相关文章
https://www.cnblogs.com/huim/p/12116004.html
https://4hou.win/wordpress/?cat=3080 Nmap vs Masscan
https://blog.csdn.net/nex1less/article/details/108195321 参数说明
https://blog.csdn.net/qq_28719743/article/details/82715978
https://www.cnblogs.com/guixia621/p/8820204.html
centos7 安装 masscan
$ yum install git gcc make libpcap-devel
$ git clone https://github.com/robertdavidgraham/masscan
$ cd masscan
$ make
自我测试
当安装完成是可以测试一下是否安装成功:
[root@centos7 masscan]# make regress
which: no clang in (/opt/masscan/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
bin/masscan --selftest
regression test: success! # 成功显示
添加环境变量
vim /etc/profile
添入下面的代码
masscan=/opt/masscan
PATH=$masscan/bin:$PATH
export masscan PATH
保存退出
[root@centos7 ~]# source /etc/profile
[root@centos7 ~]# masscan -Version #查看版本
Masscan version 1.0.6 ( https://github.com/robertdavidgraham/masscan )
Compiled on: Nov 17 2020 17:13:16
Compiler: gcc 4.8.5 20150623 (Red Hat 4.8.5-44)
OS: Linux
CPU: unknown (64 bits)
GIT version: 1.0.5-88-g8189d51
[root@centos7 ~]# masscan --help # 帮助命令
[root@centos7 ~]# masscan --ping 8.8.8.0/24 #尝试描述
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2020-11-17 09:31:45 GMT
-- forced options: -sn -n --randomize-hosts -v --send-eth
Initiating ICMP Echo Scan
使用
简单使用
[root@centos7 ~]# masscan 10.10.10.0/16 -p443
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2020-11-17 10:03:43 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 65536 hosts [1 port/host]
Discovered open port 443/tcp on 10.10.11.112
Discovered open port 443/tcp on 10.10.10.250
单ip多端口
扫描10.10.10.141 ip 1-20000的端口
[root@centos7 ~]# masscan 10.10.10.141 -p1-20000
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2020-11-17 10:51:07 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [20000 ports/host]
扫描10.10.10.141 ip 21和80端口
[root@centos7 masscan]# masscan 10.10.10.141 -p21,80
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2020-11-17 10:58:34 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [2 ports/host]
多ip单端口
扫描10.10.10.0-10.10.255 ip 80端口
[root@centos7 masscan]# masscan 10.10.10.1-10.10.10.255 -p80
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2020-11-17 11:01:31 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 255 hosts [1 port/host]
Discovered open port 80/tcp on 10.10.10.101
Discovered open port 80/tcp on 10.10.10.85
快速扫描
默认情况下,Masscan扫描速度为每秒100个数据包,这是相当慢的。为了增加这一点,只需提供该-rate选项并指定一个值。
每秒10000个数据包:
[root@centos7 masscan]# masscan 10.10.10.1-10.10.10.255 -p80 --rate 10000
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2020-11-17 11:05:44 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 255 hosts [1 port/host]
Discovered open port 80/tcp on 10.10.10.191
Discovered open port 80/tcp on 10.10.10.244
Discovered open port 80/tcp on 10.10.10.246
结果保存到txt里
[root@centos7 masscan]# masscan 10.10.10.1-10.10.10.255 -p80 --rate 10000 > 115.txt
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2020-11-17 11:08:28 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 255 hosts [1 port/host]
[root@centos7 masscan]# ll
total 60
-rw-r--r--. 1 root root 1360 Nov 17 19:08 115.txt
drwxr-xr-x. 2 root root 58 Nov 17 17:57 bin
drwxr-xr-x. 2 root root 69 Nov 17 17:07 data
drwxr-xr-x. 3 root root 235 Nov 17 17:07 debian
