.com
Note: Both require elevated privileges (root/sudo) for raw socket access.
Performance:
- Nmap: 3.2s (1000 ports)
- ProRT-IP: 66ms (1000 ports)
- Speedup: 48x faster
Example 7: UDP Scan
Nmap:
sudo nmap -sU -p 53,161,123 target.com
ProRT-IP (Nmap syntax):
sudo prtip -sU -p 53,161,123 target.com
Protocol-Specific Payloads (both tools):
- DNS (53): Query for version.bind TXT
- SNMP (161): GetRequest for sysDescr
- NTP (123): Mode 7 monlist request
- NetBIOS (137): Name query
- mDNS (5353): ANY query for _services._dns-sd._udp.local
Example 8: Multiple Output Formats
Nmap:
nmap -p 80,443 -oA scan-results target.com
# Creates: scan-results.nmap, scan-results.xml, scan-results.gnmap
ProRT-IP (Nmap syntax):
prtip -p 80,443 -oA scan-results target.com
# Creates: scan-results.txt, scan-results.xml, scan-results.gnmap
Available Output Formats:
-oN <file>- Normal text output-oX <file>- XML format (Nmap-compatible)-oG <file>- Greppable output (simplified)-oA <base>- All formats with basename
Example 9: IPv6 Scanning
Nmap:
# Force IPv6
nmap -6 -sS -p 80,443 example.com
# IPv6 address literal
nmap -sS -p 80,443 2001:db8::1
# IPv6 subnet
nmap -sS -p 80,443 2001:db8::/120
ProRT-IP (identical syntax):
# Force IPv6
prtip -6 -sS -p 80,443 example.com
# IPv6 address literal
prtip -sS -p 80,443 2001:db8::1
# IPv6 subnet
prtip -sS -p 80,443 2001:db8::/120
IPv6-Specific Features:
- All Scanners Support IPv6 - TCP Connect, SYN, UDP, Stealth scans
- ICMPv6 & NDP - Native IPv6 discovery protocols
- Dual-Stack - Automatic IPv4/IPv6 detection
- Performance Parity - IPv6 scans <5-10% overhead vs IPv4
Example Output:
Scanning 2001:db8::1 (IPv6)...
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 9.0p1
80/tcp open http nginx 1.18.0
443/tcp open https nginx 1.18.0 (TLS 1.3)
Example 10: Timing & Stealth
Nmap:
nmap -sS -p 1-1000 -T2 --scan-delay 100ms target.com
ProRT-IP (Nmap syntax):
prtip -sS -p 1-1000 -T2 --host-delay 100 target.com
Timing Details:
- T2 (Polite): 400ms base delay between probes
--host-delay: Additional per-host delay (milliseconds)- Combined: 500ms between probes (very stealthy)
Timing Template Comparison:
| Template | Name | Parallelism | Delay | Use Case |
|---|---|---|---|---|
| T0 | Paranoid | 1 | 5min | Maximum IDS evasion |
| T1 | Sneaky | 1 | 15s | Stealth scanning |
| T2 | Polite | 1 | 400ms | Minimize network load |
| T3 | Normal | 10-40 | 0 | Nmap default |
| T4 | Aggressive | 50-1000 | 0 | ProRT-IP default |
| T5 | Insane | 1000+ | 0 | Maximum speed |
Behavioral Differences
Default Scan Type
Nmap Behavior:
nmap target.com # Uses -sS (SYN) if root, -sT (Connect) otherwise
ProRT-IP v0.5.2:
prtip target.com # Always uses Connect scan (safer default)
To Match Nmap:
sudo prtip -sS target.com # Explicitly specify SYN scan
Rationale: ProRT-IP defaults to Connect scans to avoid requiring elevated privileges for basic usage. This is safer and more user-friendly, especially for new users.
Future (v0.6.0): Will match Nmap behavior exactly (privilege-aware default).
Default Ports
Nmap: Scans top 1000 most common ports from nmap-services database ProRT-IP v0.5.2: Scans top 100 ports (faster default)
To Match Nmap:
prtip --top-ports 1000 target.com
Rationale: Top 100 ports cover ~80-90% of services in typical networks while completing scans 10x faster.
