TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

Overview

Build Status

MASSCAN: Mass IP port scanner

This is an Internet-scale port scanner. It can scan the entire Internet in under 5 minutes, transmitting 10 million packets per second, from a single machine.

Its usage (parameters, output) is similar to nmap, the most famous port scanner. When in doubt, try one of those features -- features that support widespread scanning of many machines are supported, while in-depth scanning of single machines aren't.

Internally, it uses asynchronous transmission, similar to port scanners like scanrand, unicornscan, and ZMap. It's more flexible, allowing arbitrary port and address ranges.

NOTE: masscan uses its own ad hoc TCP/IP stack. Anything other than simple port scans may cause conflict with the local TCP/IP stack. This means you need to use either the --src-ip option to run from a different IP address, or use --src-port to configure which source ports masscan uses, then also configure the internal firewall (like pf or iptables) to firewall those ports from the rest of the operating system.

This tool is free, but consider contributing money to its development: Bitcoin wallet address: 1MASSCANaHUiyTtR3bJ2sLGuMw5kDBaj4T

Building

On Debian/Ubuntu, it goes something like the following. It doesn't really have any dependencies other than a C compiler (such as gcc or clang).

sudo apt-get --assume-yes install git make gcc
git clone https://github.com/robertdavidgraham/masscan
cd masscan
make

This puts the program in the masscan/bin subdirectory. To install it (on Linux) run:

make install

The source consists of a lot of small files, so building goes a lot faster by using the multi-threaded build. This requires more than 2gigs on a Raspberry Pi (and breaks), so you might use a smaller number, like -j4 rather than all possible threads.

make -j

While Linux is the primary target platform, the code runs well on many other systems (Windows, macOS, etc.). Here's some additional build info:

  • Windows w/ Visual Studio: use the VS10 project
  • Windows w/ MinGW: just type make
  • Windows w/ cygwin: won't work
  • Mac OS X /w XCode: use the XCode4 project
  • Mac OS X /w cmdline: just type make
  • FreeBSD: type gmake
  • other: try just compiling all the files together, cc src/*.c -o bin/masscan

On macOS, the x86 binaries seem to work just as fast under ARM emulation.

Usage

Usage is similar to nmap. To scan a network segment for some ports:

# masscan -p80,8000-8100 10.0.0.0/8 2603:3001:2d00:da00::/112

This will:

  • scan the 10.x.x.x subnet, and 2603:3001:2d00:da00::x subnets
  • scans port 80 and the range 8000 to 8100, or 102 ports total, on both subnets
  • print output to that can be redirected to a file

To see the complete list of options, use the --echo feature. This dumps the current configuration and exits. This output can be used as input back into the program:

# masscan -p80,8000-8100 10.0.0.0/8 2603:3001:2d00:da00::/112 --echo > xxx.conf
# masscan -c xxx.conf --rate 1000

Banner checking

Masscan can do more than just detect whether ports are open. It can also complete the TCP connection and interaction with the application at that port in order to grab simple "banner" information.

Masscan supports banner checking on the following protocols:

  • FTP
  • HTTP
  • IMAP4
  • memcached
  • POP3
  • SMTP
  • SSH
  • SSL
  • SMBv1
  • SMBv2
  • Telnet
  • RDP
  • VNC

The problem with this is that masscan contains its own TCP/IP stack separate from the system you run it on. When the local system receives a SYN-ACK from the probed target, it responds with a RST packet that kills the connection before masscan can grab the banner.

The easiest way to prevent this is to assign masscan a separate IP address. This would look like one of the following examples:

# masscan 10.0.0.0/8 -p80 --banners --source-ip 192.168.1.200
  # masscan 2a00:1450:4007:810::/112 -p80 --banners --source-ip 2603:3001:2d00:da00:91d7:b54:b498:859d

The address you choose has to be on the local subnet and not otherwise be used by another system. Masscan will warn you that you've made a mistake, but you might've messed up the other machine's communications for several minutes, so be careful.

In some cases, such as WiFi, this isn't possible. In those cases, you can firewall the port that masscan uses. This prevents the local TCP/IP stack from seeing the packet, but masscan still sees it since it bypasses the local stack. For Linux, this would look like:

# iptables -A INPUT -p tcp --dport 61000 -j DROP
# masscan 10.0.0.0/8 -p80 --banners --source-port 61000

You probably want to pick ports that don't conflict with ports Linux might otherwise choose for source-ports. You can see the range Linux uses, and reconfigure that range, by looking in the file:

/proc/sys/net/ipv4/ip_local_port_range

On the latest version of Kali Linux (2018-August), that range is 32768 to 60999, so you should choose ports either below 32768 or 61000 and above.

Setting an iptables rule only lasts until the next reboot. You need to lookup how to save the configuration depending upon your distro, such as using iptables-save and/or iptables-persistent.

On Mac OS X and BSD, there are similar steps. To find out the ranges to avoid, use a command like the following:

# sysctl net.inet.ip.portrange.first net.inet.ip.portrange.last

On FreeBSD and older MacOS, use an ipfw command:

# sudo ipfw add 1 deny tcp from any to any 40000 in
# masscan 10.0.0.0/8 -p80 --banners --source-port 40000

On newer MacOS and OpenBSD, use the pf packet-filter utility. Edit the file /etc/pf.conf to add a line like the following:

block in proto tcp from any to any port 40000

Then to enable the firewall, run the command:

# pfctrl -E    

If the firewall is already running, then either reboot or reload the rules with the following command:

# pfctl -f /etc/pf.conf

Windows doesn't respond with RST packets, so neither of these techniques are necessary. However, masscan is still designed to work best using its own IP address, so you should run that way when possible, even when it is not strictly necessary.

The same thing is needed for other checks, such as the --heartbleed check, which is just a form of banner checking.

How to scan the entire Internet

While useful for smaller, internal networks, the program is really designed with the entire Internet in mind. It might look something like this:

# masscan 0.0.0.0/0 -p0-65535

Scanning the entire Internet is bad. For one thing, parts of the Internet react badly to being scanned. For another thing, some sites track scans and add you to a ban list, which will get you firewalled from useful parts of the Internet. Therefore, you want to exclude a lot of ranges. To blacklist or exclude ranges, you want to use the following syntax:

# masscan 0.0.0.0/0 -p0-65535 --excludefile exclude.txt

This just prints the results to the command-line. You probably want them saved to a file instead. Therefore, you want something like:

# masscan 0.0.0.0/0 -p0-65535 -oX scan.xml

This saves the results in an XML file, allowing you to easily dump the results in a database or something.

But, this only goes at the default rate of 100 packets/second, which will take forever to scan the Internet. You need to speed it up as so:

# masscan 0.0.0.0/0 -p0-65535 --max-rate 100000

This increases the rate to 100,000 packets/second, which will scan the entire Internet (minus excludes) in about 10 hours per port (or 655,360 hours if scanning all ports).

