Skip to content

Release v0.7.0 #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
shellrow merged 9 commits into from
Apr 4, 2026
Merged

Release v0.7.0 #30

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
c778c3e
refactor: redesign and rebuild nrev core and CLI
shellrow Mar 22, 2026
1fc82ad
feat: OS fingerprinting
shellrow Mar 22, 2026
85cc6fd
feat: add ping, traceroute and neighbor discovery
shellrow Mar 27, 2026
8b12547
feat: filter JSON scan output
shellrow Apr 4, 2026
fde878e
feat: add task command with target file support
shellrow Apr 4, 2026
428dcb5
fix: clean up clippy warnings
shellrow Apr 4, 2026
ff5f24c
chore: bump version to 0.7.0
shellrow Apr 4, 2026
07788d2
chore: update README.md
shellrow Apr 4, 2026
d02421f
chore: update README.md
shellrow Apr 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1,103 changes: 127 additions & 976 deletions Cargo.lock
View file
Open in desktop

Large diffs are not rendered by default.

25 changes: 7 additions & 18 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "nrev"
version = "0.6.0"
version = "0.7.0"
edition = "2024"
authors = ["shellrow <shellrow@foctal.com>"]
description = "Cross-platform network mapper for discovery and probing."
Expand All @@ -14,44 +14,33 @@ license = "MIT"

[dependencies]
anyhow = { version = "1" }
async-trait = "0.1"
tracing = { version = "0.1" }
tracing-subscriber = { version = "0.3", features = ["time", "chrono"] }
serde = { version = "1", features = ["derive"] }
serde_json = "1"
bytes = "1"
netdev = { version = "0.40", features = ["serde"] }
nex = { version = "0.25", features = ["serde"] }
thiserror = "2"
toml = "0.8"
netdev = { version = "0.41", features = ["serde"] }
nex = { version = "0.26", features = ["serde"] }
futures = {version = "0.3", features = ["executor", "thread-pool"]}
rustls = { version = "0.23", default-features = false, features = ["ring", "std"] }
rustls-native-certs = "0.7"
rustls-pemfile = "2.1"
rustls-pki-types = "1.8"
x509-parser = "0.17"
tokio = { version = "1", features = ["macros", "rt-multi-thread", "time", "net", "io-util", "sync"] }
tokio-rustls = { version = "0.26", default-features = false, features = ["ring"] }
hickory-proto = "0.25"
hickory-resolver = { version = "0.25" }
chrono = { version = "0.4", features = ["serde"] }
uuid = { version = "1.3", features = ["v4","v5","fast-rng","macro-diagnostics"] }
rand = "0.9"
clap = { version = "4.5", features = ["derive", "cargo"] }
indicatif = { version = "0.18" }
tracing-indicatif = "0.3"
inquire = "0.6"
ipnet = "2.11"
num_cpus = "1.17"
termtree = "0.5"
ndb-oui = { version = "0.4", features = ["bundled"] }
ndb-tcp-service = { version = "0.4", features = ["bundled"] }
ndb-udp-service = { version = "0.4", features = ["bundled"] }
home = "0.5"
base64 = "0.22"
regex = "1.11"
fastrand = "2.3"
quinn = "0.11"
h3 = "0.0.8"
h3-quinn = "0.0.10"
http = "1.3"
bytes = "1"

# The profile that 'dist' will build with
[profile.dist]
Expand Down
186 changes: 45 additions & 141 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,18 @@
[crates-badge]: https://img.shields.io/crates/v/nrev.svg
[crates-url]: https://crates.io/crates/nrev
# nrev

# nrev [![Crates.io][crates-badge]][crates-url]
Cross-platform network mapper for discovery and probing.
An observation-first, cross-platform network mapper for discovery and probing.

## Features
- Port Scan (TCP/UDP/QUIC, Connect/SYN)
- Host Scan (ICMP/UDP/TCP)
- Ping (ICMP/UDP/TCP/QUIC)
- Traceroute
- Neighbor Discovery (ARP/NDP)
- Subdomain Enumeration
`nrev` focuses on:

- Port scanning with TCP, UDP, TCP-SYN, and QUIC transports
- Host discovery with ICMP, UDP, and TCP probes
- Active ping with ICMP, UDP, TCP, and QUIC methods
- Traceroute with UDP and ICMP probes
- Neighbor discovery with ARP and NDP
- Built-in service observation for common protocols
- Structured JSON output for automation
- External data packs for probes, fingerprint rules, profiles, and recipes
- Task files for repeatable target lists and scan executions

