Software:Masscan

From HandWiki
Revision as of 15:17, 17 June 2021 by imported>Jworkorg
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Masscan
Original author(s)Robert David Graham (erratarob)
Initial releaseAugust 2013; 11 years ago (2013-08)
Stable release
1.3.2 / 31 January 2021; 3 years ago (2021-01-31)[1]
Written inC, Lua
Operating systemCross-platform
Available inEnglish
TypeNetwork security
LicenseModified A-GPL-2[2]
Websitegithub.com/robertdavidgraham/masscan

Masscan is an open-source network scanner that can quickly scan large networks. In particular, it can scan the entire IPv4 Internet in under 5 minutes[3], from a single computer, when given sufficient network bandwidth (20-gbps) to the Internet.

Whereas other network scanners, such as the popular Nmap, focus on doing heavy scans of a few targets, masscan focuses on doing a light scan of many targets.

Masscan can send packets as fast as the underlying platform allows. This is usually a software limitation. A virtual machine might be limited to 10-kpps and a standard Linux installation to 300-kpps. Tuning, or using a faster driver like PF RING can increase speeds to millions of packets-per-second.[4].

Masscan is included in hacking tookits like Kali Linux[5], as well as many Linux distros[6][7]. It's frequently used by ransomware criminals.[8][9]. It's popular among defenders for scanning their own networks quickly.[10][11][12]

When major new vulnerabilities are discovered, defenders will often use masscan in conjunction with another script to quickly find that vulnerability on the network. For example, after the BlueKeep vulnerability was disclosed by Microsoft, defenders used masscan and a script to quickly detect affected devices on their network.[13]. Defenders often have to race attackers to find and fix their public servers first.[14]

See also

References

  1. "masscan/1.3.2". 2021-01-31. https://github.com/robertdavidgraham/masscan/releases/tag/1.3.2. 
  2. "masscan license". https://github.com/robertdavidgraham/masscan/blob/master/LICENSE. 
  3. "Masscan the entire Internet in 3 minutes" (in en-US). 2013-09-14. https://blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html. 
  4. "Notes about masscan". https://github.com/robertdavidgraham/masscan/wiki/Notes-about-masscan. 
  5. "masscan Package Description". https://tools.kali.org/information-gathering/masscan. 
  6. "masscan man page". https://manpages.ubuntu.com/manpages/bionic/man8/masscan.8.html. 
  7. "mmasscan 1.3.2-1". https://archlinux.org/packages/community/x86_64/masscan/. 
  8. Sheriden, Kelly (2021-02-02). "Interview With a Russian Cybercriminal". DarkReading.com. https://www.darkreading.com/endpoint/interview-with-a-russian-cybercriminal/d/d-id/1340029. 
  9. Cimpanu, Catalin (2021-02-01). "New Trickbot module uses Masscan for local network reconnaissance". ZDNet.com. https://www.zdnet.com/article/new-trickbot-module-uses-masscan-for-local-network-reconnaissance/. 
  10. "Masscan Tool". https://www.defense.gov/observe/photo-gallery/igphoto/2002478623/. 
  11. Messier, Rik (2019-05-31). CEH V10 Certified Ethical Hacker Study Guide. Wiley. ISBN 9781119533269. 
  12. Wrightson, Tyler (2014-12-15). Advanced Persistent Threat Hacking. McGraw-Hill Education. p. 109. ISBN 9780071828376. 
  13. "MScanning for Bluekeep vulnerable RDP instances". https://isc.sans.edu/forums/diary/Scanning+for+Bluekeep+vulnerable+RDP+instances/25206/. 
  14. Ilascu, Ionut (2020-08-24). "Iranian hackers attack exposed RDP servers to deploy Dharma ransomware". bleepingcomputer.com. https://www.bleepingcomputer.com/news/security/iranian-hackers-attack-exposed-rdp-servers-to-deploy-dharma-ransomware/.