drwxr-xr-x. 2 root root 105 Nov 17 17:07 doc
-rw-r--r--. 1 root root 545 Nov 17 17:07 LICENSE
-rw-r--r--. 1 root root 2948 Nov 17 17:07 Makefile
-rw-r--r--. 1 root root 195 Nov 17 17:14 paused.conf
-rw-r--r--. 1 root root 21164 Nov 17 17:07 README.md
drwxr-xr-x. 2 root root 8192 Nov 17 17:07 src
drwxr-xr-x. 2 root root 4096 Nov 17 17:13 tmp
drwxr-xr-x. 2 root root 97 Nov 17 17:07 vs10
-rw-r--r--. 1 root root 2150 Nov 17 17:07 VULNINFO.md
drwxr-xr-x. 3 root root 49 Nov 17 17:07 xcode4
[root@centos7 masscan]# cat 115.txt
Discovered open port 80/tcp on 10.10.10.249
Discovered open port 80/tcp on 10.10.10.243
Discovered open port 80/tcp on 10.10.10.236
Discovered open port 80/tcp on 10.10.10.155
Discovered open port 80/tcp on 10.10.10.244
Discovered open port 80/tcp on 10.10.10.232
Discovered open port 80/tcp on 10.10.10.246
Discovered open port 80/tcp on 10.10.10.80
Discovered open port 80/tcp on 10.10.10.228
Discovered open port 80/tcp on 10.10.10.85
Discovered open port 80/tcp on 10.10.10.150
Discovered open port 80/tcp on 10.10.10.84
Discovered open port 80/tcp on 10.10.10.191
Discovered open port 80/tcp on 10.10.10.196
Discovered open port 80/tcp on 10.10.10.242
Discovered open port 80/tcp on 10.10.10.5
Discovered open port 80/tcp on 10.10.10.183
[root@centos7 masscan]#
除此之外,您还具有以下输出选项:
-oX filename:输出到filename的XML。
-oG filename:输出到filename在的grepable格式。
-oJ filename:输出到filename在JSON格式。
例:
[root@centos7 ~]# masscan 10.10.10.1-10.10.10.255 -p80 --rate 10000 -oJ result.json
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2020-11-17 11:43:03 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 255 hosts [1 port/host]
[root@centos7 ~]# ll
total 16
-rw-------. 1 root root 1964 Nov 10 09:54 anaconda-ks.cfg
-rw-r--r--. 1 root root 1995 Nov 10 10:03 initial-setup-ks.cfg
-rw-r--r--. 1 root root 166 Nov 17 18:33 paused.conf
-rw-r--r--. 1 root root 1959 Nov 17 19:43 result.json
[root@centos7 ~]# cat result.json
[
{ "ip": "10.10.10.5", "timestamp": "1605613383", "ports": [ {"port": 80, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 64} ] }
,
{ "ip": "10.10.10.191", "timestamp": "1605613383", "ports": [ {"port": 80, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 63} ] }
,
{ "ip": "10.10.10.232", "timestamp": "1605613383", "ports": [ {"port": 80, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 64} ] }
,
{ "ip": "10.10.10.228", "timestamp": "1605613383", "ports": [ {"port": 80, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 64} ] }
,
{ "ip": "10.10.10.249", "timestamp": "1605613383", "ports": [ {"port": 80, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 64} ] }
,
{ "ip": "10.10.10.196", "timestamp": "1605613383", "ports": [ {"port": 80, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 64} ] }
,
{ "ip": "10.10.10.80", "timestamp": "1605613383", "ports": [ {"port": 80, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 64} ] }
,
{ "ip": "10.10.10.236", "timestamp": "1605613383", "ports": [ {"port": 80, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 64} ] }
,
{ "ip": "10.10.10.11", "timestamp": "1605613383", "ports": [ {"port": 80, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 64} ] }
,
