Setting Up Masscan for Enumeration(Part 1)
Masscan exclusively scans the entire internet as fast as possible in less than 6 minutes at around 10 million packets per second. This tool is popular among most of the penetration testers and is ideally used for internet wide port scanning. It is much similar to other port scanners like scanrand, unicornscan, and ZMap. But today we’ll be talking about Masscan. So Lets dive in.
Building
To get beyond 2 million packets/second, you need an Intel 10-gbps Ethernet adapter and a special driver known as “PF_RING ZC” from ntop. Masscan doesn’t need to be rebuilt in order to use PF_RING. To use PF_RING, you need to build the following components:
- libpfring.so (installed in /usr/lib/libpfring.so)
- pf_ring.ko (their kernel driver)
- ixgbe.ko (their version of the Intel 10-gbps Ethernet driver)
You don’t need to build their version of libpcap.so. When Masscan detects that an adapter is named something like zc:enp1s0 instead of something like enp1s0, it’ll automatically switch to PF_RING ZC mode.[1]
Installation
You can simply start the installation process by executing the following commands in Linux/MacOS
Linux
$ sudo apt-get install clang git gcc make libpcap-dev
$ git clone https://github.com/robertdavidgraham/masscan
$ cd masscan
$ make
MacOS
$ brew install masscan
For our first scanning, Lets begin by scanning a single port
The results are exported in a text file called results.txt
Scanning a range of ports for a single host
Scanning a network
Start a paused scan
The scan was paused by pressing Ctrl+C. And the resumed file is saved at paused.conf. The paused scan can be resumed by using “— resume <filename>” option
Exclusion
If you wish to exclude few IPs or network due to various reasons like getting added into the blocked list which might be bad for you as it may blacklist you from various parts of the internet. This can be done by using “ — excludefile <filename option>”
That’s it Folks!!!
Don’t forget to check out Masscan Sequel- The Web UI
Masscan was created by Robert David Graham. You can check his awesome work at https://github.com/robertdavidgraham :)