The thing to notice about this command-line is that these are all nmap compatible options. In addition, "invisible" options compatible with nmap are also set for you: -sS -Pn -n --randomize-hosts --send-eth. Likewise, the format of the XML file is inspired by nmap. There are, of course, a lot of differences, because the asynchronous nature of the program leads to a fundamentally different approach to the problem.

The above command-line is a bit cumbersome. Instead of putting everything on the command-line, it can be stored in a file instead. The above settings would look like this:

# My Scan
rate =  100000.00
output-format = xml
output-status = all
output-filename = scan.xml
ports = 0-65535
range = 0.0.0.0-255.255.255.255
excludefile = exclude.txt

To use this configuration file, use the -c:

# masscan -c myscan.conf

This also makes things easier when you repeat a scan.

By default, masscan first loads the configuration file /etc/masscan/masscan.conf. Any later configuration parameters override what's in this default configuration file. That's where I put my "excludefile" parameter so that I don't ever forget it. It just works automatically.

Getting output

By default, masscan produces fairly large text files, but it's easy to convert them into any other format. There are five supported output formats:

  1. xml: Just use the parameter -oX . Or, use the parameters --output-format xml and --output-filename .

  2. binary: This is the masscan builtin format. It produces much smaller files so that when I scan the Internet my disk doesn't fill up. They need to be parsed, though. The command-line option --readscan will read binary scan files. Using --readscan with the -oX option will produce an XML version of the results file.

  3. grepable: This is an implementation of the Nmap -oG output that can be easily parsed by command-line tools. Just use the parameter -oG . Or, use the parameters --output-format grepable and --output-filename .

  4. json: This saves the results in JSON format. Just use the parameter -oJ . Or, use the parameters --output-format json and --output-filename .

  5. list: This is a simple list with one host and port pair per line. Just use the parameter -oL . Or, use the parameters --output-format list and --output-filename . The format is:

    
          
           
            
             
             
               open tcp 80 XXX.XXX.XXX.XXX 1390380064 
             
            
           
          
         

Comparison with Nmap

Where reasonable, every effort has been taken to make the program familiar to nmap users, even though it's fundamentally different. Masscan is tuned for wide range scanning of a lot of machines, whereas nmap is designed for intensive scanning of a single machine or a small range.

Two important differences are:

  • no default ports to scan, you must specify -p
  • target hosts are IP addresses or simple ranges, not DNS names, nor the funky subnet ranges nmap can use (like 10.0.0-255.0-255).

You can think of masscan as having the following settings permanently enabled:

  • -sS: this does SYN scan only (currently, will change in the future)
  • -Pn: doesn't ping hosts first, which is fundamental to the async operation
  • -n: no DNS resolution happens
  • --randomize-hosts: scan completely randomized, always, you can't change this
  • --send-eth: sends using raw libpcap

If you want a list of additional nmap compatible settings, use the following command:

# masscan --nmap

Transmit rate (IMPORTANT!!)

This program spews out packets very fast. On Windows, or from VMs, it can do 300,000 packets/second. On Linux (no virtualization) it'll do 1.6 million packets-per-second. That's fast enough to melt most networks.

Note that it'll only melt your own network. It randomizes the target IP addresses so that it shouldn't overwhelm any distant network.

By default, the rate is set to 100 packets/second. To increase the rate to a million use something like --rate 1000000.

When scanning the IPv4 Internet, you'll be scanning lots of subnets, so even though there's a high rate of packets going out, each target subnet will receive a small rate of incoming packets.

However, with IPv6 scanning, you'll tend to focus on a single target subnet with billions of addresses. Thus, your default behavior will overwhelm the target network. Networks often crash under the load that masscan can generate.

Design

This section describes the major design issues of the program.

Code Layout

The file main.c contains the main() function, as you'd expect. It also contains the transmit_thread() and receive_thread() functions. These functions have been deliberately flattened and heavily commented so that you can read the design of the program simply by stepping line-by-line through each of these.

Asynchronous

This is an asynchronous design. In other words, it is to nmap what the nginx web-server is to Apache. It has separate transmit and receive threads that are largely independent from each other. It's the same sort of design found in scanrand, unicornscan, and ZMap.

Because it's asynchronous, it runs as fast as the underlying packet transmit allows.

Randomization

A key difference between Masscan and other scanners is the way it randomizes targets.

The fundamental principle is to have a single index variable that starts at zero and is incremented by one for every probe. In C code, this is expressed as:

for (i = 0; i < range; i++) {
    scan(i);
}

We have to translate the index into an IP address. Let's say that you want to scan all "private" IP addresses. That would be the table of ranges like:

192.168.0.0/16
10.0.0.0/8
172.16.0.0/12

In this example, the first 64k indexes are appended to 192.168.x.x to form the target address. Then, the next 16-million are appended to 10.x.x.x. The remaining indexes in the range are applied to 172.16.x.x.

In this example, we only have three ranges. When scanning the entire Internet, we have in practice more than 100 ranges. That's because you have to blacklist or exclude a lot of sub-ranges. This chops up the desired range into hundreds of smaller ranges.

This leads to one of the slowest parts of the code. We transmit 10 million packets per second and have to convert an index variable to an IP address for each and every probe. We solve this by doing a "binary search" in a small amount of memory. At this packet rate, cache efficiencies start to dominate over algorithm efficiencies. There are a lot of more efficient techniques in theory, but they all require so much memory as to be slower in practice.

We call the function that translates from an index into an IP address the pick() function. In use, it looks like:

for (i = 0; i < range; i++) {
    ip = pick(addresses, i);
    scan(ip);
}

Masscan supports not only IP address ranges, but also port ranges. This means we need to pick from the index variable both an IP address and a port. This is fairly straightforward:

range = ip_count * port_count;
for (i = 0; i < range; i++) {
    ip   = pick(addresses, i / port_count);
    port = pick(ports,     i % port_count);
    scan(ip, port);
}

This leads to another expensive part of the code. The division/modulus instructions are around 90 clock cycles, or 30 nanoseconds, on x86 CPUs. When transmitting at a rate of 10 million packets/second, we have only 100 nanoseconds per packet. I see no way to optimize this any better. Luckily, though, two such operations can be executed simultaneously, so doing two of these, as shown above, is no more expensive than doing one.

There are actually some easy optimizations for the above performance problems, but they all rely upon i++, the fact that the index variable increases one by one through the scan. Actually, we need to randomize this variable. We need to randomize the order of IP addresses that we scan or we'll blast the heck out of target networks that aren't built for this level of speed. We need to spread our traffic evenly over the target.

