datacenter

Port Scan the Entire Internet in 5 Minutes?

One of my favorite sub-reddits is /r/coolgithubprojects. I check it out a few times a week looking for interesting open source projects. One interesting project that I recently found is called MASSCAN and claims to be able to scan, as in port scan, the entire internet in 5 minutes. It works in a similar way to nmap. I thought I’d try it out and show you the results.

Install

Pretty simple ubuntu install, didn’t run into any issues and it compiled quickly. I simply followed the instructions for ubuntu in the readme. I used one of my medium instances on ec2.

Run

time ./masscan -p80 10.0.0.0/8 --max-rate 100000 --output-format list --output-filename results.txt

Under these settings, it should be transmitting 100,000 packets/second to the entire 10.x.x.x subnet, all 16 million addresses, and output a list of hosts with port 80 responding to results.txt

 

Results

Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2017-01-19 16:42:20 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 16777216 hosts [1 port/host]
                                                                             
real	7m42.419s
user	0m6.103s
sys	0m10.358s

Output – results.txt

Masscan ran for exactly 7 minutes 42 seconds. At the end, the results.txt file was empty. So not sure what I did wrong, could be getting blocked at these packets per second on the amazon ec2 network. But there should have been 30-50 or so hosts with port 80 up in a mix of local and WAN hosts. Comment if you know what’s wrong. I’d love to see someone else’s results.

Config File

# resume information
resume-index = 3687
rate =     100.00
randomize-hosts = true
seed = 4219316085641713192
shard = 1/1
# ADAPTER SETTINGS
adapter =
adapter-ip = 10.3.12.4
adapter-mac = 00:00:00:00:00:00
router-mac = 00:00:00:00:00:00
# OUTPUT/REPORTING SETTINGS
output-format = unknown(0)
show = open,,
output-filename =
rotate = 0
rotate-dir = .
rotate-offset = 0
rotate-filesize = 0
pcap =
# TARGET SELECTION (IP, PORTS, EXCLUDES)
retries = 0
ports = 80
range = 10.0.0.0/8

capture = cert
nocapture = html
nocapture = heartbleed

min-packet = 60

2 comments

Leave a Reply

Your email address will not be published. Required fields are marked *