Masscan What is it? ：

MASSCAN yes TCP Port scanner , It transmits asynchronously SYN Data packets , The results are similar to the most famous port scanner nmap be similar . In the internal , It's more like scanrand、unicornscan and ZMap, Use asynchronous transmission . It is a flexible utility , Allow any address and port range .
Masscan in the light of TCP Port scan , Use SYN How to scan , Don't build a complete TCP Connect , Instead, first send a SYN Packet to destination port , Then wait to receive . If you receive SYN-ACK package , It indicates that the port is open , At this point, send a RST End the setup process ; otherwise , If the target returns RST, The port is not open .

Masscan usage ：

usage ：
masscan-P80,8000-8100 10.0.0.0/8 --rate=10000
With 10kpps Speed scan 10.0.0.0 Some of the web port

masscan–nmap
List and nmap Compatible options

masscan -p80 10.0.0.0/8 --banners -oB < file name >
Save the scan results in binary format to < file name >

masscan --open --banners --readscan < file name > -oX< Save the file >
stay < file name > Read binary scanning results in , And in < Save the file >

Masscan Example ：

The code is as follows ：
sudo masscan -p80-445 192.168.10.104 --rate=1000

┌──(zst㉿kali)-[~]
└─$ sudo masscan -p80-445 192.168.10.104 --rate=10000
[sudo] zst Password ：
Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-05-21 12:44:13 GMT
Initiating SYN Stealth Scan
Scanning 1 hosts [366 ports/host]
Discovered open port 135/tcp on 192.168.10.104
Discovered open port 443/tcp on 192.168.10.104
Discovered open port 139/tcp on 192.168.10.104
Discovered open port 80/tcp on 192.168.10.104
Discovered open port 445/tcp on 192.168.10.104

The code is as follows ：
sudo masscan 192.168.10.104 -p 80-445 --banners --source-ip 192.168.1.102

┌──(zst㉿kali)-[~]
└─$ sudo masscan 192.168.10.104 -p 80-445 --banners --source-ip 192.168.1.102
Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-05-21 12:51:51 GMT
Initiating SYN Stealth Scan
Scanning 1 hosts [366 ports/host]
Discovered open port 443/tcp on 192.168.10.104
Discovered open port 80/tcp on 192.168.10.104
Discovered open port 445/tcp on 192.168.10.104
Discovered open port 139/tcp on 192.168.10.104
Discovered open port 135/tcp on 192.168.10.104
Banner on port 445/tcp on 192.168.10.104: [smb] SMBv2 guid=4bc6aef7-5aa6-4fe2-a66c->bec10e940ad9 time=2022-05-21 12:51:55 domain=DESKTOP-CK1PJQL version=10.0.19041 >ntlm-ver=15 domain=DESKTOP-CK1PJQL name=DESKTOP-CK1PJQL domain-dns=DESKTOP->CK1PJQL name-dns=DESKTOP-CK1PJQL
Banner on port 80/tcp on 192.168.10.104: [http.server] Microsoft-IIS/10.0
Banner on port 80/tcp on 192.168.10.104: [title] IIS 10.0 \xe8\xaf\xa6\xe7\xbb\x86\xe9\x94\x99\xe8\xaf\xaf - 500.19 - Internal Server Error
Banner on port 80/tcp on 192.168.10.104: [http] HTTP/1.1 500 Internal Server >Error\x0d\x0aCache-Control: private\x0d\x0aContent-Type: text/html; charset=utf->8\x0d\x0aServer: Microsoft-IIS/10.0\x0d\x0aDate: Sat, 21 May 2022 12:51:54 >GMT\x0d\x0aConnection: close\x0d\x0aContent-Length: 4455\x0d\x0a\x0d
Banner on port 139/tcp on 192.168.10.104: [smb] ERROR(Called name not present)

Advanced instruction ：

Scan the entire Internet :

The code is as follows ：
masscan 0.0.0.0/0 -p0-65535
After inputting this instruction ,masscan Go back :

error ： Wrong exclusion address / Range ：255.255.255.255
Failure ： Range is too big , Need to confirm
[ Tips ] To prevent accidents , At least one... Must be specified –exclude
[ Tips ] Use “- exclude 255.255.255.255” As a simple confirmation

The code is as follows ：
sudo masscan 0.0.0.0/0 -p 0-65535 --exclude 255.255.255.255

┌──(zst㉿kali)-[~]
└─$ sudo masscan 0.0.0.0/0 -p 0-65535 --exclude 255.255.255.255
Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-05-21 12:59:29 GMT
Initiating SYN Stealth Scan
Scanning 4294967295 hosts [65536 ports/host]
Discovered open port 52017/tcp on 154.212.218.172
Discovered open port 23850/tcp on 170.228.216.127
Discovered open port 17845/tcp on 192.56.172.170
Discovered open port 56153/tcp on 186.65.215.140
Discovered open port 56196/tcp on 172.65.114.243
Discovered open port 6323/tcp on 171.67.71.216
Discovered open port 38378/tcp on 154.216.4.252
Discovered open port 56263/tcp on 172.65.20.54
Discovered open port 43861/tcp on 155.101.154.97
Discovered open port 19958/tcp on 34.117.73.47
Discovered open port 43578/tcp on 156.254.87.55
Discovered open port 46961/tcp on 164.155.145.143
Discovered open port 61751/tcp on 50.116.165.230
rate: 0.10-kpps , 0.00% done,184455:52.45 remaining, found=23

The scanning time . It seems a little long . This is a sad story .

The code is as follows ：
masscan 192.168.10.104 -p0-445 -oX m1.xml

┌──(root㉿kali)-[/home/zst]
└─# masscan 192.168.10.104 -p0-445 -oX m1.xml
Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-05-21 13:30:11 GMT
Initiating SYN Stealth Scan
Scanning 1 hosts [446 ports/host]

Masscan After scanning, generate xml file .




Sometimes the scanning time is really long . Then acceleration can solve this problem .

The code is as follows ：
masscan 192.168.10.104 -p0-445 --max-rate 100000

┌──(root㉿kali)-[/home/zst]
└─# masscan 192.168.10.104 -p0-445 --max-rate 100000
Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-05-21 13:36:10 GMT
Initiating SYN Stealth Scan
Scanning 1 hosts [446 ports/host]
Discovered open port 443/tcp on 192.168.10.104
Discovered open port 139/tcp on 192.168.10.104

–max-rate 100000. Increase the rate to per second 100000 A packet , This will be on each port approximately 10 Scan the whole within hours Internet（ barring ）, If you scan all ports , Then scan 655,360 Hours ）

Combined instructions < My favorite instruction >. The code is as follows ：
masscan 192.168.10.104 -p0-445 --max-rate 100000 -oX as.xml

┌──(root㉿kali)-[/home/zst]
└─# masscan 192.168.10.104 -p0-445 --max-rate 100000 -oX as.xml
Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-05-21 13:40:05 GMT
Initiating SYN Stealth Scan
Scanning 1 hosts [446 ports/host]
rate: 0.00-kpps, 100.00% done, waiting -27-secs, found=0

Increase the rate to per second 100000 Data packets are then stored in as.xml file .

summary ：

These are the contents of this issue , It mainly introduces masscan What is it and how to use it .