ZMap: Open-Source Network Scanner
Network scanning is the most important part of the information gathering process that a hacker penetration tester performs at its very first step; the result of network scanning give an extensive information about the network, its OS, installed IDS/IPS and firewalls, open ports and many other important information.
Selecting the right tool for the principle job is an art, and you are the artist. So select your hacking weapon wisely and if we talk about network scanning then we have Nmap (I think it does not need any introduction, right?). Undoubtedly Nmap is the smart tool that has an ability to get most of the job done but nmap is not the end, we have many other tools and they also have their own merits and demerits and one of them is ZMap.
ZMap can be used to study protocol adoption over time, monitor service availability, and help us better understand large systems distributed across the Internet.
Selecting the right tool for the principle job is an art, and you are the artist. So select your hacking weapon wisely and if we talk about network scanning then we have Nmap (I think it does not need any introduction, right?). Undoubtedly Nmap is the smart tool that has an ability to get most of the job done but nmap is not the end, we have many other tools and they also have their own merits and demerits and one of them is ZMap.
What is ZMap?
ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 5 minutes, approaching the theoretical limit of ten gigabit Ethernet.ZMap can be used to study protocol adoption over time, monitor service availability, and help us better understand large systems distributed across the Internet.
ZMap Examples
By default, ZMap will perform a TCP SYN scan on the specified port at the maximum rate possible. A more conservative configuration that will scan 10,000 random addresses on port 80 at a maximum 10 Mbps can be run as follows:
$ zmap --bandwidth=10M --target-port=80 --max-targets=10000 --output-file=results.csv
Or more concisely specified as:
$ zmap -B 10M -p 80 -n 10000 -o results.csv
ZMap can also be used to scan specific subnets or CIDR blocks. For example, to scan only 10.0.0.0/8 and 192.168.0.0/16 on port 80, run:
zmap -p 80 -o results.csv 10.0.0.0/8 192.168.0.0/16
If the scan started successfully, ZMap will output status updates every one second similar to the following:
0% (1h51m left); send: 28777 562 Kp/s (560 Kp/s avg); recv: 1192 248 p/s (231 p/s avg); hits: 0.04%
0% (1h51m left); send: 34320 554 Kp/s (559 Kp/s avg); recv: 1442 249 p/s (234 p/s avg); hits: 0.04%
0% (1h50m left); send: 39676 535 Kp/s (555 Kp/s avg); recv: 1663 220 p/s (232 p/s avg); hits: 0.04%
0% (1h50m left); send: 45372 570 Kp/s (557 Kp/s avg); recv: 1890 226 p/s (232 p/s avg); hits: 0.04%
These updates provide information about the current state of the scan and are of the following form: %-complete (est time remaining); packets-sent curr-send-rate (avg-send-rate); recv: packets-recv recv-rate (avg-recv-rate); hits: hit-rate.
If you do not know the scan rate that your network can support, you may want to experiment with different scan rates or bandwidth limits to find the fastest rate that your network can support before you see decreased results.