provocativo_
back to the arsenal
// arsenal·Recon & OSINTIntermediateFOSS

Masscan

Internet-scale TCP port scanner — claims 10M packets/second on the right hardware.

Recon & OSINT

$ masscan --help

Masscan

// what it is

Description

Robert Graham's stateless port scanner that talks raw IP. Same command-line spirit as Nmap but ~1000× faster on flat scans because it doesn't maintain TCP state — fires SYNs as fast as the NIC allows and reads replies asynchronously.

// use cases

What people use it for

  • Initial sweep of a /16 or /8 before drilling down with Nmap
  • Internet-wide research (with permission!) on a single port
  • Quick check 'is anything listening on this range'

// commands

The commands you'll type

Sweep /24, single port

$ masscan 10.0.0.0/24 -p 80 --rate 1000

Top 100 TCP ports

$ masscan 192.168.1.0/24 -p 1-1000 --rate 10000

// facts

category
Recon & OSINT
platforms
LIN · WIN · MAC
license
FOSS
difficulty
Intermediate

// links

// related in Recon & OSINT

Recon & OSINTBeginner

Nmap/en-map/

The Network Mapper — Fyodor's port-scanner and host-discovery framework.

FOSS
LIN·WIN·MAC
open entry →
Recon & OSINTBeginner

Shodan

Search engine for internet-connected devices — banners, certs, screenshots.

Freemium
WEB·LIN·WIN·MAC
open entry →
Recon & OSINTBeginner

Censys

Internet-scale scanning platform — Shodan's academic-origin sibling.

Freemium
WEB·LIN·WIN·MAC
open entry →