Setting Up Masscan for Enumeration(Part 1)

Masscan exclusively scans the entire internet as fast as possible in less than 6 minutes at around 10 million packets per second. This tool is popular among most of the penetration testers and is ideally used for internet wide port scanning. It is much similar to other port scanners like scanrand, unicornscan, and ZMap. But today we’ll be talking about Masscan. So Lets dive in.

Building

To get beyond 2 million packets/second, you need an Intel 10-gbps Ethernet adapter and a special driver known as “PF_RING ZC” from ntop. Masscan doesn’t need to be rebuilt in order to use PF_RING. To use PF_RING, you need to build the following components:

1. libpfring.so (installed in /usr/lib/libpfring.so)
2. pf_ring.ko (their kernel driver)
3. ixgbe.ko (their version of the Intel 10-gbps Ethernet driver)

You don’t need to build their version of libpcap.so. When Masscan detects that an adapter is named something like zc:enp1s0 instead of something like enp1s0, it’ll automatically switch to PF_RING ZC mode.[1]

Installation

You can simply start the installation process by executing the following commands in Linux/MacOS

Linux

$ sudo apt-get install clang git gcc make libpcap-dev
$ git clone https://github.com/robertdavidgraham/masscan
$ cd masscan
$ make

MacOS

$ brew install masscan

Ubuntu 16.04

For our first scanning, Lets begin by scanning a single port

The results are exported in a text file called results.txt

Scanning a range of ports for a single host

Scanning a network

Start a paused scan

The scan was paused by pressing Ctrl+C. And the resumed file is saved at paused.conf. The paused scan can be resumed by using “— resume <filename>” option

Exclusion

If you wish to exclude few IPs or network due to various reasons like getting added into the blocked list which might be bad for you as it may blacklist you from various parts of the internet. This can be done by using “ — excludefile <filename option>”

That’s it Folks!!!

source: https://imgur.com/gallery/tkIbdWd

Don’t forget to check out Masscan Sequel- The Web UI

Masscan was created by Robert David Graham. You can check his awesome work at https://github.com/robertdavidgraham :)