How to use the command 'masscan' (with examples)
Masscan is a network scanner designed to scan as fast as possible. It is recommended to run the command with elevated privileges and it also has Nmap compatibility.
Use case 1: Scan an IP or network subnet for port 80
Code:
masscan ip_address|network_prefix --ports 80
Motivation: This use case is useful when you want to quickly scan an IP address or a network subnet to find open port 80, which is commonly used for web traffic.
Explanation:
ip_address|network_prefix: Replace this with the actual IP address or network prefix you want to scan. For example, 192.168.0.1 or 192.168.0.0/24.--ports 80: Specifies the port to scan, in this case, port 80.
Example output:
Starting Masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-01-01 00:00:00 GMT
Initiating SYN Stealth Scan
Scanning 192.168.0.1/24 [1 port]
Discovered open port 80/tcp on 192.168.0.100
Completed SYN Stealth Scan at 2022-01-01 00:00:10 GMT
Use case 2: Scan a class B subnet for the top 100 ports at 100,000 packets per second
Code:
masscan 10.0.0.0/16 --top-ports 100 --rate 100000
Motivation: This use case is helpful when you want to scan a class B subnet (e.g., 10.0.0.0/16) to find the top 100 open ports at a high scanning rate.
Explanation:
10.0.0.0/16: The class B subnet to scan. Replace it with the desired subnet.--top-ports 100: Specifies the number of top ports to scan, in this case, top 100 ports.--rate 100000: Sets the scanning rate to 100,000 packets per second.
Example output:
Starting Masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-01-01 00:00:00 GMT
Initiating SYN Stealth Scan
Scanning 10.0.0.0/16 [100 ports]
Discovered open port 22/tcp on 10.0.0.1
Discovered open port 80/tcp on 10.0.0.10
...
Completed SYN Stealth Scan at 2022-01-01 00:00:10 GMT
Use case 3: Scan a class B subnet avoiding ranges from a specific exclude file
Code:
masscan 10.0.0.0/16 --top-ports 100 --excludefile path/to/file
Motivation: This use case is useful when you want to scan a class B subnet but exclude certain IP ranges specified in an exclude file.
Explanation:
10.0.0.0/16: The class B subnet to scan. Replace it with the desired subnet.--top-ports 100: Specifies the number of top ports to scan, in this case, top 100 ports.--excludefile path/to/file: Specifies the path to the exclude file which contains IP ranges to exclude from scanning.
Example output:
Starting Masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-01-01 00:00:00 GMT
Initiating SYN Stealth Scan
Scanning 10.0.0.0/16 [100 ports]
Discovered open port 22/tcp on 10.0.0.1
Discovered open port 80/tcp on 10.0.0.10
...
Completed SYN Stealth Scan at 2022-01-01 00:00:10 GMT
Use case 4: Scan the Internet for port 443
Code:
masscan 0.0.0.0/0 --ports 443 --rate 10000000
Motivation: This use case is used when you want to scan the entire Internet for open port 443, which is commonly used for HTTPS connections.
Explanation:
0.0.0.0/0: Scans the entire Internet.--ports 443: Specifies the port to scan, in this case, port 443.--rate 10000000: Sets the scanning rate to 10,000,000 packets per second.
Example output:
Starting Masscan 1.3.2 (http://bit.ly/14GZzcT) at 2022-01-01 00:00:00 GMT
Initiating SYN Stealth Scan
Scanning 0.0.0.0/0 [1 port]
Discovered open port 443/tcp on 1.2.3.4
Discovered open port 443/tcp on 5.6.7.8
...
Completed SYN Stealth Scan at 2022-01-01 00:00:10 GMT
Use case 5: Scan the Internet for a specific port range and export to a file
Code:
masscan 0.0.0.0/0 --ports 0-65535 --output-format binary|grepable|json|list|xml --output-filename path/to/file
Motivation: This use case is helpful when you want to scan the entire Internet for a specific port range (0-65535) and export the results to a file in a desired format.
Explanation:
0.0.0.0/0: Scans the entire Internet.--ports 0-65535: Specifies the port range to scan, in this case, port 0 to 65535.--output-format: Specifies the format of the output. Choose one of the options: binary, grepable, json, list, or xml.--output-filename path/to/file: Specifies the path and filename to save the output.
Example output:
Scan results saved to 'path/to/file'
Conclusion:
Masscan is a powerful network scanning tool that allows you to scan IP addresses, network subnets, or even the entire Internet for open ports. By using various options like specifying ports, setting scanning rates, excluding IP ranges, and exporting results, you can customize the scanning process according to your requirements.
