Description
Hi everyone,
I am having a weird situation here.
I don't get any results when masscan is used to scan all the 65535 ports however, if I scan specific ports I do get the output.
What all have I tried
- I have tried this but in vain.
- I have switched VPSes between AWS and Digital Ocean.
- Tried it on ubuntu 16.04 ( AWS and digital ocean )
- Tried it on arch linux ( AWS and digital ocean )
- Tried it on my local system kali 2018.2
- Built it from the repo
- Also installed it from repositories in kali
- Tried fiddling with
--rate
and--wait
parameter ( I thought maybe the packets receiving was taking long )
But as I am here, you all could guess nothing worked.
Working Output for single port
masscan -iL ips.txt -p80,443,22,25
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:05:32 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [4 ports/host]
Discovered open port 443/tcp on 143.x.x.68
Discovered open port 443/tcp on 143.x.x.129
Discovered open port 80/tcp on 143.x.x.125
Discovered open port 443/tcp on 143.x.x.10
Discovered open port 443/tcp on 143.x.x.104
Discovered open port 80/tcp on 52.x.x.130
Discovered open port 443/tcp on 52.x.x.5
Discovered open port 80/tcp on 143.x.x.129
Discovered open port 443/tcp on 143.x.x.106
Discovered open port 80/tcp on 143.x.x.106
Discovered open port 80/tcp on 143.x.x.104
Discovered open port 80/tcp on 52.x.x.20
Discovered open port 443/tcp on 14x.x.29.2
Discovered open port 80/tcp on 52.x.x.5
Discovered open port 80/tcp on 143.x.x.68
Discovered open port 443/tcp on 143.x.x.125
Discovered open port 80/tcp on 52.x.x.35
Discovered open port 80/tcp on 143.x.x.10
Discovered open port 443/tcp on 52.x.x.35
Discovered open port 443/tcp on 52.x.x.20
Discovered open port 80/tcp on 143.x.x.2
Discovered open port 443/tcp on 52.x.x.130
Discovered open port 443/tcp on 143.x.29.69
Discovered open port 80/tcp on 143.x.29.69
And when scanning the same with all the options gives no output
masscan -e eth0 --adapter-ip 159.x.x.147 --adapter-mac a6:b6:dc:2d:9b:d8 --router-mac 00:00:5e:00:11:3e --rate=1000 -iL .ips.txt -p80,443 -dd -oG masscan-results
pcap: found library: libpcap.so
pcap: pcap_dev_name: failed
pcap: pcap_dev_description: failed
pcap: pcap_dev_next: failed
pcap: pcap_sendqueue_alloc: failed
pcap: pcap_sendqueue_transmit: failed
pcap: pcap_sendqueue_destroy: failed
pcap: pcap_sendqueue_queue: failed
pfring: error: dlopen('libpfring.so'): No such file or directory
initializing adapter
pcap: libpcap version 1.8.1
pcap:'eth0': opening...
pcap:'eth0': successfully opened
adapter initialization done.
THREAD: xmit: starting thread #0
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:03:38 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [2 ports/host]
THREAD: status: starting thread
THREAD: recv: starting thread #0 0:00:00 remaining, found=0
THREAD: recv: starting main loop
maxrate = 1000.00
THREAD: xmit done, waiting for receive thread to realize this
THREAD: xmit: stopping thread #0waiting 0-secs, found=0
THREAD: recv: stopping thread #0waiting 0-secs, found=0
THREAD: status: stopping thread waiting -1-secs, found=0
I tried with adding the --source-ip 192.168.1.200
but that also didn't work ( It was mentioned for banner grabbing here )
The same goes for scanning all 65535 ports with the above options or without it :
masscan -e eth0 --adapter-ip 159.x.x.147 --adapter-mac a6:b6:dc:2d:9b:d8 --router-mac 00:00:5e:00:11:3e --rate=1000 -iL ips.txt -p1-65535 --source-ip 192.168.1.200 -dd -oG masscan-results
pcap: found library: libpcap.so
pcap: pcap_dev_name: failed
pcap: pcap_dev_description: failed
pcap: pcap_dev_next: failed
pcap: pcap_sendqueue_alloc: failed
pcap: pcap_sendqueue_transmit: failed
pcap: pcap_sendqueue_destroy: failed
pcap: pcap_sendqueue_queue: failed
pfring: error: dlopen('libpfring.so'): No such file or directory
initializing adapter
pcap: libpcap version 1.8.1
pcap:'eth0': opening...
pcap:'eth0': successfully opened
adapter initialization done.
