TL;DR:
Nerva is a high-performance, open-source CLI tool for identifying services running on open ports. It fingerprints 120+ protocols across TCP, UDP, and SCTP, averages 4× faster than nmap -sV, and maintains 99% detection accuracy. Written in Go as a single binary, it helps security teams move from port discovery to actionable service intelligence fast.
The Recon Bottleneck Nobody Talks About
I spend most of my time breaking into things for a living. Networks, web apps, cloud infrastructure. And in every engagement, there’s a moment during recon where I’m staring at a list of open ports thinking:
What is actually running here?
Port numbers don’t tell the full story.
-
8080might be a forgotten dev server -
9200could be an exposed Elasticsearch cluster -
4840might be OPC-UA in an OT network -
6443could be a Kubernetes API that should never be internet-facing
We have excellent tools for discovering open ports.
Masscan. RustScan. Naabu.
Port discovery is a solved problem.
Service identification is not.
And that gap slows everything down.
The Gap Between Discovery and Understanding
After a fast scan, you might have thousands of open ports across hundreds of hosts. Now comes the real question:
What are they?
Nmap does service detection well. But it prioritizes accuracy over speed. When you're fingerprinting thousands of endpoints, it becomes the bottleneck.
Tools like zgrab2 are fast, but they assume you already know what protocol you’re targeting.
That assumption is the problem.
Across multiple engagements, we kept hitting the same friction point:
- Great port discovery
- No purpose-built, high-speed service fingerprinting layer
So we built one.
Meet Nerva
Nerva is an open-source service fingerprinting tool.
You give it a host and port.
It tells you what’s running.
- 120+ protocols
- TCP, UDP, and SCTP support
- Single Go binary
- Zero dependencies
Install
bash
go install github.com/praetorian-inc/nerva/cmd/nerva@latest
Top comments (0)