ZMap: Open-Source Network Scanner

Network scanning is the most important part of the information gathering process that a hacker penetration tester performs
at its very first step; the result of network scanning give an extensive  information about the network, its OS, installed IDS/IPS and
firewalls, open ports and many other important information.

Selecting the right tool for the principle job is an art, and you are the artist. So select your hacking weapon wisely and if we talk about network scanning then we have Nmap (I think it does not need any introduction, right?). Undoubtedly Nmap is the smart tool that has an ability to get most of the job done but nmap is not the end, we have many other tools and they also have their own merits and demerits and one of them is ZMap.

What is ZMap?

ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 5 minutes, approaching the theoretical limit of ten gigabit Ethernet.

ZMap can be used to study protocol adoption over time, monitor service
availability, and help us better understand large systems distributed
across the Internet.

ZMap Examples

By default, ZMap will perform a TCP SYN scan on the specified
port at the maximum rate possible. A more conservative configuration that will scan 10,000 random
addresses on port 80 at a maximum 10 Mbps can be run as follows:
$ zmap --bandwidth=10M --target-port=80 --max-targets=10000 --output-file=results.csv 
Or more concisely specified as:
$ zmap -B 10M -p 80 -n 10000 -o results.csv
ZMap can also be used to scan specific
subnets or CIDR blocks. For example, to scan only and on port 80, run:
zmap -p 80 -o results.csv
If the scan started successfully, ZMap will output status updates every one second similar to the following:
0% (1h51m left); send: 28777 562 Kp/s (560 Kp/s avg); recv: 1192 248 p/s (231 p/s avg); hits: 0.04%
0% (1h51m left); send: 34320 554 Kp/s (559 Kp/s avg); recv: 1442 249 p/s (234 p/s avg); hits: 0.04%
0% (1h50m left); send: 39676 535 Kp/s (555 Kp/s avg); recv: 1663 220 p/s (232 p/s avg); hits: 0.04%
0% (1h50m left); send: 45372 570 Kp/s (557 Kp/s avg); recv: 1890 226 p/s (232 p/s avg); hits: 0.04%
These updates provide information about the current
state of the scan and are of the following form: %-complete (est time
remaining); packets-sent curr-send-rate (avg-send-rate); recv:
packets-recv recv-rate (avg-recv-rate); hits: hit-rate.
If you do not know the scan rate that your
network can support, you may want to experiment with different
scan rates or bandwidth limits to find the fastest rate that
your network can support before you see decreased results.
Download Zmap and learn more here

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...