Masscan is one of the fastest Internet port scanner as it can scan the all the IP’s of the Internet in less than 6 minutes, while transmitting 10 million packets per second mentions ethical hacking trainer. It produces output similar to Nmap and employs asynchronous transmission. The only big difference is that Masscan is faster than these other scanners.
Also, it’s more flexible, allowing arbitrary address ranges and port ranges. Masscan uses a its own custom TCP/IP stack which means anything other than simple port scans will cause inconsistency with the local TCP/IP stack. This means we should either use the -S option to use a separate IP address, or configure your operating system to firewall the ports that Masscan uses.
While Linux is the primary platform on which Masscan works, the code runs well on many other operating systems like:
- Windows w/ Visual Studio
- Windows w/ MingGW
- Windows w/ cygwin
- Mac OS X /w XCode
- Mac OS X /w cmdline
To reach beyond two million packets per second, we need an Intel 10-gbps Ethernet adapter and a special driver called as “PF_RING DNA”. Masscan doesn’t need to be rebuilt in order to use PF_RING. To use PF_RING, you need to build the following components:
- libpfring.so (installed in /usr/lib/libpfring.so)
- pf_ring.ko (their kernel driver)
- ixgbe.ko (their version of the Intel 10-gbps Ethernet driver)
Masscan can be used to for different purposes than just detect whether ports are open as per cyber security services experts. It can also be used to complete the TCP connection and interaction with the application at that port in order to grab simple “banner” information. The trouble with this is that Masscan contains its own custom TCP/IP stack separate from the operating system you run it on. When the local system accepts a SYN-ACK from the probed target machines, it replys with a RST packet that kills the connection before Masscan can grab the banner. The easiest way to stop this is to allocate Masscan a separate IP address.
How to scan the entire Internet
The software is designed really with the entire Internet, while it is also very useful for smaller, internal networks. When you run it for the internet, it might look something like this:
# masscan 0.0.0.0/0 -p0-65535
It is very bad to scan the entire Internet. For one thing, some organizations of the Internet react badly to being scanned. For another thing, some websites track scans and can add you to a blacklist, which will get you, firewalled from useful websites of the Internet. Therefore, it sis suggested to exclude a lot of IP ranges. To exclude IP ranges, you want to use the following syntax:
# masscan 0.0.0.0/0 -p0-65535 –excludefile exclude.txt