Skip to content

masscan - An IP scanner

Masscan was designed to deal with large networks and to scan thousands of Ip addresses at once. It’s faster than nmap but probably less accurate.

Installation

1
2
3
4
sudo apt-get install git gcc make libpcap-dev
git clone https://github.com/robertdavidgraham/masscan
cd masscan/
make

"make" puts the program in the masscan/bin subdirectory. To install it (on Linux) run:

1
make install

The source consists of a lot of small files, so building goes a lot faster by using the multi-threaded build. This requires more than 2gigs on a Raspberry Pi (and breaks), so you might use a smaller number, like -j4 rather than all possible threads.

1
make -j

Make sure that is running properly:

1
2
cd bin
./masscan --regress

Usage

Usage is similar to nmap. To scan a network segment for some ports:

1
2
./masscan -p22,80,443,53,3389,8080,445 -Pn --rate=800 --banners 10.0.2.1/24 -e tcp0 --router-ip 10.0.2.456  --echo >  masscan.conf
# To see the complete list of options, use the `--echo` feature. This dumps the current configuration and exits. This output can be used as input back into the program:

Another example:

1
2
3
4
masscan -p80,8000-8100 10.0.0.0/8 2603:3001:2d00:da00::/112
# This will scan the `10.x.x.x` subnet, and `2603:3001:2d00:da00::x` subnets
# Scan port 80 and the range 8000 to 8100, or 102 ports total, on both subnets
# Print output to `<stdout>` that can be redirected to a file

Editing config file

1
2
nano masscan.conf
# here, you add:  output-filename = scan.list //also json, xml

Now to tun it again using the configuration file: 

1
masscan -c masscan.conf
Last update: 2023-05-02
Created: January 3, 2023 12:54:46