masscan does not return after completing a scan

[keshavsp]

I have seen at times masscan simply starts counting down (which appears forever) once the scan is completed:

Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2015-01-10 01:53:02 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 3500027645 hosts [1 port/host]
rate:129.24-kpps, 100.00% done, waiting -136750-secs, found=0   

(The 'waiting xxx-secs' part above.)

Normally it counts down to 10 seconds before showing the command prompt but at times it appears to keep counting down forever.

[keshavsp]

looks like it is the scan on UDP/53 that's causing it. I haven't seen this happen on other services.

This is what I ran:

masscan 0.0.0.0/0 --port U:53 --adapter eth0 --exclude-file /home/abc/masscan/data/exclude.conf -oG /home/abc/scan-results/udp53_01152015_043134 --rate 175000
<snip>
^CKilled by signal 2..00% done, waiting -2183-secs, found=0   

I had to kill the program after 2183 seconds to return to the command prompt.

[Fusl]

I am also having this problem. masscan still sends packets but ignores all packets and doesn't print out any results anymore after some minutes/seconds depending on how fast I scan.

[sanampuri]

Dude, Does any one Solved the above issue. i am also getting the same issue. can any one Suggests the LAN CARD Model and the OS required to Do the Quick scan. i am searching all over the internet But No Support on this issue.

[SICKFREDO]

im also having this issue, i have tried from different machines and clean installs and still no go. has anyone figured it out?

Example of issue:
sudo masscan --max-rate 1000 172.16.151.2/32 -p1-2000

Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2016-04-25 04:55:29 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [2000 ports/host]

[a-ml]

I'm having the same issue

[Alamot]

Same problem here.
A temporary workaround is to use --wait 0 (of course some packets will be lost and sometimes even that doesn't work).

[Djent-]

Maybe a little more insight - running with -vvv shows this debug message:

Transmit thread done, waiting for receive thread to realize this  
xmit: stopping transmit thread #0

when it should print

Transmit thread done, waiting for receive thread to realize this  
xmit: stopping transmit thread #0       
recv: end receive thread #0
EXITING main thread

So the problem is the receive thread is never processing the stop signal for some reason.

[AlexandreRouma]

Same issue here, please fix...

[noobzero]

same issue with me

[Cyb3rW1z4rd]

Same here but with a VPN connection. Still not resolved after all those years or is there a solution somewhere?

[whoot]

+1 Having this issue too!

[luc-x41]

Same issue here:

root@localhost:~# masscan --open-only --rate 1000 -p1-5000 127.0.0.1/32 -vvv
[...]
rate:  0.98-kpps, 60.42% done,   0:00:03 remaining, found=0
rate:  1.00-kpps, 72.24% done,   0:00:02 remaining, found=0
Discovered open port 25/tcp on 127.0.0.1
Discovered open port 631/tcp on 127.0.0.1
rate:  0.99-kpps, 79.44% done,   0:00:02 remaining, found=2
Discovered open port 655/tcp on 127.0.0.1
rate:  0.99-kpps, 84.00% done,   0:00:01 remaining, found=3
rate:  0.99-kpps, 96.48% done,   0:00:00 remaining, found=3
rate:  0.99-kpps, 99.60% done,   0:00:00 remaining, found=3
THREAD: xmit done, waiting for receive thread to realize this
rate:  0.39-kpps, 100.00% done, waiting 0-secs, found=3
rate:  0.00-kpps, 100.00% done, waiting 10-secs, found=3
rate:  0.00-kpps, 100.00% done, waiting 9-secs, found=3
rate:  0.00-kpps, 100.00% done, waiting 8-secs, found=3
rate:  0.00-kpps, 100.00% done, waiting 7-secs, found=3
rate:  0.00-kpps, 100.00% done, waiting 6-secs, found=3
rate:  0.00-kpps, 100.00% done, waiting 5-secs, found=3
rate:  0.00-kpps, 100.00% done, waiting 4-secs, found=3
rate:  0.00-kpps, 100.00% done, waiting 3-secs, found=3
rate:  0.00-kpps, 100.00% done, waiting 2-secs, found=3
rate:  0.00-kpps, 100.00% done, waiting 1-secs, found=3
rate:  0.00-kpps, 100.00% done, waiting 0-secs, found=3
THREAD: xmit: stopping thread #0
rate:  0.00-kpps, 100.00% done, waiting 0-secs, found=3
rate:  0.00-kpps, 100.00% done, waiting -1-secs, found=3
rate:  0.00-kpps, 100.00% done, waiting -2-secs, found=3

Version is:

Masscan version 1.0.4 ( https://github.com/robertdavidgraham/masscan )
Compiled on: Jul  4 2018 09:51:29
Compiler: gcc 7.3.0
OS: Linux
CPU: unknown (64 bits)
GIT version: unknown

[98587329]

I had the same issue.But I solved by install libpcap-dev.

