zmap is an open-source network scanner designed for high-speed, large-scale network surveys. It is widely used by network administrators, penetration testers, and researchers to scan IP address ranges for open ports and services. ZMap is optimized for performance and is especially useful for performing quick scans over large networks or the entire Internet.
Common ZMap Options and Switches
-i
Specifies the target IP address or range to scan. You can use CIDR notation (e.g., 192.168.1.0/24) or specific IP addresses (e.g., 192.168.1.1).
-p
Defines the port or range of ports to scan. You can scan individual ports (e.g., -p 80) or a range of ports (e.g., -p 80-443).
-r
Sets the scan rate, or packets per second (pps). This option controls the speed of the scan, with higher values scanning faster but potentially being more detectable.
-B
Limits the bandwidth usage of the scan, preventing overloads on the network or the scanning machine itself.
-o
Specifies which fields to include in the output. For example, you can include the source IP address or success rate.
-O
Saves the results to an output file. Use this option to store scan results in a specified file for later analysis.
-sS
Performs a SYN scan, which is faster and stealthier than a full TCP handshake scan.
-sT
Uses a TCP connect scan, which attempts to complete the full TCP handshake. This method is slower but less likely to be blocked.
-T<0-5>
Defines the scan speed (timing template), with -T0 being the slowest (stealthiest) and -T5 being the fastest but more detectable.
-v
Enables verbose output to provide more detailed information about the scan’s progress.
-iL
Reads input from a file that contains a list of target IPs or ranges to scan.
-6
Enables IPv6 scanning, allowing you to scan IPv6 addresses.
Example ZMap Commands
Basic IP Scan> zmap -i 192.168.1.0/24 -p 80
This command scans the 192.168.1.0/24 network for open HTTP ports (port 80).
Scan Multiple Ports> zmap -i 192.168.1.0/24 -p 22,80,443
Scans ports 22 (SSH), 80 (HTTP), and 443 (HTTPS) on the network.
Scan with Rate Limit> zmap -i 192.168.1.0/24 -p 80 -r 1000
Scans port 80 (HTTP) on the network, sending 1000 packets per second.
Save Output to File> zmap -i 192.168.1.0/24 -p 80 -O output.txt
Saves the scan results to output.txt.
Scan with IPv6> zmap -i 2001:db8::/32 -p 80 -6
Scans an IPv6 network for open HTTP ports (port 80).
Use Cases
ZMap is ideal for:
- Network discovery: Quickly identifying open ports across a large IP range.
- Security auditing: Assessing large networks for exposed services and vulnerabilities.
- Penetration testing: Scanning target networks during security assessments.
- Internet-wide scans: Performing scans across the entire Internet for research and analysis.