MASSCAN - Mass IP port scanner (fastest Internet port scanner)
This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second.
It produces results similar to
nmap
, the most famous port scanner. Internally, it operates more like scanrand
, unicornscan
, and ZMap
, using asynchronous transmission. The major difference is that it's faster than these other scanners. In addition, it's more flexible, allowing arbitrary address ranges and port ranges.NOTE: masscan uses a custom TCP/IP stack. Anything other than simple port scans will cause conflict with the local TCP/IP stack. This means you need to either use the
-S
option to use a separate IP address, or configure your operating system to firewall the ports that masscan uses.This tool is free, but consider funding it here: 1MASSCANaHUiyTtR3bJ2sLGuMw5kDBaj4T
On Debian/Ubuntu, it goes something like this: Building
$ sudo apt-get install git gcc make libpcap-dev
$ git clone https://github.com/robertdavidgraham/masscan
$ cd masscan
$ make
This puts the program in the
masscan/bin
subdirectory. You'll have to manually copy it to something like /usr/local/bin
if you want to install it elsewhere on the system.The source consists of a lot of small files, so building goes a lot faster by using the multi-threaded build:
$ make -j
While Linux is the primary target platform, the code runs well on many other systems. Here's some additional build info:
- Windows w/ Visual Studio: use the VS10 project
- Windows w/ MingGW: just type
make
- Windows w/ cygwin: won't work
- Mac OS X /w XCode: use the XCode4 project
- Mac OS X /w cmdline: just type
make
- FreeBSD: type
gmake
- other: I don't know, don't care
Usage
Usage is similar tonmap
. To scan a network segment for some ports:# masscan -p80,8000-8100 10.0.0.0/8
This will:
- scan the 10.x.x.x subnet, all 16 million addresses
- scans port 80 and the range 8000 to 8100, or 102 addresses total
- print output to
that can be redirected to a file
--echo
feature. This dumps the current configuration and exits. This output can be used as input back into the program:# masscan -p80,8000-8100 10.0.0.0/8 --echo > xxx.conf
# masscan -c xxx.conf --rate 1000