Description
masscan is an Internet-scale port scanner, useful for large scale surveys of the Internet, or of internal networks. While the default transmit rate is only 100 packets/second, it can optional go as fast as 25 million
packets/second, a rate sufficient to scan the Internet in 3 minutes for one port.
| Platform | Linux |
| Author | Robert Graham |
| License | Free |
| URL | https://github.com/robertdavidgraham/masscan |
Usage
OPTIONS
· <ip/range>: anything on the command-line not prefixed with a ´-´ is assumed to be an IP address or range. There are three valid formats. The first is a single IPv4 address like "192.168.0.1". The second is a range
like "10.0.0.1-10.0.0.100". The third is a CIDR address, like "0.0.0.0/0". At least one target must be specified. Multiple targets can be specified. This can be specified as multiple options separated by space, or
can be separated by a comma as a single option, such as 10.0.0.0/8,192.168.0.1.
· --range <ip/range>: the same as target range spec described above, except as a named parameter instead of an unnamed one.
· -p <ports, --ports <ports>: specifies the port(s) to be scanned. A single port can be specified, like -p80. A range of ports can be specified, like -p 20-25. A list of ports/ranges can be specified, like
-p80,20-25. UDP ports can also be specified, like --ports U:161,U:1024-1100.
· --banners: specifies that banners should be grabbed, like HTTP server versions, HTML title fields, and so forth. Only a few protocols are supported.
· --rate <packets-per-second>: specifies the desired rate for transmitting packets. This can be very small numbers, like 0.1 for transmitting packets at rates of one every 10 seconds, for very large numbers like
10000000, which attempts to transmit at 10 million packets/second. In my experience, Windows and can do 250 thousand packets per second, and latest versions of Linux can do 2.5 million packets per second. The
PF_RING driver is needed to get to 25 million packets/second.
· -c <filename>, --conf <filename>: reads in a configuration file. The format of the configuration file is described below.
· --resume <filename>: the same as --conf, except that a few options are automatically set, such as --append-output. The format of the configuration file is described below.
· --echo: don´t run, but instead dump the current configuration to a file. This file can then be used with the -c option. The format of this output is described below under ´CONFIGURATION FILE´.
· -e <ifname>, --adapter <ifname>: use the named raw network interface, such as "eth0" or "dna1". If not specified, the first network interface found with a default gateway will be used.
· --adapter-ip <ip-address>: send packets using this IP address. If not specified, then the first IP address bound to the network interface will be used. Instead of a single IP address, a range may be specified.
NOTE: The size of the range must be an even power of 2, such as 1, 2, 4, 8, 16, 1024 etc. addresses.
· --adapter-port <port>: send packets using this port number as the source. If not specified, a random port will be chosen in the range 40000 through 60000. This port should be filtered by the host firewall (like
iptables) to prevent the host network stack from interfering with arriving packets. Instead of a single port, a range can be specified, like 40000-40003. NOTE: The size of the range must be an even power of 2, such
as the example above that has a total of 4 addresses.
· --adapter-mac <mac-address>: send packets using this as the source MAC address. If not specified, then the first MAC address bound to the network interface will be used.
· --router-mac <mac address>: send packets to this MAC address as the destination. If not specified, then the gateway address of the network interface will be ARPed.
· --ping: indicates that the scan should include an ICMP echo request. This may be included with TCP and UDP scanning.
· --exclude <ip/range>: blacklist an IP address or range, preventing it from being scanned. This overrides any target specification, guaranteeing that this address/range won´t be scanned. This has the same format as
the normal target specification.
· --excludefile <filename>: reads in a list of exclude ranges, in the same target format described above. These ranges override any targets, preventing them from being scanned.
· --append-output: causes output to append to file, rather than overwriting the file.
· --iflist: list the available network interfaces, and then exits.
· --retries: the number of retries to send, at 1 second intervals. Note that since this scanner is stateless, retries are sent regardless if replies have already been received.