The way we randomize is simply by encrypting the index variable. By definition, encryption is random and creates a 1-to-1 mapping between the original index variable and the output. This means that while we linearly go through the range, the output IP addresses are completely random. In code, this looks like:

range = ip_count * port_count;
for (i = 0; i < range; i++) {
    x = encrypt(i);
    ip   = pick(addresses, x / port_count);
    port = pick(ports,     x % port_count);
    scan(ip, port);
}

This also has a major cost. Since the range is an unpredictable size instead of a nice even power of 2, we can't use cheap binary techniques like AND (&) and XOR (^). Instead, we have to use expensive operations like MODULUS (%). In my current benchmarks, it's taking 40 nanoseconds to encrypt the variable.

This architecture allows for lots of cool features. For example, it supports "shards". You can set up 5 machines each doing a fifth of the scan or range / shard_count. Shards can be multiple machines, or simply multiple network adapters on the same machine, or even (if you want) multiple IP source addresses on the same network adapter.

Or, you can use a 'seed' or 'key' to the encryption function, so that you get a different order each time you scan, like x = encrypt(seed, i).

We can also pause the scan by exiting out of the program, and simply remembering the current value of i, and restart it later. I do that a lot during development. I see something going wrong with my Internet scan, so I hit to stop the scan, then restart it after I've fixed the bug.

Another feature is retransmits/retries. Packets sometimes get dropped on the Internet, so you can send two packets back-to-back. However, something that drops one packet may drop the immediately following packet. Therefore, you want to send the copy about 1 second apart. This is simple. We already have a 'rate' variable, which is the number of packets-per-second rate we are transmitting at, so the retransmit function is simply to use i + rate as the index. One of these days I'm going to do a study of the Internet, and differentiate "back-to-back", "1 second", "10 second", and "1 minute" retransmits this way in order to see if there is any difference in what gets dropped.

C10 Scalability

The asynchronous technique is known as a solution to the "c10k problem". Masscan is designed for the next level of scalability, the "C10M problem".

The C10M solution is to bypass the kernel. There are three primary kernel bypasses in Masscan:

  • custom network driver
  • user-mode TCP stack
  • user-mode synchronization

Masscan can use the PF_RING DNA driver. This driver DMAs packets directly from user-mode memory to the network driver with zero kernel involvement. That allows software, even with a slow CPU, to transmit packets at the maximum rate the hardware allows. If you put 8 10-gbps network cards in a computer, this means it could transmit at 100-million packets/second.

Masscan has its own built-in TCP stack for grabbing banners from TCP connections. This means it can easily support 10 million concurrent TCP connections, assuming of course that the computer has enough memory.

Masscan has no "mutex". Modern mutexes (aka. futexes) are mostly user-mode, but they have two problems. The first problem is that they cause cache-lines to bounce quickly back-and-forth between CPUs. The second is that when there is contention, they'll do a system call into the kernel, which kills performance. A mutex on the fast path of a program severely limits scalability. Instead, Masscan uses "rings" to synchronize things, such as when the user-mode TCP stack in the receive thread needs to transmit a packet without interfering with the transmit thread.

Portability

The code runs well on Linux, Windows, and Mac OS X. All the important bits are in standard C (C90). Therefore, it compiles on Visual Studio with Microsoft's compiler, the Clang/LLVM compiler on Mac OS X, and GCC on Linux.

Windows and Macs aren't tuned for packet transmit, and get only about 300,000 packets-per-second, whereas Linux can do 1,500,000 packets/second. That's probably faster than you want anyway.

Safe code

A bounty is offered for vulnerabilities, see the VULNINFO.md file for more information.

This project uses safe functions like strcpy_s() instead of unsafe functions like strcpy().

This project has automated unit regression tests (make regress).

Compatibility

A lot of effort has gone into making the input/output look like nmap, which everyone who does port scans is (or should be) familiar with.

IPv6 and IPv4 coexistence

Masscan supports IPv6, but there is no special mode, both are supported at the same time. (There is no -6 option -- it's always available).

In any example you see of masscan usage, simply put an IPv6 address where you see an IPv4 address. You can include IPv4 and IPv6 addresses simultaneously in the same scan. Output includes the appropriate address at the same location, with no special marking.

Just remember that IPv6 address space is really big. You probably don't want to scan for big ranges, except maybe the first 64k addresses of a subnet that were assigned via DHCPv6.

Instead, you'll probably want to scan large lists of addresses stored in a file (--include-file filename.txt) that you got from other sources. Like everywhere else, this file can contain lists of both IPv4 and IPv6 addresses. The test file I use contains 8 million addresses. Files of that size need a couple extra seconds to be read on startup (masscan sorts the addresses and removes duplicates before scanning).

Remember that masscan contains its own network stack. Thus, the local machine you run masscan from does not need to be IPv6 enabled -- though the local network needs to be able to route IPv6 packets.

PF_RING

To get beyond 2 million packets/second, you need an Intel 10-gbps Ethernet adapter and a special driver known as "PF_RING ZC" from ntop. Masscan doesn't need to be rebuilt in order to use PF_RING. To use PF_RING, you need to build the following components:

  • libpfring.so (installed in /usr/lib/libpfring.so)
  • pf_ring.ko (their kernel driver)
  • ixgbe.ko (their version of the Intel 10-gbps Ethernet driver)

You don't need to build their version of libpcap.so.

When Masscan detects that an adapter is named something like zc:enp1s0 instead of something like enp1s0, it'll automatically switch to PF_RING ZC mode.

A more detail discussion can be found in PoC||GTFO 0x15.

Regression testing

The project contains a built-in unit test:

$ make test
bin/masscan --selftest
selftest: success!

This tests a lot of tricky bits of the code. You should do this after building.

Performance testing

To test performance, run something like the following to a throw-away address, to avoid overloading your local router:

$ bin/masscan 0.0.0.0/4 -p80 --rate 100000000 --router-mac 66-55-44-33-22-11

The bogus --router-mac keeps packets on the local network segments so that they won't go out to the Internet.

You can also test in "offline" mode, which is how fast the program runs without the transmit overhead:

$ bin/masscan 0.0.0.0/4 -p80 --rate 100000000 --offline

This second benchmark shows roughly how fast the program would run if it were using PF_RING, which has near zero overhead.

By the way, the randomization algorithm makes heavy use of "integer arithmetic", a chronically slow operation on CPUs. Modern CPUs have doubled the speed at which they perform this calculation, making masscan much faster.

