Port Scan the Entire Internet in 5 Minutes?

One of my favorite sub-reddits is /r/coolgithubprojects. I check it out a few times a week looking for interesting open source projects. One interesting project that I recently found is called MASSCAN and claims to be able to scan, as in port scan, the entire internet in 5 minutes. It works in a similar way to nmap. I thought I’d try it out and show you the results.

Install

Pretty simple ubuntu install, didn’t run into any issues and it compiled quickly. I simply followed the instructions for ubuntu in the readme. I used one of my medium instances on ec2.

Run

time ./masscan -p80 10.0.0.0/8 --max-rate 100000 --output-format list --output-filename results.txt

Under these settings, it should be transmitting 100,000 packets/second to the entire 10.x.x.x subnet, all 16 million addresses, and output a list of hosts with port 80 responding to results.txt

Results

Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2017-01-19 16:42:20 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 16777216 hosts [1 port/host]
                                                                             
real	7m42.419s
user	0m6.103s
sys	0m10.358s

Output – results.txt

Masscan ran for exactly 7 minutes 42 seconds. At the end, the results.txt file was empty. So not sure what I did wrong, could be getting blocked at these packets per second on the amazon ec2 network. But there should have been 30-50 or so hosts with port 80 up in a mix of local and WAN hosts. Comment if you know what’s wrong. I’d love to see someone else’s results.

Config File

# resume information
resume-index = 3687
rate =     100.00
randomize-hosts = true
seed = 4219316085641713192
shard = 1/1
# ADAPTER SETTINGS
adapter =
adapter-ip = 10.3.12.4
adapter-mac = 00:00:00:00:00:00
router-mac = 00:00:00:00:00:00
# OUTPUT/REPORTING SETTINGS
output-format = unknown(0)
show = open,,
output-filename =
rotate = 0
rotate-dir = .
rotate-offset = 0
rotate-filesize = 0
pcap =
# TARGET SELECTION (IP, PORTS, EXCLUDES)
retries = 0
ports = 80
range = 10.0.0.0/8

capture = cert
nocapture = html
nocapture = heartbleed

min-packet = 60

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Port Scan the Entire Internet in 5 Minutes?

Install

Run

Results

Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2017-01-19 16:42:20 GMT -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth Initiating SYN Stealth Scan Scanning 16777216 hosts [1 port/host] real 7m42.419s user 0m6.103s sys 0m10.358s

Output – results.txt

Config File

2 comments

Leave a Reply Cancel reply