· --nmap: print help aobut nmap-compatibility alternatives for these options.
· --pcap-payloads: read packets from a libpcap file containing packets and extract the UDP payloads, and associate those payloads with the destination port. These payloads will then be used when sending UDP packets
with the matching destination port. Only one payload will be remembered per port. Similar to --nmap-payloads.
· --nmap-payloads <filename>: read in a file in the same format as the nmap file nmap-payloads. This contains UDP payload, so that we can send useful UDP packets instead of empty ones. Similar to --pcap-payloads.
· --http-user-agent <user-agent>: replaces the existing user-agent field with the indicated value when doing HTTP requests.
· --open-only: report only open ports, not closed ports.
· --pcap <filename>: saves received packets (but not transmitted packets) to the libpcap-format file.
· --packet-trace: prints a summary of those packets sent and received. This is useful at low rates, like a few packets per second, but will overwhelm the terminal at high rates.
· --pfring: force the use of the PF_RING driver. The program will exit if PF_RING DNA drvers are not available.
· --resume-index: the point in the scan at when it was paused.
· --resume-count: the maximum number of probes to send before exiting. This is useful with the --resume-index to chop up a scan and split it among multiple instances, though the --shards option might be better.
· --shards <x>/<y>: splits the scan among instances. x is the id for this scan, while y is the total number of instances. For example, --shards 1/2 tells an instance to send every other packet, starting with index 0.
Likewise, --shards 2/2 sends every other packet, but starting with index 1, so that it doesn´t overlap with the first example.
· --rotate <time>: rotates the output file, renaming it with the current timestamp, moving it to a separate directory. The time is specified in number of seconds, like "3600" for an hour. Or, units of time can be
specified, such as "hourly", or "6hours", or "10min". Times are aligned on an even boundary, so if "daily" is specified, then the file will be rotated every day at midnight.
· --rotate-offset <time>: an offset in the time. This is to accommodate timezones.
· --rotate-dir <directory>: when rotating the file, this specifies which directory to move the file to. A useful directory is /var/log/masscan.
· --seed <integer>: an integer that seeds the random number generator. Using a different seed will cause packets to be sent in a different random order. Instead of an integer, the string time can be specified, which
seeds using the local timestamp, automatically generating a differnet random order of scans. If no seed specified, time is the default.
· --regress: run a regression test, returns ´0´ on success and ´1´ on failure.
· --ttl <num>: specifies the TTL of outgoing packets, defaults to 255.
· --wait <seconds>: specifies the number of seconds after transmit is done to wait for receiving packets before exiting the program. The default is 10 seconds. The string forever can be specified to never terminate.
· --offline: don´t actually transmit packets. This is useful with a low rate and --packet-trace to look at what packets might´ve been transmitted. Or, it´s useful with --rate 100000000 in order to benchmark how fast
transmit would work (assuming a zero-overhead driver). PF_RING is about 20% slower than the benchmark result from offline mode.
· -sL: this doesn´t do a scan, but instead creates a list of random addresses. This is useful for importing into other tools. The options --shard, --resume-index, and --resume-count can be useful with this feature.
· --interactive: show the results in realtime on the console. It has no effect if used with --output-format or --output-filename.
· --output-format <fmt>: indicates the format of the output file, which can be xml, binary, grepable, list, or JSON. The option --output-filename must be specified.
· --output-filename <filename>: the file which to save results to. If the parameter --output-format is not specified, then the default of xml will be used.
· -oB <filename>: sets the output format to binary and saves the output in the given filename. This is equivelent to using the --output-format and --output-filename parameters. The option --readscan can then be used
to read the binary file. Binary files are mush smaller than their XML equivelents, but require a separate step to convert back into XML or another readable format.
· -oX <filename>: sets the output format to XML and saves the output in the given filename. This is equivelent to using the --output-format xml and --output-filename parameters.
· -oG <filename>: sets the output format to grepable and saves the output in the given filename. This is equivelent to using the --output-format grepable and --output-filename parameters.
· -oJ <filename>: sets the output format to JSON and saves the output in the given filename. This is equivelent to using the --output-format json and --output-filename parameters.
· -oL <filename>: sets the output format to a simple list format and saves the output in the given filename. This is equivelent to using the --output-format list and --output-filename parameters.
· --readscan <binary-files>: reads the files created by the -oB option from a scan, then outputs them in one of the other formats, depending on command-line parameters. In other words, it can take the binary version
of the output and convert it to an XML or JSON format.Examples
masscan -p22,445,3389 –rate 15000 -oB myscan.mass x.x.x.x/8
This will check the specified ports in the /8 network at a rate of 15,000 packets per minute. This is probably the max rate you should ever run masscan. The -oB option will save the output in masscans binary format (to save space), and the output file can be converted to other formats as needed.
sec@slingshot:~$ sudo masscan --ports 0-65535 --rate 15000 --src-port=55555 -oB /tmp/local.masscan 127.0.0.1
Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2022-03-15 15:21:58 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [65536 ports/host]masscan –readscan myscan.mass -oX myscan.xml
This will read a previous scan that was saved in binary format and save a copy as XML. The following is the contents of an example XML format scan.
<?xml version="1.0"?>
<!-- masscan v1.0 scan -->
<?xml-stylesheet href="" type="text/xsl"?>
<nmaprun scanner="masscan" start="1647358016" version="1.0-BETA" xmloutputversion="1.03">
<scaninfo type="syn" protocol="tcp" />
<host endtime="1640365642"><address addr="10.130.10.4" addrtype="ipv4"/><ports><port protocol="tcp" portid="3268"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640365644"><address addr="10.130.10.4" addrtype="ipv4"/><ports><port protocol="tcp" portid="49699"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640365672"><address addr="10.130.10.6" addrtype="ipv4"/><ports><port protocol="tcp" portid="5986"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640365691"><address addr="10.130.10.4" addrtype="ipv4"/><ports><port protocol="tcp" portid="49667"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640365693"><address addr="10.130.10.21" addrtype="ipv4"/><ports><port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640365693"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="6402"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640365698"><address addr="10.130.10.44" addrtype="ipv4"/><ports><port protocol="tcp" portid="5986"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640365699"><address addr="10.130.10.21" addrtype="ipv4"/><ports><port protocol="tcp" portid="5986"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640365723"><address addr="10.130.10.44" addrtype="ipv4"/><ports><port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640365735"><address addr="10.130.10.6" addrtype="ipv4"/><ports><port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640365743"><address addr="10.130.10.4" addrtype="ipv4"/><ports><port protocol="tcp" portid="5986"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640365746"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="477"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640365748"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="477"><state state="open" reason="response" reason_ttl="128" /><service name="ftp" banner="220 mail01.hiboxy.com MICROSOFT ESMTP MAIL SERVICE READY AT Fri, 24 Dec 2021 17:09:06 +0000\x0a503 5.5.1 Bad sequence of commands"></service></port></ports></host>
...
