finds.dev← search

// the find

s0md3v/Smap

★ 3,270 · Go · AGPL-3.0 · updated Apr 2026

a drop-in replacement for Nmap powered by shodan.io

Smap is a passive port scanner that queries Shodan's InternetDB instead of touching the target directly. It accepts Nmap flags and produces Nmap-compatible output, so it drops into existing workflows without changes. Useful for recon where stealth matters or when you want fast bulk results without burning through network connections.

The no-contact-to-target guarantee is the main reason to use this — useful for legal/ethical recon where active probing is out of scope. The Nmap flag compatibility is genuinely well-executed; output formats (XML, grepable, JSON) are faithful enough that downstream tooling doesn't notice the difference. The --active hybrid mode is a smart design: collect passive hits first, then run real Nmap only on confirmed-open ports, which can cut active scan time significantly on large target lists. InternetDB queries are unauthenticated, so there's no API key to manage or rate limit to babysit for basic use.

Data is up to 7 days stale by Shodan's own admission — this is fine for survey work but useless if you need current state, like verifying a patch was applied. The ~4000 ports Shodan indexes are a fixed universe; anything running on an unusual port is invisible unless you go fully active. IPv6 is unsupported entirely, which is an increasingly real gap as more infrastructure dual-stacks. The codebase is compact but maintenance has been slow — last meaningful activity is sporadic and the project feels in caretaker mode rather than active development.

View on GitHub →

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →