playing with masscan
for the parallelized flavor of network discovery, there’s masscan!
see masscan-install
start an env that stays around for ever
screen -S mass
check version and list options compatible with nmap
masscan -V masscan --nmap
the defaults are
-sS -Pn -n --randomize-hosts -v --send-eth
check the actual resulting command as such
masscan ... --echo
masscan $cidr --rate=50000 --open-only --banners ‐‐top-ports 1000 -p0-65535,U:0-65535
more options
-iL /root/scan.list -oJ /root/mass.json -oG /root/mass.grep
you might as well hardcode the settings in a file
ls -lF /etc/masscan/masscan.conf # no exist mkdir -p /etc/masscan/ vi /etc/masscan/masscan.conf rate = 100000 output-format = json output-status = all output-filename = scan.json ports = 0-65535
there’s a few more tricks to take into account if you target the whole internet – see masscan-public
either parse and send the json to some log server –or– simply proceed with the grep-ready output
grep -v ^# /root/mass.grep | sort -V -k4
https://github.com/robertdavidgraham/masscan/blob/master/doc/masscan.8.markdown
https://danielmiessler.com/study/masscan/
https://techyrick.com/masscan-full-tutorial/ ==> -pU:53, –http-user-agent