<host endtime="1640366213"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="587"><state state="open" reason="response" reason_ttl="128" /><service name="smtp" banner="220 mail01.hiboxy.com Microsoft ESMTP MAIL Service ready at Fri, 24 Dec 2021 17:16:49 +0000\x0a250-mail01.hiboxy.com Hello [10.130.10.99]\x0a250-SIZE 37748736\x0a250-PIPELINING\x0a250-DSN\x0a250-ENHANCEDSTATUSCODES\x0a250-STARTTLS\x0a250-AUTH GSSAPI NTLM\x0a250-8BITMIME\x0a250-BINARYMIME\x0a250-CHUNKING\x0a250 SMTPUTF8\x0a220 2.0.0 SMTP server ready"></service></port></ports></host>
<host endtime="1640366218"><address addr="10.130.10.4" addrtype="ipv4"/><ports><port protocol="tcp" portid="49674"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366220"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="6744"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366222"><address addr="10.130.10.44" addrtype="ipv4"/><ports><port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366229"><address addr="10.130.10.10" addrtype="ipv4"/><ports><port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1640366230"><address addr="10.130.10.10" addrtype="ipv4"/><ports><port protocol="tcp" portid="23"><state state="open" reason="response" reason_ttl="64" /><service name="ssh" banner="SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3"></service></port></ports></host>
<host endtime="1640366233"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="135"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366235"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="25"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366236"><address addr="10.130.10.33" addrtype="ipv4"/><ports><port protocol="tcp" portid="5985"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366237"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="475"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366239"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="475"><state state="open" reason="response" reason_ttl="128" /><service name="ftp" banner="220 mail01.hiboxy.com MICROSOFT ESMTP MAIL SERVICE READY AT Fri, 24 Dec 2021 17:17:17 +0000\x0a503 5.5.1 Bad sequence of commands"></service></port></ports></host>
<host endtime="1640366239"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="25"><state state="open" reason="response" reason_ttl="128" /><service name="smtp" banner="220 mail01.hiboxy.com Microsoft ESMTP MAIL Service ready at Fri, 24 Dec 2021 17:17:15 +0000\x0a250-mail01.hiboxy.com Hello [10.130.10.99]\x0a250-SIZE 37748736\x0a250-PIPELINING\x0a250-DSN\x0a250-ENHANCEDSTATUSCODES\x0a250-STARTTLS\x0a250-X-ANONYMOUSTLS\x0a250-AUTH NTLM\x0a250-X-EXPS GSSAPI NTLM\x0a250-8BITMIME\x0a250-BINARYMIME\x0a250-CHUNKING\x0a250-SMTPUTF8\x0a250 XRDST\x0a220 2.0.0 SMTP server ready"></service></port></ports></host>
<host endtime="1640366241"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366245"><address addr="10.130.10.44" addrtype="ipv4"/><ports><port protocol="tcp" portid="139"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366250"><address addr="10.130.10.4" addrtype="ipv4"/><ports><port protocol="tcp" portid="49674"><state state="open" reason="response" reason_ttl="128" /><service name="unknown" banner="ncacn_http/1.0"></service></port></ports></host>
<host endtime="1640366256"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="717"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366258"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="717"><state state="open" reason="response" reason_ttl="128" /><service name="ftp" banner="220 mail01.hiboxy.com Microsoft ESMTP MAIL Service ready at Fri, 24 Dec 2021 17:17:36 +0000\x0a503 5.5.2 Send hello first"></service></port></ports></host>
<host endtime="1640366264"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366277"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="2105"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366278"><address addr="10.130.10.22" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1640366279"><address addr="10.130.10.4" addrtype="ipv4"/><ports><port protocol="tcp" portid="49677"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366281"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366289"><address addr="10.130.10.11" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1640366290"><address addr="10.130.10.4" addrtype="ipv4"/><ports><port protocol="tcp" portid="464"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366303"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="6768"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366306"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="5985"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366308"><address addr="10.130.10.45" addrtype="ipv4"/><ports><port protocol="tcp" portid="445"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366311"><address addr="10.130.10.22" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="response" reason_ttl="64" /><service name="title" banner="Welcome to nginx!"></service></port></ports></host>