Authors

This tool created by Robert Graham: email: [email protected] twitter: @ErrataRob

Comments
  • Lack of randomness

    Lack of randomness

    Hi,

    I noticed that the masscan randomness is not very random. I understand that perfect randomness and distribution of the IPs during the scan is not the main goal, but I think this can have two bad consequences:

    • The scans are not uniform in the IP space. For example, if you scan a /10 at 1M pps, you expect each /20 to be hit at 1k pps. But in practice, some subnetworks will be hit a lot more than others at a given time. This means that you have to reduce your scan rate to avoid overwhelming the routers.
    • The scans are not uniform in the port space. This can cause problem if you want to do a "sample" scan of a network to see which ports are more popular. After 10% of the scan, you might think that your sample will match the global distribution on the network. But in practice, some ports will be hit a lot more than others and will yield more results. You can feel it when you do a scan of 0.0.0.0/0 on all ports and you barely see any tcp/80 open at the start of the scan.

    The graphics below shows the difference in randomness: difference3

    Basically, I simulated a scan of 0.0.0.0/0 using masscan, zmap and real randomness. After 100k probes, I wanted to see if each /10 got the same amount of probes. We can see that zmap matches closely real randomness, and that each /10 got between 75 and 125 probes. However, for masscan, each /10 will get between 0 and 300 probes. Some network are hit a lot more than others.

    Before I dig further, I wanted to know if anyone already stumbled upon this problem ? If so, do you have any pointers or ideas of how this could be resolved ?

    Regards.

    opened by Tim--- 9
  • Fixing the TCP packet length to include MSS options.

    Fixing the TCP packet length to include MSS options.

    In 2014 the MSS options were added to the TCP template packet without adjusting the IP- and TCP-length fields. Due to this oversight, the MSS options were never sent.

    opened by marpie 8
  • No results when whole range of port scans and rate is low

    No results when whole range of port scans and rate is low

    Hi everyone,

    I am having a weird situation here.

    I don't get any results when masscan is used to scan all the 65535 ports however, if I scan specific ports I do get the output.

    What all have I tried

    • [x] I have tried this but in vain.
    • [x] I have switched VPSes between AWS and Digital Ocean.
    • [x] Tried it on ubuntu 16.04 ( AWS and digital ocean )
    • [x] Tried it on arch linux ( AWS and digital ocean )
    • [x] Tried it on my local system kali 2018.2
    • [x] Built it from the repo
    • [x] Also installed it from repositories in kali
    • [x] Tried fiddling with --rate and --wait parameter ( I thought maybe the packets receiving was taking long )

    But as I am here, you all could guess nothing worked.

    Working Output for single port

    masscan -iL ips.txt -p80,443,22,25
    
    Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:05:32 GMT
     -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
    Initiating SYN Stealth Scan
    Scanning 13 hosts [4 ports/host]
    Discovered open port 443/tcp on 143.x.x.68                                  
    Discovered open port 443/tcp on 143.x.x.129                                 
    Discovered open port 80/tcp on 143.x.x.125                                  
    Discovered open port 443/tcp on 143.x.x.10                                  
    Discovered open port 443/tcp on 143.x.x.104                                 
    Discovered open port 80/tcp on 52.x.x.130                                    
    Discovered open port 443/tcp on 52.x.x.5                                     
    Discovered open port 80/tcp on 143.x.x.129                                  
    Discovered open port 443/tcp on 143.x.x.106                                 
    Discovered open port 80/tcp on 143.x.x.106                                  
    Discovered open port 80/tcp on 143.x.x.104                                  
    Discovered open port 80/tcp on 52.x.x.20                                     
    Discovered open port 443/tcp on 14x.x.29.2                                   
    Discovered open port 80/tcp on 52.x.x.5                                      
    Discovered open port 80/tcp on 143.x.x.68                                   
    Discovered open port 443/tcp on 143.x.x.125                                 
    Discovered open port 80/tcp on 52.x.x.35                                     
    Discovered open port 80/tcp on 143.x.x.10                                   
    Discovered open port 443/tcp on 52.x.x.35                                    
    Discovered open port 443/tcp on 52.x.x.20                                    
    Discovered open port 80/tcp on 143.x.x.2                                    
    Discovered open port 443/tcp on 52.x.x.130                                   
    Discovered open port 443/tcp on 143.x.29.69                                  
    Discovered open port 80/tcp on 143.x.29.69   
    

    And when scanning the same with all the options gives no output

    masscan -e eth0 --adapter-ip 159.x.x.147 --adapter-mac a6:b6:dc:2d:9b:d8 --router-mac 00:00:5e:00:11:3e --rate=1000 -iL .ips.txt -p80,443 -dd -oG masscan-results
    pcap: found library: libpcap.so
    pcap: pcap_dev_name: failed
    pcap: pcap_dev_description: failed
    pcap: pcap_dev_next: failed
    pcap: pcap_sendqueue_alloc: failed
    pcap: pcap_sendqueue_transmit: failed
    pcap: pcap_sendqueue_destroy: failed
    pcap: pcap_sendqueue_queue: failed
    pfring: error: dlopen('libpfring.so'): No such file or directory
    initializing adapter
    pcap: libpcap version 1.8.1
    pcap:'eth0': opening...
    pcap:'eth0': successfully opened
    adapter initialization done.
    THREAD: xmit: starting thread #0
    
    Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:03:38 GMT
     -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
    Initiating SYN Stealth Scan
    Scanning 13 hosts [2 ports/host]
    THREAD: status: starting thread
    THREAD: recv: starting thread #0 0:00:00 remaining, found=0       
    THREAD: recv: starting main loop
    maxrate = 1000.00
    THREAD: xmit done, waiting for receive thread to realize this
    THREAD: xmit: stopping thread #0waiting 0-secs, found=0        
    THREAD: recv: stopping thread #0waiting 0-secs, found=0       
    THREAD: status: stopping thread waiting -1-secs, found=0    
    

    I tried with adding the --source-ip 192.168.1.200 but that also didn't work ( It was mentioned for banner grabbing here )

    The same goes for scanning all 65535 ports with the above options or without it :

    masscan -e eth0 --adapter-ip 159.x.x.147 --adapter-mac a6:b6:dc:2d:9b:d8 --router-mac 00:00:5e:00:11:3e --rate=1000 -iL ips.txt -p1-65535 --source-ip 192.168.1.200 -dd -oG masscan-results
    pcap: found library: libpcap.so
    pcap: pcap_dev_name: failed
    pcap: pcap_dev_description: failed
    pcap: pcap_dev_next: failed
    pcap: pcap_sendqueue_alloc: failed
    pcap: pcap_sendqueue_transmit: failed
    pcap: pcap_sendqueue_destroy: failed
    pcap: pcap_sendqueue_queue: failed
    pfring: error: dlopen('libpfring.so'): No such file or directory
    initializing adapter
    pcap: libpcap version 1.8.1
    pcap:'eth0': opening...
    pcap:'eth0': successfully opened
    adapter initialization done.
    
    Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:23:40 GMT
     -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
    Initiating SYN Stealth Scan
    Scanning 13 hosts [2 ports/host]
    THREAD: status: starting thread
    THREAD: recv: starting thread #0 0:00:00 remaining, found=0       
    THREAD: recv: starting main loop
    maxrate = 1000.00
    THREAD: xmit done, waiting for receive thread to realize this
    THREAD: xmit: stopping thread #0waiting 0-secs, found=0        
    THREAD: recv: stopping thread #0waiting 0-secs, found=0       
    THREAD: status: stopping thread waiting -1-secs, found=0      
    

    However as I was putting up this issue, I tried this and this shows some promising results ( perhaps ) :

     masscan -iL ips.txt -p10-65500 --rate=100000
    
    Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2018-07-19 05:14:23 GMT
     -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
    Initiating SYN Stealth Scan
    Scanning 13 hosts [65491 ports/host]
    Discovered open port 443/tcp on 143.x.x.2                                   
    Discovered open port 443/tcp on 143.x.x.129                                 
    Discovered open port 2000/tcp on 143.x.x.129                                
    Discovered open port 443/tcp on 52.x.x.130                                   
    Discovered open port 80/tcp on 143.x.x.106   
    Discovered open port 8020/tcp on 143.x.x.129                                                               
    Discovered open port 8008/tcp on 143.x.x.129                                
    Discovered open port 443/tcp on 52.x.x.5                                     
    Discovered open port 443/tcp on 52.x.x.35                                    
    Discovered open port 443/tcp on 143.x.x.69                                  
    Discovered open port 8010/tcp on 143.x.x.129                                
    Discovered open port 80/tcp on 52.x.x.130                                    
    Discovered open port 443/tcp on 52.x.x.20                                    
    Discovered open port 443/tcp on 143.x.x.106                                 
    Discovered open port 5060/tcp on 143.x.x.129                                
    Discovered open port 80/tcp on 143.x.x.68                                   
    Discovered open port 80/tcp on 143.x.x.2                                    
    Discovered open port 80/tcp on 52.x.x.5                                      
    Discovered open port 8020/tcp on 143.x.x.129                                
    Discovered open port 80/tcp on 143.x.x.129                                  
    Discovered open port 80/tcp on 52.x.x.20                                     
    Discovered open port 80/tcp on 52.x.x.35                                     
    Discovered open port 80/tcp on 143.x.x.69                                   
    Discovered open port 443/tcp on 143.x.x.68                                  
    

    And just to check whether masscan was actually giving the correct results, I checked with nmap for 3 weird ports ( which I doubted were open ) and it were open :smile: , thus verifying the masscan :

    nmap -v -n -p8008,8010,8020 143.x.x.129
    
    Starting Nmap 7.40 ( https://nmap.org ) at 2018-07-19 10:49 IST
    Initiating Ping Scan at 10:49
    Scanning 143.x.x.129 [4 ports]
    Completed Ping Scan at 10:49, 0.22s elapsed (1 total hosts)
    Initiating SYN Stealth Scan at 10:49
    Scanning 143.x.x.129 [3 ports]
    Discovered open port 8008/tcp on 143.x.x.129
    Discovered open port 8020/tcp on 143.x.x.129
    Discovered open port 8010/tcp on 143.x.x.129
    Completed SYN Stealth Scan at 10:49, 0.22s elapsed (3 total ports)
    Nmap scan report for 143.x.x.129
    Host is up (0.13s latency).
    PORT     STATE SERVICE
    8008/tcp open  http
    8010/tcp open  xmpp
    8020/tcp open  intu-ec-svcdisc
    
    Read data files from: /usr/bin/../share/nmap
    Nmap done: 1 IP address (1 host up) scanned in 0.55 seconds
               Raw packets sent: 7 (284B) | Rcvd: 4 (160B)
    

    I don't know the reason of "why this is happening ?"

    But would surely want to know.

    This issue started with a problem I was facing ( couldn't get any output ) and now I am left with a question "Why am I getting the results ?" :rofl:

    P.S. Perhaps this guy here is also facing the same issue #318 and here too issue #303

    opened by LuD1161 7
  • -oJ with multiprocessing error

    -oJ with multiprocessing error

    When I use multiprocessing to run masscan with Python, the output file contains all scan result of the ips. For Example,child process A is specified to scan 192.168.2.2 with output option -oJ a.json and B is used to scan 192.168.2.3 with output option -oJ b.json, however a.json contains both A and B when process finished.That's not what I want. This's a concunrrency problem.

    opened by c0rpse 7
  • Cross-compiling under MinGW failed due to the lack of the inet_ntop function

    Cross-compiling under MinGW failed due to the lack of the inet_ntop function

    I tried to cross-compile masscan on Arch Linux for Windows, and faced the error:

    /usr/lib/gcc/i686-w64-mingw32/10.2.0/../../../../i686-w64-mingw32/bin/ld: tmp/rawsock-getip6.o: in function `rawsock_get_adapter_ipv6':
    /home/victor/git/masscan/src/rawsock-getip6.c:161: undefined reference to `inet_ntop'
    collect2: error: ld returned 1 exit status
    make: *** [Makefile:112: bin/masscan] Error 1
    

    I was able to fix this by defining the inet_ntop function manually. It helped me: https://sourceforge.net/p/mingw/mailman/message/26849634/

    Other than that, I ran into a lot of issues, but was able to fix them, here's the patch: https://gist.github.com/drygdryg/06c94e1d6262103dddb0472bc326799a

    opened by drygdryg 6
  • Bad version of Masscan installed from APT

    Bad version of Masscan installed from APT

    Hello,

    I do not know if I'm wrong but when I try to install Masscan on a fresh Debian version, the version installed is not the same as the apt show package.... Even if I try to install the specific version.

    Debian version

    Debian_version

    APT version -> 1.0.5

    APT_version-1-0-5

    Version installed -> 1.0.4

    Masscan_version1-0-4

    An idea? Is it a Masscan issue or Debian/APT issue? Or it's me?....

    opened by choupit0 6
  • TOR & masscan

    TOR & masscan

    Hello Robert!

    First its not issue more than question! I was wondering is it possible to configure masscan to pass traffic threw TOR? I tried it out , tor bundle is registrating that masscan is connecting to tor, but when i look on dns requests in wireshark, i can see that its not passing proxychains!

    Thanks!

    opened by Indeserpen 6
  • libpcap dependency failure

    libpcap dependency failure

    [root@host html]# ./masscan
    [-] FAIL: failed to load libpcap shared library
        [hint]: you must install libpcap or WinPcap
    
    [root@host html]# yum install libpcap
    Running transaction
      Installing : 14:libpcap-1.5.3-12.el7.x86_64                                                                                                 1/1
      Verifying  : 14:libpcap-1.5.3-12.el7.x86_64                                                                                                 1/1
    
    Installed:
      libpcap.x86_64 14:1.5.3-12.el7
    

    let's try again:

    [root@host html]# ./masscan
    [-] FAIL: failed to load libpcap shared library
        [hint]: you must install libpcap or WinPcap
    

    @robertdavidgraham what else do we need to do? is it possible to compile masscan statically w/ all libraries in it as it used to be?

    opened by lfaoro 5
  • top-ports err

    top-ports err

    Hello @robertdavidgraham,

    When i ran the command masscan --rate 1000 --banners --open-only --retries 3 ‐‐top-ports 100 -iL targets.list and i got the below error.

