massive discovery at layer 4 (tcp & udp ports)

playing with masscan

for the parallelized flavor of network discovery, there’s masscan!

install

see masscan-install

preliminaries

start an env that stays around for ever

    screen -S mass

check version and list options compatible with nmap

    masscan -V
    masscan --nmap

the defaults are

    -sS -Pn -n --randomize-hosts -v --send-eth

check the actual resulting command as such

    masscan ... --echo

usage

    masscan $cidr --rate=50000 --open-only --banners

    ‐‐top-ports 1000
        -p0-65535,U:0-65535

more options

    -iL /root/scan.list
    -oJ /root/mass.json
    -oG /root/mass.grep

you might as well hardcode the settings in a file

    ls -lF /etc/masscan/masscan.conf # no exist
    mkdir -p /etc/masscan/
    vi /etc/masscan/masscan.conf

    rate = 100000
    output-format = json
    output-status = all
    output-filename = scan.json
    ports = 0-65535

public network

there’s a few more tricks to take into account if you target the whole internet – see masscan-public

deal with the results

either parse and send the json to some log server –or– simply proceed with the grep-ready output

    grep -v ^# /root/mass.grep | sort -V -k4

resources

https://github.com/robertdavidgraham/masscan/blob/master/doc/masscan.8.markdown

https://danielmiessler.com/study/masscan/

https://stackoverflow.com/questions/51005045/performing-a-masscan-on-an-input-file-containing-domain-names

https://techyrick.com/masscan-full-tutorial/ ==> -pU:53, –http-user-agent


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Licensed under MIT