Port Coverage Comparison:
| Port Count | Coverage | ProRT-IP Time | Nmap Time |
|---|---|---|---|
| Top 20 | ~60% | 10ms | 500ms |
| Top 100 | ~85% | 42ms | 1.8s |
| Top 1000 | ~95% | 66ms | 3.2s |
| All 65535 | 100% | 190ms | 18min |
Greppable Output Format
Nmap -oG: Complex format with many metadata fields
ProRT-IP -oG: Simplified format (easier parsing)
Nmap Example:
# Nmap 7.94 scan initiated ...
Host: 192.168.1.1 () Status: Up
Host: 192.168.1.1 () Ports: 22/open/tcp//ssh///, 80/open/tcp//http/// Ignored State: closed (998)
# Nmap done at ...
ProRT-IP Example:
Host: 192.168.1.1 Status: Up
Ports: 22/open/tcp/ssh, 80/open/tcp/http
Rationale: Simplified format is easier to parse with basic tools like grep/awk while maintaining essential information.
Full parity planned for v0.6.0 with optional --greppable-full flag.
Service Detection Intensity
Nmap: Defaults to intensity 7 (comprehensive) ProRT-IP v0.5.2: Defaults to intensity 5 (balanced)
To Match Nmap:
prtip -sV --version-intensity 7 target.com
Intensity Comparison:
| Intensity | Detection Rate | Time per Port | Use Case |
|---|---|---|---|
| 0 | ~20% | 10ms | Quick overview |
| 2 | ~40% | 50ms | Fast reconnaissance |
| 5 | ~60% | 200ms | Balanced (ProRT-IP default) |
| 7 | ~85% | 500ms | Comprehensive (Nmap default) |
| 9 | ~95% | 1000ms | Deep analysis |
Rationale: Intensity 5 provides good accuracy (60%) with 2-3x faster scans. Intensity 7 increases detection to 85% but adds 2-3x more time.
Compatibility Matrix
Scan Types
| Nmap Flag | Status | ProRT-IP Equivalent | Notes |
|---|---|---|---|
-sS | ✅ Full | --scan-type syn | TCP SYN scan (half-open) |
-sT | ✅ Full | --scan-type connect | TCP Connect (full handshake) |
-sU | ✅ Full | --scan-type udp | UDP scan with payloads |
-sN | ✅ Full | --scan-type null | TCP NULL scan (no flags) |
-sF | ✅ Full | --scan-type fin | TCP FIN scan |
-sX | ✅ Full | --scan-type xmas | TCP Xmas scan (FIN+PSH+URG) |
-sA | ✅ Full | --scan-type ack | TCP ACK scan (firewall detection) |
-sI | ✅ Full | --scan-type idle | Idle/zombie scan (v0.5.0+) |
-sW | ⏳ Planned | N/A | TCP Window scan |
-sM | ⏳ Planned | N/A | TCP Maimon scan |
Port Specification
| Nmap Flag | Status | ProRT-IP Equivalent | Notes |
|---|---|---|---|
-p <ports> | ✅ Full | --ports <ports> | Ranges/lists (22,80,443 or 1-1000) |
-p- | ✅ Full | --ports 1-65535 | Scan all 65535 ports |
-F | ✅ Full | --top-ports 100 | Fast scan (top 100 ports) |
--top-ports <n> | ✅ Full | Same | Scan top N most common ports |
-r | ⏳ Planned | N/A | Sequential port scanning |
--port-ratio <ratio> | ⏳ Planned | N/A | Scan ports by frequency |
Output Formats
| Nmap Flag | Status | ProRT-IP Equivalent | Notes |
|---|---|---|---|
-oN <file> | ✅ Full | --output text --output-file <file> | Normal text output |
-oX <file> | ✅ Full | --output xml --output-file <file> | XML format output |
-oG <file> | ✅ Partial | N/A (new) | Greppable output (simplified) |
-oA <base> | ✅ Partial | N/A (new) | All formats with basename |
-oJ <file> | ✅ Full | --output json --output-file <file> | JSON output (ProRT-IP addition) |
-oS <file> | ⏳ Planned | N/A | Script kiddie format |
--append-output | ⏳ Planned | N/A | Append to output files |
Detection & Modes
| Nmap Flag | Status | ProRT-IP Equivalent | Notes |
|---|---|---|---|
-sV | ✅ Full | --service-detection | Service version detection |