    FAIL: unknown command-line parameter "‐‐top-ports"
     [hint] did you want "--‐‐top-ports"?
    

    I checked to make sure the version was up to date and reran it but i got the same err. I am running this from Darwin Kernel Version 19.6.0: Thu Jun 18 20:49:00 PDT 2020; root:xnu-6153.141.1~1/RELEASE_X86_64 x86_64. Here is the output masscan -V

    Masscan version 1.3.2 ( https://github.com/robertdavidgraham/masscan )
    Compiled on: Jan 31 2021 18:23:49
    Compiler: gcc Apple LLVM 12.0.0 (clang-1200.0.32.29)
    OS: Apple
    CPU: x86-Corei7 (64 bits)
    GIT version: unknown
    
    opened by gbiagomba 5
  • error when installing

    error when installing

    /tmp/masscan# make instal gcc -g -ggdb -Wall -O2 -c src/crypto-base64.c -o tmp/crypto-base64.o gcc -g -ggdb -Wall -O2 -c src/crypto-blackrock2.c -o tmp/crypto-blackrock2.o gcc -g -ggdb -Wall -O2 -c src/event-timeout.c -o tmp/event-timeout.o gcc -g -ggdb -Wall -O2 -c src/in-binary.c -o tmp/in-binary.o gcc -g -ggdb -Wall -O2 -c src/in-filter.c -o tmp/in-filter.o gcc -g -ggdb -Wall -O2 -c src/in-report.c -o tmp/in-report.o gcc -g -ggdb -Wall -O2 -c src/logger.c -o tmp/logger.o src/logger.c: In function ‘vLOGip’: src/logger.c:55:9: warning: format ‘%s’ expects argument of type ‘char *’, but argument 4 has type ‘char[48]’ [-Wformat=] sprintf_s(sz_ip, sizeof(sz_ip), "%s", ipaddress_fmt(ip).string); ^ src/logger.c:55:9: warning: format ‘%s’ expects argument of type ‘char *’, but argument 4 has type ‘char[48]’ [-Wformat=] gcc -g -ggdb -Wall -O2 -c src/main-conf.c -o tmp/main-conf.o -DGIT="1.3.0-35-g4fac37d" src/main-conf.c: In function ‘masscan_echo_nic’: src/main-conf.c:312:17: warning: format ‘%s’ expects argument of type ‘char *’, but argument 4 has type ‘char[48]’ [-Wformat=] ipv4address_fmt(masscan->nic[i].src.ipv4.first).string); ^ src/main-conf.c:336:17: warning: format ‘%s’ expects argument of type ‘char *’, but argument 4 has type ‘char[48]’ [-Wformat=] ipv4address_fmt(masscan->nic[i].src.ipv4.last).string); ^ src/main-conf.c:336:17: warning: format ‘%s’ expects argument of type ‘char *’, but argument 5 has type ‘char[48]’ [-Wformat=] src/main-conf.c:343:21: warning: format ‘%s’ expects argument of type ‘char *’, but argument 4 has type ‘char[48]’ [-Wformat=] ipv6address_fmt(masscan->nic[i].src.ipv6.last).string); ^ src/main-conf.c:343:21: warning: format ‘%s’ expects argument of type ‘char *’, but argument 5 has type ‘char[48]’ [-Wformat=] src/main-conf.c:345:13: warning: format ‘%s’ expects argument of type ‘char *’, but argument 4 has type ‘char[48]’ [-Wformat=] fprintf(fp, "adapter-ip%s = %s\n", idx_str, ipv6address_fmt(masscan->nic[i].src.ipv6.first).string); ^ src/main-conf.c: In function ‘SET_output_format’: src/main-conf.c:1255:29: warning: format ‘%s’ expects argument of type ‘char *’, but argument 3 has type ‘char[48]’ [-Wformat=] masscan->redis.port); ^ src/main-conf.c: In function ‘masscan_echo’: src/main-conf.c:2986:9: warning: format ‘%s’ expects argument of type ‘char *’, but argument 3 has type ‘char[48]’ [-Wformat=] fprintf(fp, "range = %s", ipv6address_fmt(range.begin).string); ^ src/main-conf.c:2993:17: warning: format ‘%s’ expects argument of type ‘char *’, but argument 3 has type ‘char[48]’ [-Wformat=] fprintf(fp, "-%s", ipv6address_fmt(range.end).string); ^ gcc -g -ggdb -Wall -O2 -c src/main-dedup.c -o tmp/main-dedup.o src/main-dedup.c: In function ‘dedup_selftest’: src/main-dedup.c:387:4: warning: format ‘%s’ expects argument of type ‘char *’, but argument 3 has type ‘char[48]’ [-Wformat=] port_me); ^ src/main-dedup.c:387:4: warning: format ‘%s’ expects argument of type ‘char *’, but argument 5 has type ‘char[48]’ [-Wformat=] gcc -g -ggdb -Wall -O2 -c src/main-initadapter.c -o tmp/main-initadapter.o gcc -g -ggdb -Wall -O2 -c src/main-listscan.c -o tmp/main-listscan.o src/main-listscan.c: In function ‘main_listscan’: src/main-listscan.c:55:13: warning: format ‘%s’ expects argument of type ‘char *’, but argument 2 has type ‘char[48]’ [-Wformat=] printf("%s\n", ipaddress_fmt(addr).string); ^ src/main-listscan.c:58:17: warning: format ‘%s’ expects argument of type ‘char *’, but argument 2 has type ‘char[48]’ [-Wformat=] printf("[%s]:%u\n", ipaddress_fmt(addr).string, port); ^ src/main-listscan.c:60:17: warning: format ‘%s’ expects argument of type ‘char *’, but argument 2 has type ‘char[48]’ [-Wformat=] printf("%s:%u\n", ipaddress_fmt(addr).string, port); ^ gcc -g -ggdb -Wall -O2 -c src/main-ptrace.c -o tmp/main-ptrace.o src/main-ptrace.c: In function ‘packet_trace’: src/main-ptrace.c:40:15: warning: format ‘%s’ expects argument of type ‘char *’, but argument 4 has type ‘char[48]’ [-Wformat=] parsed.port_src); ^ src/main-ptrace.c:40:15: warning: format ‘%s’ expects argument of type ‘char *’, but argument 4 has type ‘char[48]’ [-Wformat=] src/main-ptrace.c:44:15: warning: format ‘%s’ expects argument of type ‘char *’, but argument 4 has type ‘char[48]’ [-Wformat=] parsed.port_dst); ^ src/main-ptrace.c:44:15: warning: format ‘%s’ expects argument of type ‘char *’, but argument 4 has type ‘char[48]’ [-Wformat=] gcc -g -ggdb -Wall -O2 -c src/main-readrange.c -o tmp/main-readrange.o src/main-readrange.c: In function ‘main_readrange’: src/main-readrange.c:84:9: warning: format ‘%s’ expects argument of type ‘char *’, but argument 3 has type ‘char[48]’ [-Wformat=] fprintf(fp, "%s", ipv6address_fmt(range.begin).string); ^ src/main-readrange.c:90:17: warning: format ‘%s’ expects argument of type ‘char *’, but argument 3 has type ‘char[48]’ [-Wformat=] fprintf(fp, "-%s", ipv6address_fmt(range.end).string); ^ gcc -g -ggdb -Wall -O2 -c src/main-status.c -o tmp/main-status.o gcc -g -ggdb -Wall -O2 -c src/main-throttle.c -o tmp/main-throttle.o gcc -g -ggdb -Wall -O2 -c src/main.c -o tmp/main.o gcc -g -ggdb -Wall -O2 -c src/masscan-app.c -o tmp/masscan-app.o gcc -g -ggdb -Wall -O2 -c src/massip-addr.c -o tmp/massip-addr.o In file included from /usr/include/string.h:635:0, from src/massip-addr.c:2: src/massip-addr.c: In function ‘ipv6address_selftest’: src/massip-addr.c:212:9: error: invalid use of non-lvalue array if (strcmp(ipaddress_fmt(ip).string, "1.255.0.163") != 0) ^ src/massip-addr.c:212:9: error: invalid operands to binary + (have ‘char[48]’ and ‘int’) if (strcmp(ipaddress_fmt(ip).string, "1.255.0.163") != 0) ^ src/massip-addr.c:212:5: error: cannot convert to a pointer type if (strcmp(ipaddress_fmt(ip).string, "1.255.0.163") != 0) ^ In file included from /usr/include/string.h:635:0, from src/massip-addr.c:2: src/massip-addr.c:212:9: error: invalid use of non-lvalue array if (strcmp(ipaddress_fmt(ip).string, "1.255.0.163") != 0) ^ src/massip-addr.c:212:9: error: invalid operands to binary + (have ‘char[48]’ and ‘int’) if (strcmp(ipaddress_fmt(ip).string, "1.255.0.163") != 0) ^ src/massip-addr.c:212:5: error: cannot convert to a pointer type if (strcmp(ipaddress_fmt(ip).string, "1.255.0.163") != 0) ^ In file included from /usr/include/string.h:635:0, from src/massip-addr.c:2: src/massip-addr.c:212:9: error: invalid use of non-lvalue array if (strcmp(ipaddress_fmt(ip).string, "1.255.0.163") != 0) ^ src/massip-addr.c:212:9: error: invalid use of non-lvalue array if (strcmp(ipaddress_fmt(ip).string, "1.255.0.163") != 0) ^ src/massip-addr.c:212:5: error: cannot convert to a pointer type if (strcmp(ipaddress_fmt(ip).string, "1.255.0.163") != 0) ^ src/massip-addr.c:212:5: error: cannot convert to a pointer type src/massip-addr.c:212:5: error: cannot convert to a pointer type src/massip-addr.c:212:5: error: cannot convert to a pointer type In file included from /usr/include/string.h:635:0, from src/massip-addr.c:2: src/massip-addr.c:212:9: error: invalid operands to binary + (have ‘char[48]’ and ‘int’) if (strcmp(ipaddress_fmt(ip).string, "1.255.0.163") != 0) ^ src/massip-addr.c:212:5: error: cannot convert to a pointer type if (strcmp(ipaddress_fmt(ip).string, "1.255.0.163") != 0) ^ In file included from /usr/include/string.h:635:0, from src/massip-addr.c:2: src/massip-addr.c:212:9: error: invalid use of non-lvalue array if (strcmp(ipaddress_fmt(ip).string, "1.255.0.163") != 0) ^ src/massip-addr.c:212:5: error: cannot convert to a pointer type if (strcmp(ipaddress_fmt(ip).string, "1.255.0.163") != 0) ^ In file included from /usr/include/string.h:635:0, from src/massip-addr.c:2: src/massip-addr.c:212:9: error: invalid use of non-lvalue array if (strcmp(ipaddress_fmt(ip).string, "1.255.0.163") != 0) ^ Makefile:104: recipe for target 'tmp/massip-addr.o' failed make: *** [tmp/massip-addr.o] Error 1

