GARY IS COMING FOR YOU

You shouldn't have done that.

MALEVELON CREEK
SCANNING...

masscan Tool Reference

Masscan is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second. Uses asynchronous transmission for extreme speed.

Basic Usage

  • masscan <target> -p<ports> - Basic port scan
  • masscan 0.0.0.0/0 -p0-65535 - Scan entire internet (don't do this)

Target Specification

  • masscan 192.168.1.0/24 - CIDR notation
  • masscan 192.168.1.1-192.168.1.254 - IP range
  • masscan -iL targets.txt - Read from file
  • masscan --exclude 192.168.1.1 - Exclude IP
  • masscan --excludefile exclude.txt - Exclude from file

Port Specification

  • -p80 - Single port
  • -p80,443,8080 - Multiple ports
  • -p1-1000 - Port range
  • -p0-65535 - All ports
  • -pU:53 - UDP port
  • -p80,U:53 - Mixed TCP/UDP

Rate Control

  • --rate 1000 - Packets per second (default 100)
  • --rate 10000 - 10k packets/sec
  • --rate 100000 - 100k packets/sec (needs tuning)
  • --max-rate 1000000 - Maximum rate limit

Output Options

  • -oL output.txt - List output (default)
  • -oX output.xml - XML output
  • -oG output.gnmap - Grepable output
  • -oJ output.json - JSON output
  • -oB output.binary - Binary output
  • --open - Only show open ports

Banner Grabbing

  • --banners - Grab service banners
  • --hello-string <base64> - Custom hello string
  • --source-port 61000 - Set source port

Network Options

  • -e eth0 - Specify interface
  • --adapter-ip 192.168.1.100 - Source IP
  • --adapter-mac 00:11:22:33:44:55 - Source MAC
  • --router-mac 00:11:22:33:44:55 - Gateway MAC
  • --ttl 64 - Set TTL value

Timing Options

  • --wait 10 - Seconds to wait for replies (default 10)
  • --retries 2 - Number of retries
  • --seed <number> - Random seed for reproducibility

Resume and Config

  • --resume paused.conf - Resume interrupted scan
  • -c config.conf - Use config file
  • --echo > config.conf - Save current settings to config

Common Examples

Quick Web Scan

masscan 192.168.1.0/24 -p80,443,8080 --rate 1000

Scan for web servers on local network.

Full Port Scan

masscan 192.168.1.0/24 -p1-65535 --rate 10000 -oL results.txt

All ports on network, save to file.

Banner Grabbing

masscan 192.168.1.0/24 -p22,80,443 --banners --rate 1000

Grab banners from common services.

Fast Class B Scan

masscan 10.0.0.0/16 -p80 --rate 100000 -oJ output.json

High-speed scan of large network.

UDP Scan

masscan 192.168.1.0/24 -pU:53,161,500 --rate 1000

Scan common UDP ports.

With Exclusions

masscan 10.0.0.0/8 -p80 --excludefile exclude.txt --rate 50000

Scan large range with exclusions.

Performance Tuning

For High-Speed Scanning

# Increase system limits
echo 1 > /proc/sys/net/core/somaxconn
sysctl -w net.core.rmem_max=16777216
sysctl -w net.core.wmem_max=16777216

# Use PF_RING for 10M+ packets/sec
masscan --adapter-ip 192.168.1.100 --rate 1000000

Output Parsing

List Format

# Format: status state port proto ip timestamp
open tcp 80 192.168.1.1 1234567890

Extract IPs from List

cat output.txt | grep open | awk '{print $4}'

Tips

  • Start with low rates (1000) and increase gradually
  • Use --wait to ensure you catch slow responses
  • Always exclude sensitive/critical systems
  • Use --resume for long scans that might interrupt
  • Combine with nmap for detailed service detection
  • masscan finds ports fast, nmap enumerates them
  • May need root/sudo for raw socket access
  • High rates can overwhelm networks - be careful
  • Always get authorization before scanning