[madneal]

@98587329 I tried this, but it did not work for me.

[RickTorresJr]

I had the same issue.But I solved by install libpcap-dev.

This fixed the issue for me on Kali 2019:

uname -a                                    
Linux kali-vm 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux

masscan --version

Masscan version 1.0.4 ( https://github.com/robertdavidgraham/masscan )
Compiled on: Jul  4 2018 09:51:29
Compiler: gcc 7.3.0
OS: Linux
CPU: unknown (64 bits)
GIT version: unknown

[aosti]

@RickTorresJr For me, it worked after I installed the 1.0.6 from source. Previously, it was the same version as the one shown in your comment.

[RickTorresJr]

@RickTorresJr For me, it worked after I installed the 1.0.6 from source. Previously, it was the same version as the one shown in your comment.

Had the same issue happen again but on a different VM, same version as previously stated. Purging masscan and installing libpcap-dev did not resolve the issue this time.

Installing from source did the trick. Thanks @aosti

[Sohimaster]

Same shit.

[hb2007]

I'm having the same issue with v1.0.5

[yuanzhel]

same issue with v1.0.5

[cardassian-tailor]

Just stopping by to state that i'm experiencing this issue. Even after adding --wait 15 or --wait 0 didnt work. What occurs then is the app just enter's a negative countdown state, like this:

rate:  0.00-kpps, 100.00% done, waiting -7-secs, found=4          
rate:  0.00-kpps, 100.00% done, waiting -7-secs, found=4       
rate:  0.00-kpps, 100.00% done, waiting -8-secs, found=4       
rate:  0.00-kpps, 100.00% done, waiting -8-secs, found=4       
rate:  0.00-kpps, 100.00% done, waiting -47-secs, found=4 

installing libpcap-dev had no effect.

@robertdavidgraham

[cardassian-tailor]

@yuanzhel @hb2007 @Sohimaster

Are yall by chance using --output-format ? Maybe --output-format grepable ? When I removed this - it seems to have fixed my issue.

[Sohimaster]

@yuanzhel @hb2007 @Sohimaster

Are yall by chance using --output-format ? Maybe --output-format grepable ? When I removed this - it seems to have fixed my issue.

No. I used output to file option

[kuma-mathan]

So this chain was extremely helpful to me, but the only suggestion here that seemed to work for me was the complete removal of masscan v1.0.5 from my kali instance and reinstalling from source. Once I did that (following all instructions, including installation of libpcap-dev), masscan has worked flawlessly for me since.

[kcohne]

I experience this issue when using a VPN interface, If I scan over a eth0 to my local network I don't have the same issue. masscan version is 1.3.2:

sudo masscan -p139 10.10.10.27 -e tun0 --rate 500 --wait 5

Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-02-06 18:24:24 GMT
Initiating SYN Stealth Scan
Scanning 1 hosts [1 port/host]
Discovered open port 139/tcp on 10.10.10.27
^Cwaiting several seconds to exit...
^Zte: 0.00-kpps, 100.00% done, waiting -3-secs, found=1

[andyacer]

I'm also experiencing this in March 2021. Masscan countdown to negative infinity. Have to kill the process manually. I've tried building from source and installing libpcap-dev . Another thread said to just run this in Docker. I'm wondering if that's the only solution here. I'm scanning over a VPN (tun0).

sudo ./masscan -vvv -p80 "$TARG_HOST" -e tun0 -oL scan1.txt
[+] pcap: found library: libpcap.so
pfring: error: dlopen('libpfring.so'): No such file or directory
[+] interface = tun0
[+] if(tun0): pcap: libpcap version 1.10.0 (with TPACKET_V3)
[+] if(tun0): opening...
[+] if(tun0): successfully opened
[+] interface-type = 12
if:tun0: not receiving transmits
[+] source-mac = none
[+] source-ip = 192.168.119.157
[+] router-mac-ipv4 = implicit
[+] if(tun0): initialization done.
Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-03-10 03:32:39 GMT
Initiating SYN Stealth Scan
Scanning 1 hosts [1 port/host]
[+] starting transmit thread #0
[+] starting throttler: rate = 100.00-pps
THREAD: xmit: starting main loop: [0..1]
[+] transmit thread #0 complete
[+] starting receive thread #0
[+] THREAD: recv: starting main loop
[+] waiting for threads to finish
[+] exiting transmit thread #0                    und=1
^Cwaiting several seconds to exit...
^Cte:  0.00-kpps, 100.00% done, waiting -20-secs, found=1
ERROR: threads not exiting 1
^C
ERROR: threads not exiting 2

My machine's info:

uname -a
Linux osboxes 5.10.0-kali3-amd64 #1 SMP Debian 5.10.13-1kali1 (2021-02-08) x86_64 GNU/Linux