    opened by evantoday 5
  • Segfault on Linux

    Segfault on Linux

    Not much to say. Will segfault when scanning a list of IPv4 CIDRs whereas 1.0.6 works fine.

    # ./bin/masscan --open -p 443 -iL in.lst -oG out.lst
    
    Starting masscan 1.3.0 (http://bit.ly/14GZzcT) at 2021-01-10 16:07:28 GMT
     -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
    Initiating SYN Stealth Scan
    Scanning 238848 hosts [1 port/host]
    ======================================================================
     Segmentation fault: please post this backtrace to:
     https://github.com/robertdavidgraham/masscan/issues
    ======================================================================
    7: [/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f) [0x7f82304574cf]]
    ?? ??:0
    6: [/lib/x86_64-linux-gnu/libpthread.so.0(+0x7fa3) [0x7f8230526fa3]]
    ?? ??:0
    5: [./bin/masscan(+0x12a4b) [0x558300ca0a4b]]
    ?? ??:0
    4: [./bin/masscan(+0x1f145) [0x558300cad145]]
    ?? ??:0
    3: [./bin/masscan(+0x1c4e3) [0x558300caa4e3]]
    ?? ??:0
    2: [/lib/x86_64-linux-gnu/libc.so.6(+0x37840) [0x7f8230395840]]
    ?? ??:0
    1: [./bin/masscan(+0x1f662) [0x558300cad662]]
    ?? ??:0
    
    opened by eur0pa 5
  • libpcap issue

    libpcap issue

    [-] FAIL: failed to load libpcap shared library [hint]: you must install libpcap or WinPcap FAIL:eth0: can't open adapter: libpcap not loaded [-] if:eth0:init: failed

    i already tried some fix but none of them worked.

    opened by holingcode 0
  • Great tool, but I can't use it

    Great tool, but I can't use it

    Hello, I installed this tool and it works very well except that my ISP and Hetzner block me for spamming. Are there any known server hosters that allow scanning the internet with a reasonable speed using this tool?

    opened by MrRedRhino 0
  • Ipv6 address must start with a decimal number

    Ipv6 address must start with a decimal number

    hi, i using latest code to build program。found a question for masscan with IPv6 scanning.

    for example:

    $ masscan -p 80 fe80::ae1f:6bff:fedd:36f6
    FAIL: unknown command-line parameter "fe80::ae1f:6bff:fedd:36f6"
     [hint] did you want "--fe80::ae1f:6bff:fedd:36f6"?
    