{ "ip": "10.10.10.183", "timestamp": "1605613383", "ports": [ {"port": 80, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 64} ] }
,
{ "ip": "10.10.10.85", "timestamp": "1605613383", "ports": [ {"port": 80, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 64} ] }
,
{ "ip": "10.10.10.84", "timestamp": "1605613383", "ports": [ {"port": 80, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 64} ] }
,
{ "ip": "10.10.10.246", "timestamp": "1605613383", "ports": [ {"port": 80, "proto": "tcp", "status": "open", "reason": "syn-ack", "ttl": 64} ] }
]
[root@centos7 ~]#
结果保存至redis 这里存入的是set类型
masscan 10.10.10.0-10.10.10.255 -p80 --rate 10000 --output-format redis -oR 127.0.0.1:6379
[root@centos7 ~]# masscan 10.10.10.0-10.10.10.255 -p80 --rate 10000 --output-format redis -oR 127.0.0.1.:6379
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2020-11-17 12:04:28 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 256 hosts [1 port/host]
redis: unexpected response from redis server: :1found=16
查看一下redis
[root@centos7 conf]# docker exec -it myredis redis-cli
127.0.0.1:6379> keys *
1) "10.10.10.150"
2) "10.10.10.243"
3) "10.10.10.80"
4) "10.10.10.236"
5) "10.10.10.243:80/tcp"
6) "10.10.10.80:80/tcp"
7) "10.10.10.244:80/tcp"
8) "10.10.10.244"
9) "10.10.10.183"
10) "10.10.10.84:80/tcp"
11) "10.10.10.246:80/tcp"
12) "10.10.10.249"
13) "10.10.10.85"
14) "10.10.10.150:80/tcp"
15) "10.10.10.242:80/tcp"
16) "10.10.10.249:80/tcp"
17) "10.10.10.85:80/tcp"
18) "host"
19) "10.10.10.236:80/tcp"
20) "10.10.10.196:80/tcp"
21) "10.10.10.160"
22) "10.10.10.228"
23) "10.10.10.160:80/tcp"
24) "10.10.10.84"
25) "10.10.10.196"
26) "10.10.10.246"
27) "10.10.10.191:80/tcp"
28) "10.10.10.228:80/tcp"
29) "10.10.10.183:80/tcp"
30) "abc"
31) "10.10.10.232:80/tcp"
32) "10.10.10.232"
33) "10.10.10.242"
34) "10.10.10.191"
配置文件
存储至redis
[root@centos7 masscan]# cd /root
[root@centos7 masscan]# vim msconfig-redis.conf
写入下面的配置
rate = 5000.00
output-format redis
redis = 127.0.0.1:6379
ports = 80,6379
range = 10.10.10.1-10.10.10.100,10.10.10.101-10.10.10.255
执行
[root@centos7 masscan]# masscan -c msconfig-redis.conf
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2020-11-17 12:25:16 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 255 hosts [2 ports/host]
查看redis里
127.0.0.1:6379> keys *
1) "10.10.10.98:80/tcp"
2) "10.10.10.236"
3) "10.10.10.199"
4) "10.10.10.91:6379/tcp"
5) "10.10.10.80:80/tcp"
6) "10.10.10.244:80/tcp"
7) "10.10.10.249:6379/tcp"
8) "10.10.10.102"
9) "10.10.10.91:80/tcp"
10) "10.10.10.183"
11) "10.10.10.84:80/tcp"
12) "10.10.10.246:80/tcp"
13) "10.10.10.227:80/tcp"
14) "10.10.10.249"
15) "10.10.10.190"
16) "10.10.10.197"
17) "10.10.10.242:80/tcp"
18) "10.10.10.236:80/tcp"
19) "10.10.10.101:80/tcp"
20) "10.10.10.227"
21) "10.10.10.101"
22) "10.10.10.160"
23) "10.10.10.228"
24) "10.10.10.5:80/tcp"
25) "10.10.10.186:80/tcp"
26) "10.10.10.160:80/tcp"
27) "10.10.10.246"
28) "10.10.10.17:6379/tcp"
29) "10.10.10.191:6379/tcp"
30) "10.10.10.191:80/tcp"
31) "10.10.10.228:80/tcp"
32) "10.10.10.98"
33) "10.10.10.183:80/tcp"
34) "10.10.10.192"
35) "10.10.10.235"
36) "10.10.10.250:80/tcp"
37) "10.10.10.154"
38) "10.10.10.232"
39) "10.10.10.242"
40) "10.10.10.191"
41) "10.10.10.243"
42) "10.10.10.150"
43) "10.10.10.235:80/tcp"
