passive Nmap like scanner built with

Smap is a replica of Nmap which uses’s free API for port scanning. It takes same command line arguments as Nmap and proudces the same output which makes it a drop-in replacament for Nmap.


  • Scans 200 hosts per second
  • Vulnerability detection
  • Supports all nmap’s output formats
  • Service and version fingerprinting
  • Makes no contact to the targets
  • Doesn’t require any account/api key


go install -v


Smap takes the same arguments as Nmap but options other than -p, -h, -o*, -iL are ignored. If you are unfamiliar with Nmap, here’s how to use Smap.

smap <targets here>

Specifying ports

SMap scans these 1237 ports by default. If you want to display results for certain ports, use the -p option.

smap -p21-30,80,443 -iL targets.txt


Since Smap simply fetches existent port data from, it is super fast but there’s more to it. You should use Smap if:

You want

  • vulnerability detection
  • a super fast port scanner
  • results for most common ports (top 1237)
  • no connections to be made to the targets

You are okay with

  • not being able to scan IPv6 addresses
  • results being up to 7 days old
  • a few false negatives


$ smap           
Starting Nmap 9.99 ( ) at 2022-04-01 14:06 CEST
Nmap scan report for (
Host is up.
rDNS record for

80/tcp   open  http?          
443/tcp  open  https?         
2082/tcp open  infowave?      
2083/tcp open  radsec?        
2086/tcp open  gnunet?        
2087/tcp open  eli?           
2096/tcp open  nbx-dir?       
8080/tcp open  http-alt?      
8443/tcp open  pcsync-https?  
8880/tcp open  cddbp-alt?     

Service detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds

URL List