    I simply followed the code,found in code file src/main-conf.c , line 3078:

    if (!isdigit(argv[i][0]) && argv[i][0] != ':' && argv[i][0] != '[') {
        fprintf(stderr, "FAIL: unknown command-line parameter \"%s\"\n", argv[i]);
        fprintf(stderr, " [hint] did you want \"--%s\"?\n", argv[i]);
        exit(1);
    }
    

    isdigit ? So ipv6 addresses must start with a decimal number?

    Any suggestions?

    opened by yingque 1
  • Unknown Command line parameter

    Unknown Command line parameter

    While running dnmasscan and append the result to masscan. I 'm getting an error. dns.log has been generated however scan terminates before getting result in masscan.log

    For reference : Below mentioned is the error

    Resolving domains... [*] Saved resolved addresses to dns-indeed.log [*] Launching masscan...

    FAIL: unknown command-line parameter ",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,121.241.160.178,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,76.77.155.130,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,76.77.155.130,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,," [hint] did you want "--,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,121.241.160.178,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,76.77.155.130,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,76.77.155.130,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"?

    opened by karthik44444 0
Releases(1.3.2)
Owner
Robert David Graham
Robert David Graham
XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.

XMap is reimplemented and improved thoroughly from ZMap and is fully compatible with ZMap, armed with the "5 minutes" probing speed and novel scanning techniques. XMap is capable of scanning the 32-bits address space in under 45 minutes.

idealeer 190 Dec 24, 2022
Port-Fin(port finder) is a tool which scans for open and closed port on a website/host.

Port-Fin(port finder) is a tool which scans for open and closed port on a website/host. This tool scans the state of the well known/common ports.

AnonabdulJ 4 Dec 14, 2021
A Tcp/Ip stack implementation on top of Solarflare ef_vi, and a C++ headers only framework for tcp multiplexing client/server.

Efvitcp Efvitcp is a tcp library using Solarflare ef_vi interface on linux, and also a tcp multiplexing framework for both C++ client and server progr

Meng Rao 23 Nov 26, 2022
an easy implementation of a multi-process tcp server and a multi-thread tcp client

一个TCP多进程服务器-多线程客户端的简单实现。 客户端类似Apache ab的测试功能,能够通过向某一个ip端口发送指定并发量和总数量的tcp短连接;服务端处理tcp短连接,每来一条消息就打印一条log。 使用cmake编译,建议在vscode里编译,或者命令行 # 终端进入目录 mkdir bu

adin 1 Nov 28, 2021
TCP Port Redirection Utility

Overview PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic destined for one TCP port (e.g., 445

Praetorian 487 Jan 6, 2023
📡 TCP/UDP port redirector

rinetd, by Thomas Boutell and Sam Hocevar. Released under the terms of the GNU General Public License, version 2 or later. This program is used to eff

Sam Hocevar 513 Dec 29, 2022
XDP programs that increment stat counters for packets/bytes.

XDP Stats Description This is a program that calculates stats inside of an XDP program (support for both XDP_DROP and XDP_TX). As of right now, the st

Christian Deacon 10 Oct 30, 2022
pwru is an eBPF-based tool for tracing network packets in the Linux kernel with advanced filtering capabilities.

pwru (packet, where are you?) pwru is an eBPF-based tool for tracing network packets in the Linux kernel with advanced filtering capabilities. It allo

Cilium 1.1k Dec 28, 2022
A program that implements the forwading of packets from a router.

Nume: Dragne Lavinia-Stefana Grupa: 324 CA PROTOCOALE DE COMUNICATIE Tema #1 - Router Continutul proiectului este urmatorul: - dir

null 1 Jun 22, 2022
This repository contains a set of InternalBlue patches for the BCM4375B1 Bluetooth controller, allowing to sniff and inject Zigbee, Mosart and Enhanced ShockBurst packets from a Samsung Galaxy S20 smartphone.

RadioSploit 1.0 - Patches This repository contains a set of InternalBlue patches for the BCM4375B1 Bluetooth controller, allowing to sniff and inject

Romain Cayre 12 Nov 1, 2022
A software C library designed to extract data attributes from network packets, server logs, and from structured events in general, in order to make them available for analysis

MMT-DPI A software C library desinged to extract data attributes from network packets, server logs, and from structured events in general, in odrder t

Montimage 3 Nov 9, 2022
WiFi scanner with visual persistence, intended to find the idlest channel e.g. to assign to a ZigBee device

WiFiChanViz Motivation This tool was initially coded to help find the idlest 2.4GHz channel in order to connect a ZigBee device to HomeAssistant in id

tobozo 15 Oct 27, 2022
Rudimentary opinionated client-side lua libwayland bindings and scanner

wau This should work with Lua 5.3+. By default it builds with 5.3 instead of 5.4 because the examples depend on lgi. These aren't 1-to-1 bindings to l

null 4 Nov 19, 2022
Husarnet is a Peer-to-Peer VPN to connect your laptops, servers and microcontrollers over the Internet with zero configuration.

Husarnet Client Husarnet is a Peer-to-Peer VPN to connect your laptops, servers and microcontrollers over the Internet with zero configuration. Key fe

Husarnet 180 Jan 1, 2023
A local DNS server to obtain the fastest website IP for the best Internet experience

A local DNS server to obtain the fastest website IP for the best Internet experience

Nick Peng 5.7k Jan 4, 2023
Graphical small-internet client for windows, linux, MacOS X and BSDs. Supports gemini, http, https, gopher, finger.

Graphical small-internet client for windows, linux, MacOS X and BSDs. Supports gemini, http, https, gopher, finger.

Felix Queißner 569 Dec 30, 2022
JerryScript: JavaScript engine for the Internet of Things

JerryScript: JavaScript engine for the Internet of Things JerryScript is a lightweight JavaScript engine for resource-constrained devices such as micr

Arm Mbed 5 Aug 29, 2022
Ultra fast and low latency asynchronous socket server & client C++ library with support TCP, SSL, UDP, HTTP, HTTPS, WebSocket protocols and 10K connections problem solution

CppServer Ultra fast and low latency asynchronous socket server & client C++ library with support TCP, SSL, UDP, HTTP, HTTPS, WebSocket protocols and

Ivan Shynkarenka 958 Jan 3, 2023