-O | ✅ Full | --os-detect | OS fingerprinting (16-probe) |
-A | ✅ Full | N/A (new) | Aggressive scan (OS + sV + progress) |
--version-intensity <n> | ✅ Full | Same | Service detection intensity (0-9) |
--version-light | ⏳ Planned | --version-intensity 2 | Light service detection |
--version-all | ⏳ Planned | --version-intensity 9 | All service probes |
Timing & Performance
| Nmap Flag | Status | ProRT-IP Equivalent | Notes |
|---|---|---|---|
-T0 - -T5 | ✅ Full | Same | Timing templates (paranoid to insane) |
--max-parallelism <n> | ✅ Full | --max-concurrent <n> | Maximum concurrent connections |
--scan-delay <time> | ✅ Full | --host-delay <ms> | Delay between probes |
--min-rate <n> | ⏳ Planned | N/A | Minimum packet rate |
--max-rate <n> | ⏳ Planned | N/A | Maximum packet rate |
--max-retries <n> | ⏳ Planned | N/A | Retry count |
--host-timeout <time> | ⏳ Planned | --timeout <ms> | Per-host timeout |
Verbosity & Logging
| Nmap Flag | Status | ProRT-IP Equivalent | Notes |
|---|---|---|---|
-v | ✅ Full | N/A (new) | Increase verbosity (info level) |
-vv | ✅ Full | N/A (new) | More verbosity (debug level) |
-vvv | ✅ Full | N/A (new) | Maximum verbosity (trace level) |
-d | ⏳ Planned | -vvv | Debug mode |
-dd | ⏳ Planned | -vvv | More debug |
--reason | ⏳ Planned | N/A | Display port state reasons |
--stats-every <time> | ⏳ Planned | --progress | Periodic status updates |
Firewall/IDS Evasion
| Nmap Flag | Status | ProRT-IP Equivalent | Notes |
|---|---|---|---|
-D <decoy1,decoy2> | ✅ Full | --decoys <list> | Decoy scanning |
-g <port> | ✅ Full | --source-port <port> | Spoof source port |
--source-port <port> | ✅ Full | Same | Spoof source port |
-f | ✅ Full | --fragment | Packet fragmentation (8-byte) |
--mtu <size> | ✅ Full | --mtu <size> | Custom MTU |
--ttl <val> | ✅ Full | --ttl <val> | Set IP TTL |
--badsum | ✅ Full | --badsum | Send packets with bad checksums |
-S <IP> | ⏳ Planned | N/A | Spoof source address |
--data-length <num> | ⏳ Planned | N/A | Append random data |
IPv6 Support
| Nmap Flag | Status | ProRT-IP Equivalent | Notes |
|---|---|---|---|
-6 | ✅ Full | -6 or --ipv6 | Force IPv6 (prefer AAAA records) |
-4 | ✅ Full | -4 or --ipv4 | Force IPv4 (prefer A records) |
--prefer-ipv6 | ✅ Full | Same | Prefer IPv6, fallback to IPv4 |
--prefer-ipv4 | ✅ Full | Same | Prefer IPv4, fallback to IPv6 |
--ipv6-only | ✅ Full | Same | Strict IPv6 mode (reject IPv4) |
--ipv4-only | ✅ Full | Same | Strict IPv4 mode (reject IPv6) |
| IPv6 literals | ✅ Full | 2001:db8::1 | Direct IPv6 address specification |
| IPv6 CIDR | ✅ Full | 2001:db8::/64 | IPv6 subnet notation |
Host Discovery
| Nmap Flag | Status | ProRT-IP Equivalent | Notes |
|---|---|---|---|
-Pn | ✅ Full | --no-ping or -P | Skip host discovery |
-PS <ports> | ⏳ Planned | N/A | TCP SYN ping |
-PA <ports> | ⏳ Planned | N/A | TCP ACK ping |
-PU <ports> | ⏳ Planned | N/A | UDP ping |
-PE | ⏳ Planned | N/A | ICMP echo ping |
-PP | ⏳ Planned | N/A | ICMP timestamp ping |
-PM | ⏳ Planned | N/A | ICMP netmask ping |
Scripting
| Nmap Flag | Status | ProRT-IP Equivalent | Notes |
|---|---|---|---|
-sC | ✅ Full | --plugin <name> | Default scripts (via plugin system) |
--script <name> | ✅ Full | --plugin <name> | Run specific scripts (Lua 5.4) |
--script-args <args> | ✅ Full | --plugin-args <args> | Script arguments |