./masscan --version

Masscan version 1.3.2 ( https://github.com/robertdavidgraham/masscan )
Compiled on: Mar  9 2021 22:30:33
Compiler: gcc Debian Clang 11.0.1
OS: Linux
CPU: unknown (64 bits)
GIT version: 1.3.2-6-g7fe3512

[andyacer]

An update: I tried installing pfring into my kernel to see if that would help. It didn't. I followed this guide and masscan successfully says that it's using pfring. I followed this guide for installing pfring on Kali.

masscan never exits and just seems to count down towards negative infinity forever. I think this is related to scanning over a tunnel / VPN interface. I'm running this in a VirtualBox Kali instance with Windows 10 as the host OS.

No issues when scanning my local network. Scans complete normally. Scanning through the openVPN tunnel (tun0) always results in this zombie process issue.

sudo ./masscan -vvv -p80 10.11.1.72/32 -e tun0 -oL scan1.txt --wait 0
[+] pcap: found library: libpcap.so
pfring: found 'libpfring.so'!
pfring: successfully loaded PF_RING API
pfring: found 'pf_ring' driver
pfring: found 'pf_ring' driver module
[+] interface = tun0
[+] if(tun0): pcap: libpcap version 1.10.0 (with TPACKET_V3)
[+] if(tun0): opening...
[+] if(tun0): successfully opened
[+] interface-type = 12
if:tun0: not receiving transmits
[+] source-mac = none
[+] source-ip = 192.168.119.157
[+] router-mac-ipv4 = implicit
[+] if(tun0): initialization done.
Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-03-10 04:28:59 GMT
Initiating SYN Stealth Scan
Scanning 1 hosts [1 port/host]
[+] starting receive thread #0
[+] THREAD: recv: starting main loop
[+] starting transmit thread #0
[+] starting throttler: rate = 100.00-pps
THREAD: xmit: starting main loop: [0..1]
[+] transmit thread #0 complete
[+] waiting for threads to finish
[+] exiting transmit thread #0                    und=1
rate:  0.00-kpps, 100.00% done, waiting -165-secs, found=1

[andyacer]

For anyone else that encounters this, I fixed it for me by using a Dockerized and older version of masscan (v1.0.6).

sudo docker run -it --network host --rm adarnimrod/masscan -p80 10.11.1.0/24 -e tun0

sudo docker run -it --network host --rm adarnimrod/masscan -vvv -p443 10.11.1.0/24 --wait 0 -e tun0
pcap: failed to load: libpcap.so
pcap: failed to load: libpcap.A.dylib
pcap: failed to load: libpcap.dylib
pcap: failed to load: libpcap.so.0.9.5
pcap: failed to load: libpcap.so.0.9.4
pcap: found library: libpcap.so.0.8
pcap: pcap_dev_name: failed
pcap: pcap_dev_description: failed
pcap: pcap_dev_next: failed
pcap: pcap_sendqueue_alloc: failed
pcap: pcap_sendqueue_transmit: failed
pcap: pcap_sendqueue_destroy: failed
pcap: pcap_sendqueue_queue: failed
pfring: error: dlopen('libpfring.so'): No such file or directory
initializing adapter
auto-detected: adapter-ip=192.168.119.157
tun0: type=0xfffe
tun0: creating fake address
auto-detected: adapter-mac=00-00-00-00-00-01
pcap: libpcap version 1.8.1
pcap:'tun0': opening...
pcap:'tun0': successfully opened
rawsock: ignoring transmits
rawsock: initialization done
rawsock: looking for default gateway
auto-detected: router-ip=0.0.0.0
auto-detected: router-mac=00-00-00-00-00-02
adapter initialization done.
THREAD: xmit: starting thread #0
maxrate = 100.00
THREAD: xmit: starting main loop: [0..256]
THREAD: recv: starting thread #0
THREAD: recv: starting main loop

Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2021-03-10 05:28:21 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 256 hosts [1 port/host]
THREAD: status: starting thread
Discovered open port 443/tcp on 10.11.1.223
Discovered open port 443/tcp on 10.11.1.14
Discovered open port 443/tcp on 10.11.1.217
Discovered open port 443/tcp on 10.11.1.123
Discovered open port 443/tcp on 10.11.1.227
Discovered open port 443/tcp on 10.11.1.115
Discovered open port 443/tcp on 10.11.1.237
THREAD: xmit done, waiting for receive thread to realize this
Discovered open port 443/tcp on 10.11.1.8
THREAD: xmit: stopping thread #0waiting 0-secs, found=8
Passed the wait window but still running, forceful exit.

[Ldarm]

Thanks to @andyacer
It works !

=> Here the docker source => hub.docker.com adarnimrod/masscan
Just docker pull adarnimrod/masscan