44) "10.10.10.80"
45) "10.10.10.91"
46) "10.10.10.243:80/tcp"
47) "10.10.10.197:6379/tcp"
48) "10.10.10.64"
49) "10.10.10.190:80/tcp"
50) "10.10.10.154:80/tcp"
51) "10.10.10.244"
52) "10.10.10.155"
53) "10.10.10.184:80/tcp"
54) "10.10.10.189:80/tcp"
55) "10.10.10.82:6379/tcp"
56) "10.10.10.199:6379/tcp"
57) "10.10.10.85"
58) "10.10.10.188:80/tcp"
59) "10.10.10.150:80/tcp"
60) "10.10.10.249:80/tcp"
61) "10.10.10.250"
62) "10.10.10.85:80/tcp"
63) "host"
64) "10.10.10.188"
65) "10.10.10.102:80/tcp"
66) "10.10.10.196:80/tcp"
67) "10.10.10.108:6379/tcp"
68) "10.10.10.64:80/tcp"
69) "10.10.10.184"
70) "10.10.10.155:80/tcp"
71) "10.10.10.5"
72) "10.10.10.11:80/tcp"
73) "10.10.10.150:6379/tcp"
74) "10.10.10.196"
75) "10.10.10.84"
76) "10.10.10.17"
77) "10.10.10.186"
78) "10.10.10.108"
79) "10.10.10.232:80/tcp"
80) "10.10.10.82"
81) "10.10.10.189"
82) "10.10.10.192:80/tcp"
83) "10.10.10.11"
127.0.0.1:6379>
配置存储为xml格式
[root@centos7 masscan]# cd /root
[root@centos7 masscan]# vim msconfig-xml.conf
写入下面的配置
rate = 10000
output-format = xml
output-filename = masscan.xml
ports = 80,6379
range = 10.10.10.1-10.10.10.100,10.10.10.101-10.10.10.255
执行查看结果
[root@centos7 masscan]# masscan -c msconfig-xml.conf
Starting masscan 1.0.6 (http://bit.ly/14GZzcT) at 2020-11-17 12:33:52 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 255 hosts [2 ports/host]
[root@centos7 masscan]# ll
total 16
-rw-r--r--. 1 root root 7025 Nov 17 20:34 masscan.xml
-rw-r--r--. 1 root root 133 Nov 17 20:24 msconfig-redis.conf
-rw-r--r--. 1 root root 138 Nov 17 20:33 msconfig-xml.conf
[root@centos7 masscan]# cat masscan.xml
<?xml version="1.0"?>
<!-- masscan v1.0 scan -->
<nmaprun scanner="masscan" start="1605616432" version="1.0-BETA" xmloutputversion="1.03">
<scaninfo type="syn" protocol="tcp" />
<host endtime="1605616432"><address addr="10.10.10.183" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.243" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.232" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.191" addrtype="ipv4"/><ports><port protocol="tcp" portid="6379"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.249" addrtype="ipv4"/><ports><port protocol="tcp" portid="6379"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.228" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.17" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.80" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.242" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.236" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.191" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="63"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.150" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.85" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.235" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.150" addrtype="ipv4"/><ports><port protocol="tcp" portid="6379"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.196" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.160" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.190" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.84" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.199" addrtype="ipv4"/><ports><port