## Supported platforms
- Linux
Expand Down Expand Up @@ -44,148 +46,55 @@ Or you can use [binstall](https://github.com/cargo-bins/cargo-binstall) for inst
cargo binstall nrev
```

## Basic Usage
### Port Scan Example
To scan the default top 1000 ports on a target:
```
nrev port yourcorpone.com
nrev port 192.168.1.10
```

Enable service detection and OS fingerprinting:
```
nrev port yourcorpone.com -S -O
```

You can pass multiple targets, CIDR blocks, or `@`-prefixed target list files:
```
nrev port 192.168.1.10 192.168.1.11
nrev port 10.0.0.0/24
nrev port @/path/to/targets.txt
```
## Commands

### Sub-commands and Options
```
Usage: nrev [OPTIONS] <COMMAND>
```text
Usage: nrev <COMMAND>

Commands:
port Scan ports on the target(s) (TCP/QUIC)
host Discover alive hosts (ICMP/UDP/TCP)
ping Simple ping (ICMP/UDP/TCP)
trace Traceroute (UDP)
nei Neighbor discovery (ARP/NDP)
domain Subdomain enumeration
interface Show network interface(s)
help Print this message or the help of the given subcommand(s)

Options:
--log-level <LOG_LEVEL> Global log level [default: info] [possible values: error, warn, info, debug, trace]
--log-file Log to file (in addition to stdout)
--log-file-path <FILE> Log file path (default: ~/.nrev/logs/nrev.log)
--quiet Suppress all log output (only errors are shown)
-o, --output <FILE> Save output to file (JSON format)
--no-stdout Suppress stdout console output (only save to file if -o is set)
-h, --help Print help
-V, --version Print version
port Scan ports and collect structured observations
task Run a port-scan task from a JSON or TOML file
host Discover reachable hosts with ICMP, UDP, or TCP probes
ping Send repeated probes to a target with ICMP, UDP, TCP, or QUIC
trace Trace the path to a target with UDP or ICMP probes
nei Discover a neighbor with ARP or NDP
probe Show the built-in and externally loaded probe catalog
recipe Show externally loaded scan recipes
```

See `nrev <sub-command> -h` for more detail.

## Examples
### Port scan
Scan default 1000 ports and enable service and OS detection for open ports
```
nrev port yourcorpone.com -S -O
```

Specify the ports
```
nrev port yourcorpone.com --ports 22,80,443,5000,8080
```

Specify the range
```
nrev port yourcorpone.com --ports 20-100
```

#### Settings
By default, nrev derives connect/wait timing from an initial ping phase.
If initial ping fails, nrev continues scanning with a safe default RTT.
You can skip the initial ping with `--no-ping`.
For other settings, please refer to `nrev port -h` for details.

### Host scan
ICMP Host scan
```
nrev host 192.168.1.0/24
```

```
nrev host @/path/to/list/hostlist.txt
```
## Output

TCP Host scan
```
nrev host 192.168.1.0/24 --proto tcp --ports 80
```
`nrev` provides:

### Ping
Default ICMP Ping
```
nrev ping 1.1.1.1 -c 4
```
- Compact human-readable reports for interactive use
- Stable JSON reports for downstream tooling
- Phase timings for resolution, discovery, scanning, and follow-up probes

UDP Ping
```
nrev ping 1.1.1.1 --proto udp
```
## External Data

TCP Ping
```
nrev ping 1.1.1.1 --proto tcp --port 80
```
`--data` accepts:

### Traceroute
UDP Trace
```
nrev trace 8.8.8.8
```
- A single `.json` file
- A single `.toml` file
- A directory containing multiple `.json` and `.toml` files

You can specify the interval in milliseconds for faster trace.
```
nrev trace 8.8.8.8 --interval-ms 500
```
Each file may contain any combination of:

### Subdomain scan
```
nrev domain yourcorpone.com --wordlist /path/to/wordlist/top-1000.txt
```
- `probes`
- `fingerprint_rules`
- `recipes`

### Neighbor (ARP/NDP)
```
nrev nei 192.168.1.1
```
## Samples

### Specify the network interface
```
nrev port 10.10.11.14 --interface tun0
```
The repository includes sample data under [samples/](samples):

## Output and Logging
Save command results as JSON:
```
nrev -o result.json port yourcorpone.com -S -O
```
- [samples/recipes/](samples/recipes) for recipe-only examples
- [samples/data-pack/](samples/data-pack) for mixed external data pack examples
- [samples/tasks/](samples/tasks) for runnable task-file examples

Run in non-interactive mode (no tree output to stdout):
```
nrev --no-stdout -o hosts.json host 10.0.0.0/24
```
## Documentation

Write logs to file:
```
nrev --log-file --log-file-path /tmp/nrev.log port yourcorpone.com
```
- [Usage Guide](docs/USAGE.md)

## Privileges
`nrev` uses a raw socket which require elevated privileges. Execute with administrator privileges.
Expand Down Expand Up @@ -228,11 +137,6 @@ Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/shellrow/chmod-bpf/releases/latest/download/chmod-bpf-installer.sh | sh
```

Install prebuilt binaries via Homebrew
```sh
brew install shellrow/tap-chmod-bpf/chmod-bpf
```

#### Check BPF device permissions
```
chmod-bpf check
Expand Down
Loading
Loading