GoMap — BushidoCyber

What it is

GoMap is a lightweight, nmap-inspired network scanner written in Go. It compiles to a single static binary and delivers the core of network reconnaissance — host discovery, port scanning, service and version detection, OS fingerprinting, and vulnerability matching — behind a clean CLI.

It's built for authorized security testing where you want nmap's essentials without the footprint: fast concurrent scans, accurate open/closed/filtered classification, and resumable runs over large subnets.

Scan types

Pick the technique that fits the target and your privileges — with honest open / closed / filtered classification on every port:

tcp TCP Connect

Unprivileged default
full three-way handshake

syn SYN scan

Half-open, root-only
quieter, faster

udp UDP scan

Protocol payloads
DNS · NTP · SNMP · NetBIOS

disco Host discovery

ICMP + TCP probes
ARP sweep (root/Linux)
-Pn to skip discovery

Filtered ports are recovered with probe retransmission (-retries), UDP closed ports are confirmed via ICMP port-unreachable, and every result carries reverse-DNS enrichment.

Detection & intelligence

Service & version detection — banner grabbing with TLS-aware handshake completion on encrypted protocols, plus certificate inspection (CN, SAN, issuer, expiry) to identify the service behind the port.
OS fingerprinting — heuristics from TTL, TCP window size, option ordering, and service hints; results are clearly flagged as heuristic and marked ambiguous when corroboration is thin.
Vulnerability matching — built-in ExploitDB integration matches detected versions to CVE and EDB-IDs with Metasploit module references and severity color-coding; unconfirmed findings are labeled as such, and the database self-updates with -searchsploit-update.
Script engine — 51 built-in NSE-like scripts across auth, discovery, vuln, version, and safe categories, run concurrently on an extensible architecture.

Control & performance

Concurrency you tune — configurable worker threads (-threads) and per-subnet host concurrency (-host-threads), with automatic thread reduction on high-port scans to avoid ephemeral-port exhaustion.
Six timing templates — -T0 (paranoid) through -T5 (insane), plus a global probe-rate cap (-max-rate) to protect legacy devices and shrink your IDS footprint.
Scope management — CIDR subnets, file-based target lists (-iL), and IP/CIDR exclusions (-exclude / -exclude-file).
Resumable scans — -resume records progress and skips completed hosts, and Ctrl-C cancels gracefully while still returning partial results.
Live feedback — a progress bar with current rate and ETA across large port ranges.

Output formats

Write results to file in the format that fits your pipeline:

TXT (default)JSONXMLnmap greppable

Usage

A few representative invocations — full reference via ./gomap -v and -script-help:

./gomap -target example.com -service -os        # services + OS
./gomap -target example.com -ports 1-65535 -sV  # all ports, versions
sudo ./gomap -target 192.168.1.0/24 -arp        # subnet, ARP sweep
./gomap -iL targets.txt -ports 22,80,443 -sV    # target list
./gomap -target example.com -ports 1-1000 -vuln # ExploitDB matching
./gomap -target 10.0.0.0/24 -resume scan.state  # resumable

Requirements

BuildA Go compiler — produces a single static binary

Root / adminNeeded for SYN scans, ICMP discovery, and ARP sweeps

Native ARPLinux (AF_PACKET); other OSes get a graceful fallback

Get it running

Clone, build the binary with the Go toolchain, and scan:

git clone https://github.com/BushidoCyb3r/gomap.git
cd gomap
go build -o gomap .
./gomap -target example.com -service -os

Use only on systems you are authorized to scan. GoMap sends active probes. Full flag reference and more examples are in the README.

G

Scan, your way

nmap's essentials in one fast Go binary — host discovery, versions, OS, and vulns, with resumable runs over whole subnets.

View on GitHub ↗ ← All projects