masscan v1.3.2 releases: fast TCP port scanner

masscan

masscan: fast TCP port scanner

This is an Internet-scale port scanner. It can scan the entire Internet in under 5 minutes, transmitting 10 million packets per second, from a single machine.

Its usage (parameters, output) is similar to nmap, the most famous port scanner. When in doubt, try one of those features — features that support widespread scanning of many machines are supported, while in-depth scanning of single machines isn’t.

Internally, it uses asynchronous transmission, similar to port scanners like scanrand, unicornscan, and ZMap. It’s more flexible, allowing arbitrary port and address ranges.

NOTE: masscan uses its own ad hoc TCP/IP stack. Anything other than simple port scans may cause conflict with the local TCP/IP stack. This means you need to use either the –src-ip option to run from a different IP address or use –src-port to configure which source ports masscan uses, then also configure the internal firewall (like pf or iptables) to firewall those ports from the rest of the operating system.

Masscan can do more than just detect whether ports are open. It can also complete the TCP connection and interaction with the application at that port in order to grab simple “banner” information.

Masscan supports banner checking on the following protocols:

  • FTP
  • HTTP
  • IMAP4
  • memcached
  • POP3
  • SMTP
  • SSH
  • SSL
  • SMBv1
  • SMBv2
  • Telnet
  • RDP
  • VNC

The problem with this is that masscan contains its own TCP/IP stack separate from the system you run it on. When the local system receives an SYN-ACK from the probed target, it responds with an RST packet that kills the connection before masscan can grab the banner.

Changelog v1.3.2

  • support for some VPNs
  • fixes

Install

apt-get install masscan 

or

$ sudo apt-get install git gcc make libpcap-dev
$ git clone https://github.com/robertdavidgraham/masscan
$ cd masscan
$ make

Syntax

masscan <address ranges> -p <portlist> [parameters]

Example

Scan the ranges 10.0.0.0/8 and 192.168.1.1/24 for the open ports 80 and 443 :

masscan 10.0.0.0/8 192.168.1.1/24 -p80,443

Scan and collect banners ( HTTP server versions, HTML headers, etc.):

masscan 192.168.0.0/16 -p80,443 --banners

Scan to the open 80th port and scan via ICMP ( Ping scan ):

masscan 192.168.0.0/16 -p80 --ping

Scan and record the results and create a result.xml file with the results:

masscan 192.168.0.0/16 -p80 -oX result.xml

Output formats:

-oB – binary format;
-oX – XML format;
-oG – compatible with grep ;
-oJ – JSON format;
-oL is a simple list.

When scanning, send packets with a speed of no more than 1.000.000 packets per second:

masscan 192.168.0.0/16 -p80 --rate 1000000

The rate parameter can have a wide range of values:

-rate 0.1 – 1 packet in 10 seconds;
-rate 10000000 – 10M packets per second.

The Masscan utility is suitable for quickly scanning large ranges of addresses but requires root rights

Copyright (c) 2013 Robert David Graham

Source: https://github.com/robertdavidgraham/