<host endtime="1640366311"><address addr="10.130.10.22" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="response" reason_ttl="64" /><service name="http" banner="HTTP/1.1 200 OK\x0d\x0aServer: nginx/1.18.0 (Ubuntu)\x0d\x0aDate: Fri, 24 Dec 2021 17:18:00 GMT\x0d\x0aContent-Type: text/html\x0d\x0aContent-Length: 612\x0d\x0aLast-Modified: Fri, 24 Dec 2021 00:56:16 GMT\x0d\x0aConnection: close\x0d\x0aETag: \x2261c51ab0-264\x22\x0d\x0aAccept-Ranges: bytes\x0d\x0a\x0d"></service></port></ports></host>
<host endtime="1640366314"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="response" reason_ttl="128" /><service name="http" banner="HTTP/1.1 403 Forbidden\x0d\x0aServer: Microsoft-IIS/10.0\x0d\x0aDate: Fri, 24 Dec 2021 17:18:05 GMT\x0d\x0aConnection: close\x0d\x0aContent-Length: 0\x0d\x0a\x0d"></service></port></ports></host>
<host endtime="1640366316"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="6001"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366320"><address addr="10.130.10.11" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="response" reason_ttl="64" /><service name="title" banner="Welcome to nginx!"></service></port></ports></host>
<host endtime="1640366320"><address addr="10.130.10.11" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="response" reason_ttl="64" /><service name="http" banner="HTTP/1.1 200 OK\x0d\x0aServer: nginx/1.18.0 (Ubuntu)\x0d\x0aDate: Fri, 24 Dec 2021 17:18:12 GMT\x0d\x0aContent-Type: text/html\x0d\x0aContent-Length: 612\x0d\x0aLast-Modified: Fri, 24 Dec 2021 00:56:15 GMT\x0d\x0aConnection: close\x0d\x0aETag: \x2261c51aaf-264\x22\x0d\x0aAccept-Ranges: bytes\x0d\x0a\x0d"></service></port></ports></host>
<host endtime="1640366601"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="593"><state state="open" reason="response" reason_ttl="128" /><service name="unknown" banner="ncacn_http/1.0"></service></port></ports></host>
<host endtime="1640366601"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="81"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366617"><address addr="10.130.10.4" addrtype="ipv4"/><ports><port protocol="tcp" portid="593"><state state="open" reason="response" reason_ttl="128" /><service name="unknown" banner="ncacn_http/1.0"></service></port></ports></host>
<host endtime="1640366642"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="6630"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366709"><address addr="10.130.10.11" addrtype="ipv4"/><ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1640366710"><address addr="10.130.10.11" addrtype="ipv4"/><ports><port protocol="tcp" portid="22"><state state="open" reason="response" reason_ttl="64" /><service name="ssh" banner="SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3"></service></port></ports></host>
<host endtime="1640366713"><address addr="10.130.10.22" addrtype="ipv4"/><ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1640366714"><address addr="10.130.10.22" addrtype="ipv4"/><ports><port protocol="tcp" portid="22"><state state="open" reason="response" reason_ttl="64" /><service name="ssh" banner="SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3"></service></port></ports></host>
<host endtime="1640366726"><address addr="10.130.10.10" addrtype="ipv4"/><ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1640366726"><address addr="10.130.10.25" addrtype="ipv4"/><ports><port protocol="tcp" portid="6548"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366727"><address addr="10.130.10.10" addrtype="ipv4"/><ports><port protocol="tcp" portid="22"><state state="open" reason="response" reason_ttl="64" /><service name="ssh" banner="SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3"></service></port></ports></host>
<host endtime="1640366727"><address addr="10.130.10.5" addrtype="ipv4"/><ports><port protocol="tcp" portid="5986"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<host endtime="1640366735"><address addr="10.130.10.44" addrtype="ipv4"/><ports><port protocol="tcp" portid="5985"><state state="open" reason="syn-ack" reason_ttl="128"/></port></ports></host>
<runstats>
<finished time="1647358016" timestr="2022-03-15 15:26:56" elapsed="0" />
<hosts up="131" down="0" total="131" />
</runstats>
</nmaprun>masscan –readscan myscan.mass -oG myscan.grep
This will read a binary format scan and save a copy in a grepable format.
