Header Ads

Header ADS

masscan - fastest Internet port scanner

July 11, 2020 0

This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second.

It produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous transmission. The major difference is that it’s faster than these other scanners. In addition, it’s more flexible, allowing arbitrary address ranges and port ranges.

NOTE: masscan uses a custom TCP/IP stack. Anything other than simple port scans will cause conflict with the local TCP/IP stack. This means you need to either use the -S option to use a separate IP address, or configure your operating system to firewall the ports that masscan uses.

Source:https://gitlab.com/kalilinux/packages/masscan



Features

·         Ultra Fast port scanning: Transmits up to 10M packets/sec ( Capable- NIC & PF_RING Drivers required)

·         Nmap style output

·         Nmap style target specification and options

·         Banner grabbing

·         Basic Vulnerability Scanning like Heartbleed

·         Custom TCP/IP stack

Uses

·         It can be used as a first level recon tool to map the network

·         Enumerate a large no of hosts

·         Enumerate various subnets inside an organization

·         Enumerating the internet!

·         Random scanning for FUN & Knowledge!

1.      Selftest

2.      Scan Google IPs, Banner grabbing from Google IP range & output options

3.      Pausing & Resuming the scan

4.      Exclude specific Addresses & Misc options

5.      Putting all together in the custom configuration



masscan Usage Example

Command: masscan --regres
"Command: masscan 0.0.0.0/4 -p80 --rate 100 --offline
This will scan whole IP address subnets but without going into the internet. 
This won’t produce any worthy results but see the time required for the scan when the rate is 100 
packets/sec."

"Now increase the rate gradually to 1000, 100000 one at a time and see how much your network & system can perform. Compare the times required for all.

Command: masscan 0.0.0.0/4 -p80 --rate 10000000 --offline

In this lab, we scan a range of publically available google IPs. First, we find out what IP does google resolves to and then we perform a port scan on the particular range on ports 80 & 443.

Command: host google.com

This gives the IP of google.com web server. This might differ depending on the location you are in.

Next, we substitute the IP found with its range.

For eg: If the IP we obtained is 216.58.196.12, we use 216.58.196.0/24 to scan IPs 216.58.196.1-254

Command: masscan 216.58.196.0/24 -p80,443
Now we attempt to grab banners from the IPs we scan. For this, we may come across an issue.
 Since masscan uses custom stack the OS may reject the packet. This is well explained in 
the home page of the tool. SO for now we need to specify a separate IP address in the same subnet.

Command: masscan 23.92.56.53 -p 80,443 --banners --source-ip 192.168.1.200

 
 

 

Scan for a selection of ports (-p22,80,445) across a given subnet (192.168.1.0/24):

root@kali:~# masscan -p22,80,445 192.168.1.0/24

Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2014-05-13 21:35:12 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 256 hosts [3 ports/host]
Discovered open port 22/tcp on 192.168.1.217
Discovered open port 445/tcp on 192.168.1.220
Discovered open port 80/tcp on 192.168.1.230

 


Tags:

No comments

Subscribe to: Post Comments ( Atom )
Powered by Blogger.