Masscan: A Practical Guide to Using this Powerful Network Scanning Tool
Masscan is an open source TCP/IP network port scanning tool developed by Robert David Graham. Its main objective is to perform fast and efficient scans to identify open ports on a network and discover online services and systems. Masscan’s distinguishing feature is its ability to perform high-speed, parallel scans, allowing it to scan large ranges of IP addresses in a matter of minutes.
Fast scanning: Masscan can send packets at high speed, allowing it to cover IP address ranges efficiently.
Parallel scanning: The tool can perform parallel scans, making maximum use of available resources and speeding up the scanning process.
TCP and UDP port scanning: Masscan can scan both TCP and UDP ports, allowing for greater coverage of online services.
install masscan on linux
Download the latest version of the Masscan source code from the official repository on GitHub. You can do this with the following command:
git clone https://github.com/robertdavidgraham/masscan.git
Switch to the Masscan directory
cd masscan
Compile the Masscan source code using the make command.
make
How To Use Masscan
Single IP Port Scan
As much as it is efficient for scanning an extensive network like the internet, Masscan can also scan a single IP on a single port.
masscan 192.158. 1.38 -p443
Multi-Port Scan
You can also scan multiple ports on a single Ip address using comma (,) as the separator.
masscan 192.158. 1.38 -p80,25,443
Single IP scanning
Fast TCP port scanning on a specific IP address
masscan -p1-65535 192.168.0.1
TCP and UDP scanning
TCP and UDP port scanning on a range of IP addresses:
masscan -pU:53,161,T:80-1000 192.168.0.0/24
Scanning Top Ports
Masscan also allows you to scan the most popular ports using Nmap’s “ — top-ports” option while specifying “n”, the number of popular Nmap ports to scan.
masscan 192.158. 1.38 --top-ports 20
Scanning with speed
Port scanning with customised speed
masscan -p22,80,443 10.0.0.0/8 --rate 10000
Scanning with speed
To make the output of a Masscan readable and usable for further practical analyses, you can save the output by directing it to a file
masscan 192.158. 1.38/20 --top-ports 20 --rate 10000>result.txt
In addition to the text output format, you can also save the output of a scan into an XML, JSON, list, and Grapable file.
Scanning and exporting to JSON
masscan -p1-1000 192.168.0.0/24 -oJ results.json
Scanning and export to CSV
masscan -p1-1000 192.168.0.0/24 -oL results.csv
Saving Configuration
Masscan also offers the ability to save the necessary configurations of a Masscan in a configuration file that can be used multiple times.
create a file called config.txt with the following content
# Example Scan
rate = 10000.00
output-format = txt
output-status = all
output-filename = result.txt
ports = 0-8080
range = 0.0.0.0-255.255.255.255
excludefile = exclude.txt
To save this configuration file for future use, run the following command;
masscan -c config.txt
Scanning The Entire Internet
With Masscan, you can scan the entire Internet against a single port, a range of ports, or all ports on each host.
masscan 0.0.0.0/0 -p80 --rate 1000000
To scan against all 65535 ports
masscan 0.0.0,0/0 -p0-65535 --rate 1000000
Customised port scanning
Port scanning based on a customised port file
masscan -p $(cat custom_ports.txt) 192.168.0.0/24
IPv6 port scanning
Specifies the IPv6 address instead of the IPv4 address
masscan -p80 2001:db8::1
Advantages and disadvantages
Advantages of Masscan
High scanning speed: Masscan is designed to perform extremely fast and efficient port scans. It can scan large ranges of IP addresses in a matter of minutes.
Parallel scanning: Allows parallel scanning, making maximum use of available resources and speeding up the scanning process.
TCP and UDP port scanning: Masscan is capable of scanning both TCP and UDP ports, providing greater coverage of online services.
Flexible scanning options: Offers a wide variety of options to customise scanning, such as defining port ranges, timeouts and packet sizes.
Disadvantages of Masscan
Impact on the network and scanned systems: By performing fast and aggressive scans, Masscan can have a significant impact on the network and scanned systems, causing unwanted traffic and possible performance problems on targeted machines.
Potential for malicious use: Given its ability to scan large networks in a short time, Masscan could be used by malicious actors to find vulnerabilities and carry out attacks.
Lack of advanced functionalities: Unlike other port scanning tools such as Nmap, Masscan has fewer advanced functionalities, which could limit its use in certain scenarios.
Non-stealthy scans: Being fast and aggressive, scans performed with Masscan can be easily detected by intrusion detection systems (IDS) and firewalls, which could lead to blocking of scan traffic.
Conclusion
In conclusion, Masscan is an open source, high-speed port scanning tool that excels in its ability to perform fast and efficient scans on large networks. Its advantages lie in its speed, parallelisation, flexibility and ability to scan both TCP and UDP ports. In addition, it can detect online systems quickly.
However, it also presents challenges and disadvantages, such as the potential impact on the network and scanned systems, its possible malicious use and the lack of advanced functionalities compared to other scanning tools.
It is essential to use Masscan responsibly and to comply with local laws and regulations, always obtaining proper permission before performing scans. The potential impact on the network and systems scanned should also be taken into account and appropriate resource management measures should be put in place.