# Masscan 1.0.3 scan initiated Fri Dec 24 17:07:14 2021
# Ports scanned: TCP(0;) UDP(0;) SCTP(0;) PROTOCOLS(0;)
Host: 10.130.10.4 () Ports: 3268/open/tcp////
Host: 10.130.10.4 () Ports: 49699/open/tcp////
Host: 10.130.10.6 () Ports: 5986/open/tcp////
Host: 10.130.10.4 () Ports: 49667/open/tcp////
Host: 10.130.10.21 () Ports: 445/open/tcp////
Host: 10.130.10.25 () Ports: 6402/open/tcp////
Host: 10.130.10.44 () Ports: 5986/open/tcp////
Host: 10.130.10.21 () Ports: 5986/open/tcp////
Host: 10.130.10.44 () Ports: 445/open/tcp////
Host: 10.130.10.6 () Ports: 445/open/tcp////
Host: 10.130.10.4 () Ports: 5986/open/tcp////
Host: 10.130.10.25 () Ports: 477/open/tcp////
Host: 10.130.10.25 () Port: 477 Service: ftp Banner: 220 mail01.hiboxy.com MICROSOFT ESMTP MAIL SERVICE READY AT Fri, 24 Dec 2021 17:09:06 +0000\x0a503 5.5.1 Bad sequence of commands
Host: 10.130.10.25 () Ports: 443/open/tcp////
Host: 10.130.10.25 () Ports: 6593/open/tcp////
Host: 10.130.10.33 () Ports: 5985/open/tcp////
Host: 10.130.10.25 () Ports: 475/open/tcp////
Host: 10.130.10.25 () Port: 475 Service: ftp Banner: 220 mail01.hiboxy.com MICROSOFT ESMTP MAIL SERVICE READY AT Fri, 24 Dec 2021 17:17:17 +0000\x0a503 5.5.1 Bad sequence of commands
Host: 10.130.10.25 () Port: 25 Service: smtp Banner: 220 mail01.hiboxy.com Microsoft ESMTP MAIL Service ready at Fri, 24 Dec 2021 17:17:15 +0000\x0a250-mail01.hiboxy.com Hello [10.130.10.99]\x0a250-SIZE 37748736\x0a250-PIPELINING\x0a250-DSN\x0a250-ENHANCEDSTATUSCODES\x0a250-STARTTLS\x0a250-X-ANONYMOUSTLS\x0a250-AUTH NTLM\x0a250-X-EXPS GSSAPI NTLM\x0a250-8BITMIME\x0a250-BINARYMIME\x0a250-CHUNKING\x0a250-SMTPUTF8\x0a250 XRDST\x0a220 2.0.0 SMTP server ready
Host: 10.130.10.25 () Ports: 139/open/tcp////
Host: 10.130.10.44 () Ports: 139/open/tcp////
Host: 10.130.10.4 () Port: 49674 Service: unknown Banner: ncacn_http/1.0
Host: 10.130.10.25 () Ports: 717/open/tcp////
Host: 10.130.10.25 () Port: 717 Service: ftp Banner: 220 mail01.hiboxy.com Microsoft ESMTP MAIL Service ready at Fri, 24 Dec 2021 17:17:36 +0000\x0a503 5.5.2 Send hello first
Host: 10.130.10.25 () Ports: 445/open/tcp////
Host: 10.130.10.25 () Ports: 2105/open/tcp////
...
Host: 10.130.10.25 () Ports: 6768/open/tcp////
Host: 10.130.10.25 () Ports: 5985/open/tcp////
Host: 10.130.10.45 () Ports: 445/open/tcp////
Host: 10.130.10.22 () Port: 80 Service: title Banner: Welcome to nginx!
Host: 10.130.10.22 () Port: 80 Service: http Banner: HTTP/1.1 200 OK\x0d\x0aServer: nginx/1.18.0 (Ubuntu)\x0d\x0aDate: Fri, 24 Dec 2021 17:18:00 GMT\x0d\x0aContent-Type: text/html\x0d\x0aContent-Length: 612\x0d\x0aLast-Modified: Fri, 24 Dec 2021 00:56:16 GMT\x0d\x0aConnection: close\x0d\x0aETag: \x2261c51ab0-264\x22\x0d\x0aAccept-Ranges: bytes\x0d\x0a\x0d
Host: 10.130.10.25 () Port: 80 Service: http Banner: HTTP/1.1 403 Forbidden\x0d\x0aServer: Microsoft-IIS/10.0\x0d\x0aDate: Fri, 24 Dec 2021 17:18:05 GMT\x0d\x0aConnection: close\x0d\x0aContent-Length: 0\x0d\x0a\x0d
Host: 10.130.10.25 () Ports: 6001/open/tcp////
Host: 10.130.10.11 () Port: 80 Service: title Banner: Welcome to nginx!