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:23:40 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [2 ports/host]
THREAD: status: starting thread
THREAD: recv: starting thread #0 0:00:00 remaining, found=0
THREAD: recv: starting main loop
maxrate = 1000.00
THREAD: xmit done, waiting for receive thread to realize this
THREAD: xmit: stopping thread #0waiting 0-secs, found=0
THREAD: recv: stopping thread #0waiting 0-secs, found=0
THREAD: status: stopping thread waiting -1-secs, found=0
However as I was putting up this issue, I tried this and this shows some promising results ( perhaps ) :
masscan -iL ips.txt -p10-65500 --rate=100000
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:14:23 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 13 hosts [65491 ports/host]
Discovered open port 443/tcp on 143.x.x.2
Discovered open port 443/tcp on 143.x.x.129
Discovered open port 2000/tcp on 143.x.x.129
Discovered open port 443/tcp on 52.x.x.130
Discovered open port 80/tcp on 143.x.x.106
Discovered open port 8020/tcp on 143.x.x.129
Discovered open port 8008/tcp on 143.x.x.129
Discovered open port 443/tcp on 52.x.x.5
Discovered open port 443/tcp on 52.x.x.35
Discovered open port 443/tcp on 143.x.x.69
Discovered open port 8010/tcp on 143.x.x.129
Discovered open port 80/tcp on 52.x.x.130
Discovered open port 443/tcp on 52.x.x.20
Discovered open port 443/tcp on 143.x.x.106
Discovered open port 5060/tcp on 143.x.x.129
Discovered open port 80/tcp on 143.x.x.68
Discovered open port 80/tcp on 143.x.x.2
Discovered open port 80/tcp on 52.x.x.5
Discovered open port 8020/tcp on 143.x.x.129
Discovered open port 80/tcp on 143.x.x.129
Discovered open port 80/tcp on 52.x.x.20
Discovered open port 80/tcp on 52.x.x.35
Discovered open port 80/tcp on 143.x.x.69
Discovered open port 443/tcp on 143.x.x.68
And just to check whether masscan was actually giving the correct results, I checked with nmap for 3 weird ports ( which I doubted were open ) and it were open 😄 , thus verifying the masscan :
nmap -v -n -p8008,8010,8020 143.x.x.129
Starting Nmap 7.40 ( https://nmap.org ) at 2018-07-19 10:49 IST
Initiating Ping Scan at 10:49
Scanning 143.x.x.129 [4 ports]
Completed Ping Scan at 10:49, 0.22s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 10:49
Scanning 143.x.x.129 [3 ports]
Discovered open port 8008/tcp on 143.x.x.129
Discovered open port 8020/tcp on 143.x.x.129
Discovered open port 8010/tcp on 143.x.x.129
Completed SYN Stealth Scan at 10:49, 0.22s elapsed (3 total ports)
Nmap scan report for 143.x.x.129
Host is up (0.13s latency).
PORT STATE SERVICE
8008/tcp open http
8010/tcp open xmpp
8020/tcp open intu-ec-svcdisc
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.55 seconds
Raw packets sent: 7 (284B) | Rcvd: 4 (160B)
I don't know the reason of "why this is happening ?"
But would surely want to know.
This issue started with a problem I was facing ( couldn't get any output ) and now I am left with a question "Why am I getting the results ?" 🤣
P.S. Perhaps this guy here is also facing the same issue #318 and here too issue #303