Masscan: A Practical Guide to Using this Powerful Network Scanning Tool

Masscan is an open source TCP/IP network port scanning tool developed by Robert David Graham. Its main objective is to perform fast and efficient scans to identify open ports on a network and discover online services and systems. Masscan’s distinguishing feature is its ability to perform high-speed, parallel scans, allowing it to scan large ranges of IP addresses in a matter of minutes.

Fast scanning: Masscan can send packets at high speed, allowing it to cover IP address ranges efficiently.

Parallel scanning: The tool can perform parallel scans, making maximum use of available resources and speeding up the scanning process.

TCP and UDP port scanning: Masscan can scan both TCP and UDP ports, allowing for greater coverage of online services.

install masscan on linux

Download the latest version of the Masscan source code from the official repository on GitHub. You can do this with the following command:

git clone https://github.com/robertdavidgraham/masscan.git

Switch to the Masscan directory

cd masscan

Compile the Masscan source code using the make command.

make

How To Use Masscan

Single IP Port Scan

As much as it is efficient for scanning an extensive network like the internet, Masscan can also scan a single IP on a single port.

masscan 192.158. 1.38 -p443

Multi-Port Scan

You can also scan multiple ports on a single Ip address using comma (,) as the separator.

masscan 192.158. 1.38 -p80,25,443

Single IP scanning

Fast TCP port scanning on a specific IP address

masscan -p1-65535 192.168.0.1

TCP and UDP scanning

TCP and UDP port scanning on a range of IP addresses:

masscan -pU:53,161,T:80-1000 192.168.0.0/24

Scanning Top Ports

Masscan also allows you to scan the most popular ports using Nmap’s “ — top-ports” option while specifying “n”, the number of popular Nmap ports to scan.

masscan 192.158. 1.38 --top-ports 20

Scanning with speed

Port scanning with customised speed

masscan -p22,80,443 10.0.0.0/8 --rate 10000

Scanning with speed

To make the output of a Masscan readable and usable for further practical analyses, you can save the output by directing it to a file

masscan 192.158. 1.38/20 --top-ports 20 --rate 10000>result.txt

In addition to the text output format, you can also save the output of a scan into an XML, JSON, list, and Grapable file.

Scanning and exporting to JSON

masscan -p1-1000 192.168.0.0/24 -oJ results.json

Scanning and export to CSV

masscan -p1-1000 192.168.0.0/24 -oL results.csv

Saving Configuration

Masscan also offers the ability to save the necessary configurations of a Masscan in a configuration file that can be used multiple times.

create a file called config.txt with the following content

# Example Scan
rate = 10000.00
output-format = txt
output-status = all
output-filename = result.txt
ports = 0-8080
range = 0.0.0.0-255.255.255.255
excludefile = exclude.txt

To save this configuration file for future use, run the following command;

masscan -c config.txt

Scanning The Entire Internet

With Masscan, you can scan the entire Internet against a single port, a range of ports, or all ports on each host.

masscan 0.0.0.0/0 -p80 --rate 1000000

To scan against all 65535 ports

masscan 0.0.0,0/0 -p0-65535 --rate 1000000

Customised port scanning

Port scanning based on a customised port file

masscan -p $(cat custom_ports.txt) 192.168.0.0/24

IPv6 port scanning

Specifies the IPv6 address instead of the IPv4 address

masscan -p80 2001:db8::1

Advantages and disadvantages

Advantages of Masscan

High scanning speed: Masscan is designed to perform extremely fast and efficient port scans. It can scan large ranges of IP addresses in a matter of minutes.

Parallel scanning: Allows parallel scanning, making maximum use of available resources and speeding up the scanning process.

TCP and UDP port scanning: Masscan is capable of scanning both TCP and UDP ports, providing greater coverage of online services.

Flexible scanning options: Offers a wide variety of options to customise scanning, such as defining port ranges, timeouts and packet sizes.

Disadvantages of Masscan

Impact on the network and scanned systems: By performing fast and aggressive scans, Masscan can have a significant impact on the network and scanned systems, causing unwanted traffic and possible performance problems on targeted machines.

Potential for malicious use: Given its ability to scan large networks in a short time, Masscan could be used by malicious actors to find vulnerabilities and carry out attacks.

Lack of advanced functionalities: Unlike other port scanning tools such as Nmap, Masscan has fewer advanced functionalities, which could limit its use in certain scenarios.

Non-stealthy scans: Being fast and aggressive, scans performed with Masscan can be easily detected by intrusion detection systems (IDS) and firewalls, which could lead to blocking of scan traffic.

Conclusion

In conclusion, Masscan is an open source, high-speed port scanning tool that excels in its ability to perform fast and efficient scans on large networks. Its advantages lie in its speed, parallelisation, flexibility and ability to scan both TCP and UDP ports. In addition, it can detect online systems quickly.

However, it also presents challenges and disadvantages, such as the potential impact on the network and scanned systems, its possible malicious use and the lack of advanced functionalities compared to other scanning tools.

It is essential to use Masscan responsibly and to comply with local laws and regulations, always obtaining proper permission before performing scans. The potential impact on the network and systems scanned should also be taken into account and appropriate resource management measures should be put in place.