Host: 10.130.10.11 () Port: 80 Service: http Banner: HTTP/1.1 200 OK\x0d\x0aServer: nginx/1.18.0 (Ubuntu)\x0d\x0aDate: Fri, 24 Dec 2021 17:18:12 GMT\x0d\x0aContent-Type: text/html\x0d\x0aContent-Length: 612\x0d\x0aLast-Modified: Fri, 24 Dec 2021 00:56:15 GMT\x0d\x0aConnection: close\x0d\x0aETag: \x2261c51aaf-264\x22\x0d\x0aAccept-Ranges: bytes\x0d\x0a\x0d
Host: 10.130.10.4 () Ports: 53/open/tcp////
Host: 10.130.10.4 () Ports: 445/open/tcp////
Host: 10.130.10.21 () Ports: 5985/open/tcp////
Host: 10.130.10.25 () Ports: 6401/open/tcp////
Host: 10.130.10.25 () Ports: 9710/open/tcp////
Host: 10.130.10.25 () Port: 6001 Service: unknown Banner: ncacn_http/1.0
Host: 10.130.10.33 () Ports: 445/open/tcp////
Host: 10.130.10.45 () Ports: 5985/open/tcp////
Host: 10.130.10.25 () Ports: 5986/open/tcp////
Host: 10.130.10.33 () Ports: 5986/open/tcp////
Host: 10.130.10.25 () Ports: 6565/open/tcp////
Host: 10.130.10.25 () Ports: 6674/open/tcp////
Host: 10.130.10.25 () Ports: 593/open/tcp////
Host: 10.130.10.4 () Ports: 593/open/tcp////
Host: 10.130.10.25 () Port: 593 Service: unknown Banner: ncacn_http/1.0
Host: 10.130.10.25 () Ports: 81/open/tcp////
Host: 10.130.10.4 () Port: 593 Service: unknown Banner: ncacn_http/1.0
Host: 10.130.10.25 () Ports: 6630/open/tcp////
Host: 10.130.10.11 () Ports: 22/open/tcp////
Host: 10.130.10.11 () Port: 22 Service: ssh Banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
Host: 10.130.10.22 () Ports: 22/open/tcp////
Host: 10.130.10.22 () Port: 22 Service: ssh Banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
Host: 10.130.10.10 () Ports: 22/open/tcp////
Host: 10.130.10.25 () Ports: 6548/open/tcp////
Host: 10.130.10.10 () Port: 22 Service: ssh Banner: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
Host: 10.130.10.5 () Ports: 5986/open/tcp////
Host: 10.130.10.44 () Ports: 5985/open/tcp////
# Masscan done at Tue Mar 15 15:36:59 2022masscan –readscan myscan.mass -oJ myscan.json
This will read a binary format scan and save a copy in JSON format.
{ "ip": "10.130.10.4", "ports": [ {"port": 3268, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.4", "ports": [ {"port": 49699, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.6", "ports": [ {"port": 5986, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.4", "ports": [ {"port": 49667, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.21", "ports": [ {"port": 445, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 6402, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.44", "ports": [ {"port": 5986, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.21", "ports": [ {"port": 5986, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.44", "ports": [ {"port": 445, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.6", "ports": [ {"port": 445, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.4", "ports": [ {"port": 5986, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 477, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 477, "proto": "tcp", "service": {"name": "ftp", "banner": "220 mail01.hiboxy.com MICROSOFT ESMTP MAIL SERVICE READY AT Fri, 24 Dec 2021 17:09:06 +0000\u000a503 5.5.1 Bad sequence of commands"} } ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 443, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 6593, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 6682, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 6812, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 1801, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.33", "ports": [ {"port": 1433, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 3875, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
...