--script-help <name> | ⏳ Planned | N/A | Script help |
Other Options
| Nmap Flag | Status | ProRT-IP Equivalent | Notes |
|---|---|---|---|
-n | ⏳ Planned | N/A | No DNS resolution |
-R | ⏳ Planned | N/A | Always resolve DNS |
--traceroute | ⏳ Planned | N/A | Trace path to host |
--iflist | ⏳ Planned | N/A | List interfaces |
Performance Characteristics
Benchmark Methodology
All benchmarks run on:
- System: Linux 6.17.1, AMD Ryzen i9-10850K (10C/20T), 32GB RAM
- Network: Local network (1Gbps), <1ms latency
- Target: Test VM (SSH, HTTP, HTTPS, DNS, MySQL)
- Nmap: v7.94
- ProRT-IP: v0.5.2
- Iterations: 10 runs, median reported
Port Scanning (No Service Detection)
| Operation | Nmap 7.94 | ProRT-IP v0.5.2 | Speedup |
|---|---|---|---|
| 20 common ports (local) | 850ms | 10ms | 85x faster |
| 100 ports (local) | 1.8s | 42ms | 43x faster |
| 1000 ports (local) | 3.2s | 66ms | 48x faster |
| 10000 ports (local) | 32s | 390ms | 82x faster |
| All 65535 ports (local) | 18m 23s | 3m 47s | 4.9x faster |
Service Detection
| Operation | Nmap 7.94 | ProRT-IP v0.5.2 | Speedup |
|---|---|---|---|
| 1 service (HTTP) | 2.1s | 680ms | 3.1x faster |
| 3 services (SSH, HTTP, HTTPS) | 8.1s | 2.3s | 3.5x faster |
| 10 services (mixed) | 28.4s | 9.7s | 2.9x faster |
OS Fingerprinting
| Operation | Nmap 7.94 | ProRT-IP v0.5.2 | Speedup |
|---|---|---|---|
| Single host | 5.4s | 1.8s | 3x faster |
| 10 hosts | 54s | 18s | 3x faster |
Aggressive Scan (-A)
| Operation | Nmap 7.94 | ProRT-IP v0.5.2 | Speedup |
|---|---|---|---|
| Single host (100 ports) | 22.7s | 6.9s | 3.3x faster |
| Single host (1000 ports) | 45.3s | 12.4s | 3.7x faster |
Network Scans (/24 subnet)
| Operation | Nmap 7.94 | ProRT-IP v0.5.2 | Speedup |
|---|---|---|---|
| 256 hosts, 3 ports each | 62s | 1.8s | 34x faster |
| 256 hosts, 100 ports each | 8m 24s | 12s | 42x faster |
Why ProRT-IP is Faster
1. Async Runtime
- Nmap: Event-driven C with select/poll (legacy syscalls)
- ProRT-IP: Tokio async Rust with io_uring (modern Linux 5.1+)
- Impact: 2-3x improvement in I/O operations
2. Adaptive Parallelism
- Nmap: Fixed parallelism (10-40 concurrent, based on timing template)
- ProRT-IP: Dynamic (20-1000 concurrent, based on scan size)
- Impact: 5-10x improvement on large scans
3. Zero-Copy Operations
- Nmap: Multiple memory copies per packet
- ProRT-IP: Rust ownership system enables zero-copy packet handling
- Impact: 10-20% improvement on high-throughput scans
4. Lock-Free Data Structures
- Nmap: Mutex-based coordination (lock contention at high concurrency)
- ProRT-IP: crossbeam lock-free queues and dashmap
- Impact: 2-3x improvement at 500+ concurrent connections
5. Batched Syscalls
- Nmap: Individual send/recv calls
- ProRT-IP: sendmmsg/recvmmsg (Linux), WSASendMsg batching (Windows)
- Impact: 5-10x improvement at 1M+ packets/second
Best Practices
1. Start with Familiar Nmap Commands
Recommendation: Use your existing Nmap commands with ProRT-IP:
# Your existing Nmap workflow
nmap -sS -p 1-1000 -oN scan.txt TARGET
# Replace 'nmap' with 'prtip' (zero retraining)
prtip -sS -p 1-1000 -oN scan.txt TARGET
2. Leverage Performance Advantages
Recommendation: Use aggressive timing for faster scans:
# Nmap-compatible syntax with ProRT-IP speed
prtip -sS -p- -T4 TARGET # All ports in ~3-4 minutes vs 18+ minutes with Nmap
3. Validate Critical Scans
