Optimize Masscan Usage: Speed Testing and Colorful Output
Explore the functionalities of net-analyzer/masscan on Gentoo Linux with this detailed guide. Install masscan and learn how to perform speed testing and customize output with colorful highlights using awk. Experiment with different speed rates and visualize scan results efficiently.
Install net-analyzer/masscan
emerge --ask net-analyzer/masscan
Testing --rate speeds
masscan 90.224.0.0-90.239.255.255 \
--port 80 \
--banner \
--exclude 255.255.255.255 \
-vvv \
--max-rate 1 \
--http-user-agent "(Amiga v1; Win64; x64; rv:67.0)"
masscan 90.224.0.0-90.239.255.255 \
--port 80 \
--banner \
--exclude 255.255.255.255 \
-vvv \
--max-rate 10 \
--http-user-agent "(Amiga v1; Win64; x64; rv:67.0)"
masscan 90.224.0.0-90.239.255.255 \
--port 80 \
--banner \
--exclude 255.255.255.255 \
-vvv \
--max-rate 100 \
--http-user-agent "(Amiga v1; Win64; x64; rv:67.0)"
masscan 90.224.0.0-90.239.255.255 \
--port 80 \
--banner \
--exclude 255.255.255.255 \
-vvv \
--max-rate 1000 \
--http-user-agent "(Amiga v1; Win64; x64; rv:67.0)"
masscan 90.224.0.0-90.239.255.255 \
--port 80 \
--banner \
--exclude 255.255.255.255 \
-vvv \
--max-rate 10000 \
--http-user-agent "(Amiga v1; Win64; x64; rv:67.0)"
masscan 90.224.0.0-90.239.255.255 \
--port 80 \
--banner \
--exclude 255.255.255.255 \
-vvv \
--max-rate 100000 \
--http-user-agent "(Amiga v1; Win64; x64; rv:67.0)"
masscan 90.224.0.0-90.239.255.255 \
--port 80 \
--banner \
--exclude 255.255.255.255 \
-vvv \
--max-rate 1000000 \
--http-user-agent "(Amiga v1; Win64; x64; rv:67.0)"
Print to stdout
masscan 0.0.0.0/0 -p0-65535 --max-rate 100000 -oG -
Print to stdout: IP: xx.xx.xx.xx up
masscan 0.0.0.0/0 -p0-65535 --max-rate 100000 -oG - | awk '/open/ {print "IP:", $4, "up"}'
Print "UP" in green for hosts with open ports and "CLOSED" in red for hosts with closed ports
masscan 0.0.0.0/0 -p0-65535 --max-rate 100000 -oG - | awk '\
/open/ {
print "IP:", $4, "\033[0;32mUP\033[0m"
}
/closed/ {
print "IP:", $4, "\033[0;31mCLOSED\033[0m"
}'
Print "OPEN" and "CLOSED" with colorization
masscan 0.0.0.0/0 -p0-65535 --max-rate 100000 -oG - | awk '\
/\/closed\// {
sub(/\/.*$/, "", $0);
print $4 ":" $7 "\033[0;31mCLOSED\033[0m"
} \
/\/open\// {
sub(/\/.*$/, "", $0);
print $4 ":" $7 "\033[0;32mOPEN\033[0m"
}'
Generate Colorful Output for Open and Closed Ports
masscan 0.0.0.0/0 -p0-65535 --max-rate 100000 -oG - | awk '\
/\/closed\// {
sub(/\/.*$/, "", $0);
color = int(rand() * 256);
printf "\033[38;5;%dm%s:%s\033[0m closed\n", color, $4, $7
} \
/\/open\// {
sub(/\/.*$/, "", $0);
color = int(rand() * 256);
printf "\033[38;5;%dm%s:%s\033[0m open\n", color, $4, $7
}'
Print ip:port and no status
masscan 0.0.0.0/0 -p0-65535 --max-rate 100000 -oG - | awk '\
/\/closed\// {
sub(/\/.*$/, "", $0);
print $4 ":" $7 "\033[0;31m\033[0m"
} \
/\/open\// {
sub(/\/.*$/, "", $0);
print $4
":" $7 "\033[0;32m\033[0m"
}' | awk -F':' '{print $1 ":" $2}'
Print ip:port from open matches only
