Comprehensive Guide to Tyan: A High-Performance Intranet Security Scanner

Introduction

In the era of escalating cybersecurity threats, efficient network scanning tools have become indispensable for IT professionals. Tyan (天眼), an open-source intranet security scanner written in Rust, stands out with its high-speed concurrency and modular architecture. This guide provides an in-depth exploration of Tyan’s capabilities, installation methods, and practical applications, tailored for technical professionals and cybersecurity enthusiasts.

Core Features Breakdown

Tyan combines precision with speed through its asynchronous runtime architecture. Here’s a technical dissection of its key components:

1. Intelligent Host Discovery

  • Dual Detection Modes
    Choose between ICMP Ping or System Ping based on network configurations:

    # Use system-level ping
./tyan -h 192.168.1.0/24 --ping

  • Network Range Support
    Accepts CIDR notation (192.168.1.0/24) and IP ranges (192.168.1.1-100)

2. Advanced Port Scanning Engine

Parameter Function Default Value
-p Target ports 21,22,80,443,3306,6379,8080
--exclude-ports Exclude ports None
-t Thread count 60

Example:

# Scan ports 8000-8100 while excluding 3306
./tyan -h 10.0.0.1 -p 8000-8100 --exclude-ports 3306

3. Service Fingerprinting System

  • Protocol detection for SSH, HTTP, RabbitMQ, and more
  • Version identification accuracy >90%
  • Extensible plugin architecture for new protocols

4. Security Testing Modules

  • SSH Brute-Force Protection Test
    20-thread concurrent password testing:

    # Trigger SSH module automatically
./tyan -h 192.168.1.10 -p 22

  • Web Vulnerability Detection
    Built-in POC verification for common vulnerabilities (SQLi, XSS, etc.)

Installation Guide

System Compatibility

  • Windows 10/11, macOS Monterey+, Linux Kernel 5.4+
  • Single executable with zero dependencies

Installation Methods Comparison

Method Use Case Complexity Update Flexibility
Pre-built Binaries Quick deployment ★☆☆☆☆ Manual updates
Source Compilation Custom builds ★★★☆☆ Git-based updates
Docker (Upcoming) Containerized environments ★★☆☆☆ Automated updates

Step-by-Step Instructions

Method 1: Pre-compiled Binaries

  1. Visit GitHub Releases
  2. Download appropriate version:

    • Windows: tyan-windows.exe
    • macOS: tyan-macos
    • Linux: tyan-linux

Method 2: Source Compilation

# Install Rust toolchain
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

# Build from source
git clone https://github.com/TheBlindM/Tyan.git
cd Tyan && cargo build --release

# Install system-wide
sudo cp target/release/tyan /usr/local/bin/

Practical Use Cases

Case 1: Enterprise Asset Inventory

# Full port scan without host discovery
./tyan -h 192.168.2.0/24 --no-ping -p 1-65535 -t 200

Key Parameters:

  • --no-ping: Bypass host discovery
  • -t 200: Increase throughput for large networks

Case 2: Web Service Audit

# Detect web services with fingerprinting
./tyan -h 10.10.1.50 -p 80,443 -f -o web_audit.md

Report Includes:

  1. HTTP header analysis
  2. Website title extraction
  3. Middleware version detection
  4. Vulnerability matching results

Case 3: SSH Security Validation

# Test SSH configuration hardening
./tyan -h 172.16.32.1-172.16.32.50 -p 22 --disable-brute

The --disable-brute flag focuses on service configuration checks rather than password cracking.

Advanced Configuration

Performance Tuning

  1. Thread Optimization Formula
    Recommended Threads = CPU Cores × 50
    (e.g., 4-core CPU → 200 threads)

  2. Timeout Settings

    • LAN: 3 seconds
    • WAN: 5-8 seconds

Diagnostic Logging

# Enable debug logging
RUST_LOG=debug ./tyan -h 192.168.1.1 -p 80

Log Levels:

  • error: Critical failures
  • warn: Non-critical issues
  • info: Operational details
  • debug: Technical diagnostics

Frequently Asked Questions (FAQ)

Q1: How to handle false positives?

  • Increase --timeout value
  • Adjust --retries (default: 3)
  • Use precise scan mode: -m ModeService

Q2: Can I use custom password dictionaries?

Current version uses built-in wordlists. Modify src/modules/ssh_brute.rs for customization.

Q3: Slow scanning on Windows?

  • Disable real-time antivirus
  • Run CMD as Administrator
  • Reduce threads to <100

Q4: How to integrate with SIEM systems?

Export JSON results and convert using scripts:

import json
with open('results.json'as f:
    data = json.load(f)
    # Add transformation logic

Development Roadmap

Per project documentation, future versions will introduce:

  1. Distributed scanning capabilities
  2. Docker container support
  3. Automatic vulnerability database updates
  4. Graphical reporting interface

Conclusion

Tyan establishes itself as a robust solution for modern network security challenges, balancing speed and comprehensive detection. By implementing the strategies outlined in this guide, security teams can effectively enhance their network monitoring and vulnerability management practices.

Project Repository: https://github.com/TheBlindM/Tyan
License: MIT License