masscan v1.3.2 releases: fast TCP port scanner
masscan: fast TCP port scanner
This is an Internet-scale port scanner. It can scan the entire Internet in under 5 minutes, transmitting 10 million packets per second, from a single machine.
Its usage (parameters, output) is similar to nmap, the most famous port scanner. When in doubt, try one of those features — features that support widespread scanning of many machines are supported, while in-depth scanning of single machines isn’t.
Internally, it uses asynchronous transmission, similar to port scanners like scanrand, unicornscan, and ZMap. It’s more flexible, allowing arbitrary port and address ranges.
NOTE: masscan uses its own ad hoc TCP/IP stack. Anything other than simple port scans may cause conflict with the local TCP/IP stack. This means you need to use either the –src-ip option to run from a different IP address or use –src-port to configure which source ports masscan uses, then also configure the internal firewall (like pf or iptables) to firewall those ports from the rest of the operating system.
Masscan can do more than just detect whether ports are open. It can also complete the TCP connection and interaction with the application at that port in order to grab simple “banner” information.
Masscan supports banner checking on the following protocols:
The problem with this is that masscan contains its own TCP/IP stack separate from the system you run it on. When the local system receives an SYN-ACK from the probed target, it responds with an RST packet that kills the connection before masscan can grab the banner.
- support for some VPNs
apt-get install masscan
or$ sudo apt-get install git gcc make libpcap-dev $ git clone https://github.com/robertdavidgraham/masscan $ cd masscan $ make
masscan <address ranges> -p <portlist> [parameters]
Scan the ranges 10.0.0.0/8 and 192.168.1.1/24 for the open ports 80 and 443 :
masscan 10.0.0.0/8 192.168.1.1/24 -p80,443
Scan and collect banners ( HTTP server versions, HTML headers, etc.):
masscan 192.168.0.0/16 -p80,443 --banners
Scan to the open 80th port and scan via ICMP ( Ping scan ):
masscan 192.168.0.0/16 -p80 --ping
Scan and record the results and create a result.xml file with the results:
masscan 192.168.0.0/16 -p80 -oX result.xml
-oB – binary format;
-oX – XML format;
-oG – compatible with grep ;
-oJ – JSON format;
-oL is a simple list.
When scanning, send packets with a speed of no more than 1.000.000 packets per second:
masscan 192.168.0.0/16 -p80 --rate 1000000
The rate parameter can have a wide range of values:
-rate 0.1 – 1 packet in 10 seconds;
-rate 10000000 – 10M packets per second.
The Masscan utility is suitable for quickly scanning large ranges of addresses but requires root rights
Copyright (c) 2013 Robert David Graham