masscan 0.0.0.0/0 -p0-65535 --max-rate 100000 -oG - | awk '\
/\/open\// {
sub(/\/.*$/, "", $7)
print $4 ":" $7
}'
Scan target specification
masscan 10.0.0.1
masscan 10.0.0.0/24 192.168.1.0/24
Exclude IP addresses from file
masscan 10.0.0.1/24 --excludeFile=foo.txt
Exclude a single IP from the scan
masscan 180.215.0.0/16 --exclude=180.215.122.120
Port specification with examples
masscan 10.0.0.0.1 -p 80
masscan 10.0.0.0.1 -p 0-65535
masscan 10.0.0.0.1 -p 80,443
UDP Scan
masscan 10.0.0.0.1 -pU 53
Scan in offline mode
masscan 0.0.0.0/24 --offline
Using the rate to send X packets per second
masscan 10.0.0.1/24 --rate 10000
Scan the internet at super high speeds
masscan 0.0.0.0/0 -p5900 -vvv --banner --exclude 255.255.255.255 --max-rate 100000 --open-only
Scan the internet at super speed but only print open ports
masscan 0.0.0.0/0 -p5900 -vvv --banner --exclude 255.255.255.255 --max-rate 100000 --open-only
You can use the --source-ip option to assign another IP and prevent
masscan 10.0.0.1 --banners
Assign masscan to another IP
masscan 10.0.0.1 --source-ip 192.168.1.200
Include a ping
masscan 10.0.0.1 --ping
Change the default user agent
masscan 10.0.0.1 --http-user-agent <user-agent>
Report only open ports
masscan 10.0.0.1 --open-only
Save sent packet in PCAP
masscan 10.0.0.1 --pcap foo.pcap
Print packets in terminal (okay at low rates but can overwhelm the terminal at high rates)
masscan 10.0.0.1 --packet-trace
Output in binary mode
massscan 10.1.1.1/24 -p 80 -oB scan.bin
Output in XML format
massscan 10.1.1.1/24 -p 80 -oX foo.xml
Output in grepable format
massscan 10.1.1.1/24 -p 80 -oG grep.txt
Output in JSON format
massscan 10.1.1.1/24 -p 80 -oJ foo.json
Output in simple list format
massscan 10.1.1.1/24 -p 80 -oL foo.list
Read a binary output and write it to the console
masscan --readscan bin-test.scan
Read a binary scan and convert it to another format
masscan --readscan bin-test.scan -oX bin-test.xml
Print only open ports
masscan 0.0.0.0/0 -p22 --banner --max-rate 10000 --exclude 255.255.255.255
--http-user-agent "Microsoft (Amiga v1; Win64; x64; rv:67.0) Gecko/20100101 RedFox/1.0" --open-only
Complete commands
masscan 10.1.1.1/24 -p 0-65535 \
--rate 1000000 \
--open-only \
--http-user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" \
-oL "output.txt"
Multiple target-specific scan
masscan <target1> <target2> <target3> -p 80,433 \
--rate 100000 --banners --open-only \
--http-user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" \
--source-ip 192.168.100.200 -oL "output.txt"
masscan <target> -p 21,22,23,25,53,80,110,111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080 \
--http-user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" \
--rate 100000 --oL "output.txt"
sudo masscan 0.0.0.0/16 -p 22 --rate 2000 -oX output_port_22.xml
Scan entire 80.76 range
masscan 80.76.157.0/16 -p80 --max-rate 100000 -oG - | awk '\
/open/ {
print "IP:", $4, "\033[0;32mUP\033[0m"
}
/closed/ {
print "IP:", $4, "\033[0;31mCLOSED\033[0m"
}'