This library provides idiomatic masscan bindings for Go developers.
It shells out to the masscan binary and parses scan output into Go structs.
Masscan is a high-speed TCP port scanner focused on quickly identifying open ports across large target ranges. Compared to nmap, masscan prioritizes speed and broad coverage over deep service fingerprinting.
- The package executes
masscanviaos/exec. masscanmust be installed and available in yourPATH(or configured withWithBinaryPath).- The scanner runs synchronously with
Run(ctx). - Output is parsed into
Run,Host, andPortstructs.
The parser supports these formats:
- JSON (
-oJ) — recommended default - XML (
-oX) - List (
-oL) - Grepable (
-oG) - Plain discovered lines from stdout (fallback parsing)
Binary output (-oB) is not parsed directly and returns ErrUnsupportedOutputFormat.
Masscan usually requires raw socket privileges.
If you see ErrRequiresRoot, run with elevated privileges (for example, via sudo) or configure capabilities for your environment.
go get github.com/Ullaakut/masscanpackage main
import (
"context"
"fmt"
"log"
"time"
"github.com/Ullaakut/masscan"
)
func main() {
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
scanner, err := masscan.NewScanner(
masscan.WithTargets("scanme.nmap.org"),
masscan.WithPorts("80", "443"),
masscan.WithRate(1000),
masscan.WithWait(3),
masscan.WithOutputFormat(masscan.OutputFormatJSON),
)
if err != nil {
log.Fatalf("unable to create scanner: %v", err)
}
result, err := scanner.Run(ctx)
if err != nil {
log.Fatalf("scan failed: %v", err)
}
for _, warning := range result.Warnings() {
log.Printf("warning: %s", warning)
}
for _, host := range result.Hosts {
for _, port := range host.Ports {
fmt.Printf("%s %d/%s %s\n", host.Address, port.Number, port.Protocol, port.Status)
}
}
}The package provides typed options for common masscan flags, including:
WithTargets,WithPorts,WithTopPortsWithExclude,WithExcludeFileWithRate,WithWait,WithOpenOnlyWithInterface,WithSourceIP,WithSourcePortWithAdapterIP,WithAdapterPort,WithAdapterMAC,WithRouterMACWithShard,WithSeed,WithResumeIndex,WithResumeCountWithBanners,WithPing,WithDebugWithOutputFormat
If a masscan flag is not covered yet, use:
WithRawFlag("--some-flag")WithRawOption("--some-option", "value")
- Basic scan
- Rate-limited LAN scan
- Banner scan
- Distributed shard scan
- Interface and source control scan
Run an example:
go run ./examples/basic_scan/main.goFor privileged scans:
sudo env "PATH=$PATH" go run ./examples/basic_scan/main.goCommon sentinel errors include:
ErrMasscanNotInstalledErrScanTimeoutErrScanInterruptErrParseOutputErrInvalidOutputErrUnsupportedOutputFormatErrRequiresRootErrResolveNameErrMallocFailed