massive discovery at layer 4 (tcp & udp ports)

playing with masscan

for the parallelized flavor of network discovery, there’s masscan!

installinstall

see masscan-install

preliminariespreliminaries

start an env that stays around for ever

screen -S mass

check version and list options compatible with nmap

masscan -V
masscan --nmap

the defaults are

-sS -Pn -n --randomize-hosts -v --send-eth

check the actual resulting command as such

masscan ... --echo

usageusage

masscan $cidr --rate=50000 --open-only --banners

    ‐‐top-ports 1000
    -p0-65535,U:0-65535

more options

-iL /root/scan.list
-oJ /root/mass.json
-oG /root/mass.grep

you might as well hardcode the settings in a file

ls -lF /etc/masscan/masscan.conf # no exist
mkdir -p /etc/masscan/
vi /etc/masscan/masscan.conf

rate = 100000
output-format = json
output-status = all
output-filename = scan.json
ports = 0-65535

public networkpublic network

there’s a few more tricks to take into account if you target the whole internet – see masscan-public

deal with the resultsdeal with the results

either parse and send the json to some log server –or– simply proceed with the grep-ready output

grep -v ^# /root/mass.grep | sort -V -k4

resourcesresources

https://github.com/robertdavidgraham/masscan/blob/master/doc/masscan.8.markdown

https://danielmiessler.com/study/masscan/

https://stackoverflow.com/questions/51005045/performing-a-masscan-on-an-input-file-containing-domain-names

https://techyrick.com/masscan-full-tutorial/ ==> -pU:53, –http-user-agent


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Licensed under MIT