protocol="tcp" portid="6379"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616432"><address addr="10.10.10.11" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616433"><address addr="10.10.10.98" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616433"><address addr="10.10.10.5" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616433"><address addr="10.10.10.246" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616433"><address addr="10.10.10.249" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616433"><address addr="10.10.10.227" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616433"><address addr="10.10.10.82" addrtype="ipv4"/><ports><port protocol="tcp" portid="6379"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616433"><address addr="10.10.10.184" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616433"><address addr="10.10.10.197" addrtype="ipv4"/><ports><port protocol="tcp" portid="6379"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616433"><address addr="10.10.10.102" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616433"><address addr="10.10.10.189" addrtype="ipv4"/><ports><port protocol="tcp" portid="6379"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616433"><address addr="10.10.10.154" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616433"><address addr="10.10.10.101" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616433"><address addr="10.10.10.244" addrtype="ipv4"/><ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<host endtime="1605616433"><address addr="10.10.10.91" addrtype="ipv4"/><ports><port protocol="tcp" portid="6379"><state state="open" reason="syn-ack" reason_ttl="64"/></port></ports></host>
<runstats>
<finished time="1605616444" timestr="2020-11-17 20:34:04" elapsed="12" />
<hosts up="35" down="0" total="35" />
</runstats>
</nmaprun>
[root@centos7 masscan]#
配置扫描的ip段文件
./masscan -p0-65535 -iL ip.txt --max-rate 100000 --banners -oJ f.json
-iL 扫描文件中的ip地址
[root@centos7 masscan]# cat ip.txt
172.16.127.0/24
172.16.124.0/24
详细参数
<ip/range> IP地址范围,有三种有效格式,1、单独的IPv4地址 2、类似"10.0.0.1-10.0.0.233"的范围地址 3、CIDR地址 类似于"0.0.0.0/0",多个目标可以用都好隔开
-p <ports,--ports <ports>> 指定端口进行扫描
--banners 获取banner信息,支持少量的协议
--rate <packets-per-second> 指定发包的速率
--max-rate 每秒发的包数量,根据机器和网络情况自行选择 例:--max-rate 100000
-c <filename>, --conf <filename> 读取配置文件进行扫描
-iL 扫描文件中的ip地址 例:-iL ip.txt
--echo 将当前的配置重定向到一个配置文件中
-e <ifname> , --adapter <ifname> 指定用来发包的网卡接口名称
--adapter-ip <ip-address> 指定发包的IP地址
--adapter-port <port> 指定发包的源端口
--adapter-mac <mac-address> 指定发包的源MAC地址
--router-mac <mac address> 指定网关的MAC地址
--exclude <ip/range> IP地址范围黑名单,防止masscan扫描
--excludefile <filename> 指定IP地址范围黑名单文件
--includefile,-iL <filename> 读取一个范围列表进行扫描
--ping 扫描应该包含ICMP回应请求
--append-output 以附加的形式输出到文件
--iflist 列出可用的网络接口,然后退出
--retries 发送重试的次数,以1秒为间隔
--nmap 打印与nmap兼容的相关信息
--http-user-agent <user-agent> 设置user-agent字段的值
--show [open,close] 告诉要显示的端口状态,默认是显示开放端口
--noshow [open,close] 禁用端口状态显示
--pcap <filename> 将接收到的数据包以libpcap格式存储
--regress 运行回归测试,测试扫描器是否正常运行
--ttl <num> 指定传出数据包的TTL值,默认为255
--wait <seconds> 指定发送完包之后的等待时间,默认为10秒
--offline 没有实际的发包,主要用来测试开销
-sL 不执行扫描,主要是生成一个随机地址列表
--readscan <binary-files> 读取从-oB生成的二进制文件,可以转化为XML或者JSON格式.
--connection-timeout <secs> 抓取banners时指定保持TCP连接的最大秒数,默认是30秒。