{ "ip": "10.130.10.25", "ports": [ {"port": 6768, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 5985, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.45", "ports": [ {"port": 445, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.22", "ports": [ {"port": 80, "proto": "tcp", "service": {"name": "title", "banner": "Welcome to nginx!"} } ] },
{ "ip": "10.130.10.22", "ports": [ {"port": 80, "proto": "tcp", "service": {"name": "http", "banner": "HTTP/1.1 200 OK\u000d\u000aServer: nginx/1.18.0 (Ubuntu)\u000d\u000aDate: Fri, 24 Dec 2021 17:18:00 GMT\u000d\u000aContent-Type: text/html\u000d\u000aContent-Length: 612\u000d\u000aLast-Modified: Fri, 24 Dec 2021 00:56:16 GMT\u000d\u000aConnection: close\u000d\u000aETag: \u002261c51ab0-264\u0022\u000d\u000aAccept-Ranges: bytes\u000d\u000a\u000d"} } ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 80, "proto": "tcp", "service": {"name": "http", "banner": "HTTP/1.1 403 Forbidden\u000d\u000aServer: Microsoft-IIS/10.0\u000d\u000aDate: Fri, 24 Dec 2021 17:18:05 GMT\u000d\u000aConnection: close\u000d\u000aContent-Length: 0\u000d\u000a\u000d"} } ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 6001, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.11", "ports": [ {"port": 80, "proto": "tcp", "service": {"name": "title", "banner": "Welcome to nginx!"} } ] },
{ "ip": "10.130.10.11", "ports": [ {"port": 80, "proto": "tcp", "service": {"name": "http", "banner": "HTTP/1.1 200 OK\u000d\u000aServer: nginx/1.18.0 (Ubuntu)\u000d\u000aDate: Fri, 24 Dec 2021 17:18:12 GMT\u000d\u000aContent-Type: text/html\u000d\u000aContent-Length: 612\u000d\u000aLast-Modified: Fri, 24 Dec 2021 00:56:15 GMT\u000d\u000aConnection: close\u000d\u000aETag: \u002261c51aaf-264\u0022\u000d\u000aAccept-Ranges: bytes\u000d\u000a\u000d"} } ] },
{ "ip": "10.130.10.4", "ports": [ {"port": 53, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.4", "ports": [ {"port": 445, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.21", "ports": [ {"port": 5985, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 6401, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 9710, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 6565, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 6674, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 593, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.4", "ports": [ {"port": 593, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 593, "proto": "tcp", "service": {"name": "unknown", "banner": "ncacn_http/1.0"} } ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 81, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.4", "ports": [ {"port": 593, "proto": "tcp", "service": {"name": "unknown", "banner": "ncacn_http/1.0"} } ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 6630, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.11", "ports": [ {"port": 22, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 64} ] },
{ "ip": "10.130.10.11", "ports": [ {"port": 22, "proto": "tcp", "service": {"name": "ssh", "banner": "SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3"} } ] },
{ "ip": "10.130.10.22", "ports": [ {"port": 22, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 64} ] },
{ "ip": "10.130.10.22", "ports": [ {"port": 22, "proto": "tcp", "service": {"name": "ssh", "banner": "SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3"} } ] },
{ "ip": "10.130.10.10", "ports": [ {"port": 22, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 64} ] },
{ "ip": "10.130.10.25", "ports": [ {"port": 6548, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.10", "ports": [ {"port": 22, "proto": "tcp", "service": {"name": "ssh", "banner": "SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3"} } ] },
{ "ip": "10.130.10.5", "ports": [ {"port": 5986, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{ "ip": "10.130.10.44", "ports": [ {"port": 5985, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 128} ] },
{finished: 1}Blog Posts