Port Scanning-Masscan
What is Masscan?
Masscan is an ultra-fast port scanner capable of scanning large networks in a short time. It provides similar functionality to Nmap but is optimized for high-speed scanning, allowing it to scan millions of IPs and ports within minutes.
Key Features of Masscan
Extremely Fast Scanning
Can send over 10 million packets per second on a single machine.
Can scan the entire IPv4 internet in about 6 minutes.
Asynchronous Scanning
Uses its own custom packet generation engine for optimized performance.
Much faster than traditional scanners like Nmap.
Nmap Compatibility
Can output results in a format similar to Nmap.
However, it does not support all of Nmap's advanced features (e.g., service detection using a full TCP 3-way handshake).
Flexible Target and Port Specification
Allows scanning of specific networks or the entire internet.
Can target specific ports (e.g., HTTP port 80, HTTPS port 443, etc.).
Basic Usage of Masscan
masscan -p80 192.168.1.0/24 --rate=10000
-p80: Scan port 80 (HTTP).192.168.1.0/24: Target subnet.--rate=10000: Send 10,000 packets per second.
Example: Scanning the entire internet (IPv4)
masscan 0.0.0.0/0 -p443 --rate=100000
0.0.0.0/0: Scan the entire IPv4 address space.-p443: Scan for HTTPS servers.--rate=100000: Set the scan rate to 100,000 packets per second.
Important Masscan Options
| Option | Description |
-p | Specify ports to scan (e.g., -p80,443,22). |
-p0-65535 | Scan all 65,536 ports on the target. |
--rate | Set packet transmission speed (higher values increase speed but may cause packet loss). |
-iL <file> | Read target IPs from a file. |
-oL <file> | Save scan results to a file. |
-e <interface> | Specify network interface to use (useful for multi-NIC systems). |
--banners | Capture service banners when scanning. |
--exclude <IP> | Exclude specific IPs or ranges from scanning. |
--exclude-file <file> | Exclude IPs listed in a file. |
Limitations of Masscan
Does not complete TCP connections → Cannot detect services without additional scanning (e.g., Nmap service detection is required).
Consumes high network bandwidth → May trigger firewall or IDS/IPS alerts.
Legal Concerns → Unauthorized scanning can be illegal, so always obtain permission before use.
Masscan vs. Nmap
| Feature | Masscan | Nmap |
| Scanning Speed | Extremely fast (asynchronous) | Slower (uses TCP 3-way handshake) |
| Service Detection | Not supported | Supported |
| Firewall Evasion | Difficult | Possible (with various techniques) |
| Packet Generation | Uses its own engine | Uses the OS network stack |