masscan

masscan

masscan is a high-speed network scanner used for discovering open ports across large networks. It is capable of scanning the entire Internet in under 6 minutes, making it one of the fastest port scanners available. Masscan is used in penetration testing, vulnerability scanning, and network assessments to quickly identify open ports, services, and potential attack vectors.

Common Masscan Options

  • -p (Ports): Specifies which ports to scan. This can be a comma-separated list of individual ports, a range of ports, or a combination of both.
    Example: -p80,443,1000-2000
  • -i (Interface): Defines the network interface to use for scanning. This is useful when the machine has multiple network interfaces.
    Example: -i eth0
  • -o (Output File): Saves the scan results to a specified output file. Masscan supports both XML and JSON formats.
    Example: -o results.xml
  • –rate (Rate): Controls the rate of packets sent per second during the scan. A higher rate can speed up the scan but may overwhelm the network.
    Example: --rate 1000
  • -r (Randomize Targets): Randomizes the order in which IP addresses are scanned to avoid detection by intrusion detection systems (IDS).
    Example: -r
  • -b (Banner Grabbing): Enables banner grabbing, which retrieves information about the services running on the open ports.
    Example: -b

Additional Masscan Options

  • –exclude (Exclude Range): Allows you to exclude certain IP addresses or ranges from the scan. Useful for avoiding known safe or irrelevant networks.
    Example: --exclude 192.168.1.0/24
  • -t (Timeout): Defines the timeout period in milliseconds for the scan. Adjusting this can help manage slower networks.
    Example: -t 500
  • -v (Verbose): Displays detailed output during the scan, useful for debugging or monitoring the scan’s progress.
    Example: -v
  • -w (Web Interface): Enables the web interface for controlling Masscan through a browser.
    Example: -w
  • –source-ip (Source IP Address): Defines the source IP address to use in the packets sent. This is useful for scanning through proxies or VPNs.
    Example: --source-ip 10.0.0.1

Examples of Masscan Commands

  1. Scan a Single IP for Specific Ports: Scan the IP 192.168.1.1 for ports 22 and 80
    > masscan 192.168.1.1 -p22,80
  2. Scan an Entire Range of IPs: Scan all IPs in the 192.168.1.0/24 network for ports 80 and 443
    > masscan 192.168.1.0/24 -p80,443
  3. Scan a Range of Ports: Scan ports 1-1000 on a target IP
    > masscan 192.168.1.1 -p1-1000
  4. Scan with a Custom Rate and Timeout: Scan the IP 192.168.1.1 for ports 80 and 443, setting the rate to 1000 packets per second and a timeout of 500 ms:
    > masscan 192.168.1.1 -p80,443 --rate 1000 -t 500
  5. Scan and Save the Results to a File: Scan a range of IPs and save the results to scan_results.json
    > masscan 192.168.1.0/24 -p80,443 -o scan_results.json
  6. Use Randomized Target Order: Scan the 192.168.1.0/24 network with randomized IP order
    > masscan 192.168.1.0/24 -p80,443 -r
  7. Banner Grabbing: Perform a scan and grab banners for services running on open ports
    > masscan 192.168.1.0/24 -p80,443 -b
  8. Exclude a Specific IP Range: Exclude the range 192.168.2.0/24 from the scan
    > masscan 192.168.1.0/24 -p80,443 --exclude 192.168.2.0/24

Summary

masscan is an incredibly powerful tool that provides rapid scanning capabilities for large networks. By using the options and features outlined above, you can tailor your scans to fit your needs, whether you’re performing penetration testing, network diagnostics, or identifying open ports across massive IP ranges.