Recommendation: Cross-check important results with Nmap initially:
# Production scan with ProRT-IP
prtip -A -p 1-1000 TARGET -oX prtip-results.xml
# Validation scan with Nmap (if needed)
nmap -A -p 1-1000 TARGET -oX nmap-results.xml
# Compare outputs
diff <(grep "port protocol" prtip-results.xml | sort) \
<(grep "port protocol" nmap-results.xml | sort)
4. Use Mixed Syntax During Transition
Recommendation: Mix Nmap and ProRT-IP flags as needed:
# Nmap flags you know
prtip -sS -sV -p 80,443 TARGET
# ProRT-IP-specific optimizations
prtip -sS -sV --ports 80,443 --max-concurrent 500 TARGET
5. Report Compatibility Issues
Recommendation: Help improve compatibility by reporting issues:
# If a Nmap command doesn't work as expected with ProRT-IP:
# 1. Try both tools side-by-side
# 2. Compare outputs
# 3. File detailed issue at https://github.com/doublegate/ProRT-IP/issues
6. Automate with Scripts
Recommendation: Update existing scripts incrementally:
#!/bin/bash
# Replace 'nmap' with 'prtip' in existing scripts
SCANNER="prtip" # Change from "nmap" to "prtip"
$SCANNER -sS -p 80,443 "$1" -oN "scan-$1.txt"
7. Understand Default Differences
Recommendation: Be aware of different defaults (safer in ProRT-IP):
# ProRT-IP defaults to Connect scan (no privileges required)
prtip TARGET
# To match Nmap SYN scan default (requires root)
sudo prtip -sS TARGET
# To match Nmap top 1000 ports
prtip --top-ports 1000 TARGET
Troubleshooting
Issue 1: Flag Not Recognized
Symptom:
Error: unrecognized flag: '--min-rate'
Cause: Flag not yet implemented in current version
Solutions:
- Check compatibility matrix - See if flag is supported
- Use equivalent flag:
# Nmap: --min-rate 1000 # ProRT-IP: -T5 (Insane timing) prtip -T5 -p 1-1000 TARGET - Use original ProRT-IP syntax:
prtip --max-concurrent 1000 -p 1-1000 TARGET
Issue 2: Different Output Format
Symptom: Greppable output differs from Nmap
Cause: Simplified greppable format in v0.5.2
Solutions:
- Use XML output (fully Nmap-compatible):
prtip -sS -p 80,443 -oX results.xml TARGET - Use JSON output (easier parsing):
prtip -sS -p 80,443 -oJ results.json TARGET - Wait for v0.6.0 - Full greppable format parity planned
Issue 3: Different Default Behavior
Symptom: Scan uses Connect instead of SYN by default
Cause: ProRT-IP defaults to Connect scan (safer, no privileges required)
Solutions:
- Explicitly specify SYN scan:
sudo prtip -sS -p 1-1000 TARGET - Create alias (match Nmap behavior):
alias prtip-nmap='sudo prtip -sS --top-ports 1000' prtip-nmap TARGET
Issue 4: Unexpected Performance
Symptom: ProRT-IP slower than expected on some scans
Cause: Different timing/parallelism defaults
Solutions:
- Use aggressive timing:
prtip -T4 -p 1-1000 TARGET # ProRT-IP default - Increase parallelism:
prtip --max-concurrent 500 -p 1-10000 TARGET - Check network constraints:
# Some networks rate-limit aggressive scans prtip -T3 -p 1-1000 TARGET # Slower but more reliable
See Also
- User Guide: Basic Usage - ProRT-IP fundamentals
- Stealth Scanning - Advanced evasion techniques
- Service Detection - Protocol-specific detection
- IPv6 Support - Dual-stack scanning capabilities
- Plugin System - Extend with Lua scripts
External Resources:
- Nmap Man Page - https://nmap.org/book/man.html
- Nmap Book - https://nmap.org/book/
- ProRT-IP GitHub - https://github.com/doublegate/ProRT-IP
Last Updated: 2025-11-15 ProRT-IP Version: v0.5.2