Skip to content

Masscan

Jump to bottom
TheGetch edited this page Jan 5, 2021 · 1 revision

Masscan

Masscan

Masscan was created to scan the Internet and the author claims it can in under 5 minutes. It's usage is similar to nmap.

masscan x.x.x.x/16 -p0-65535 -oX masscan_x.x.x.x-all_ports.xml

You can think of masscan as having the following nmap equivalent settings permanently enabled: • -sS: this does SYN scan only • -Pn: doesn't ping hosts first, which is fundamental to the async operation • -n: no DNS resolution happens • --randomize-hosts: scan completely randomized • --send-eth: sends using raw libpcap

Fuse does have a masscan XML parser, so outputting results in XML format is vital for parsing and utilizing Fuse.

Masscan's default rate is 100 packets/second. To speed it up, add and specify the --max-rate flag:

--max-rate 1000

_Sidebar

Home

1. Recon

Ping Sweep

CIDR to IP

2. Enumeration

Enumeration General Notes

Host/Port Scanning

Services

01. FTP (21)

02. SSH (22)

03. SMTP (25)

04. DNS (53)

05. HTTP (80,443,8080,8443,etc.)

06. POP3 (110)

07. SMB (139,445)

08. SNMP (161,162)

09. LDAP (389)

10. MS-SQL or MySQL (1433,3306)

11. RDP (3389)

12. Winrm (5985)

13. Memcache (11221)

3. Exploitation

Exploitation General Notes

4. Post Exploiation

Post Exploitation General Notes

Editable Service

Privilege Escalation

Scheduled Jobs/Tasks

5. High Value Information

Hashes

6. Reporting

7. Random Notes/Useful Tidbits

Clone this wiki locally