ZMap: Open-Source Network Scanner

Network scanning is the most important part of the information gathering process that a hacker penetration tester performs
at its very first step; the result of network scanning give an extensive  information about the network, its OS, installed IDS/IPS and
firewalls, open ports and many other important information.

Selecting the right tool for the principle job is an art, and you are the artist. So select your hacking weapon wisely and if we talk about network scanning then we have Nmap (I think it does not need any introduction, right?). Undoubtedly Nmap is the smart tool that has an ability to get most of the job done but nmap is not the end, we have many other tools and they also have their own merits and demerits and one of them is ZMap.

What is ZMap?

ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 5 minutes, approaching the theoretical limit of ten gigabit Ethernet.

ZMap can be used to study protocol adoption over time, monitor service
availability, and help us better understand large systems distributed
across the Internet.

ZMap Examples

By default, ZMap will perform a TCP SYN scan on the specified
port at the maximum rate possible. A more conservative configuration that will scan 10,000 random
addresses on port 80 at a maximum 10 Mbps can be run as follows:
$ zmap --bandwidth=10M --target-port=80 --max-targets=10000 --output-file=results.csv 
Or more concisely specified as:
$ zmap -B 10M -p 80 -n 10000 -o results.csv
ZMap can also be used to scan specific
subnets or CIDR blocks. For example, to scan only and on port 80, run:
zmap -p 80 -o results.csv
If the scan started successfully, ZMap will output status updates every one second similar to the following:
0% (1h51m left); send: 28777 562 Kp/s (560 Kp/s avg); recv: 1192 248 p/s (231 p/s avg); hits: 0.04%
0% (1h51m left); send: 34320 554 Kp/s (559 Kp/s avg); recv: 1442 249 p/s (234 p/s avg); hits: 0.04%
0% (1h50m left); send: 39676 535 Kp/s (555 Kp/s avg); recv: 1663 220 p/s (232 p/s avg); hits: 0.04%
0% (1h50m left); send: 45372 570 Kp/s (557 Kp/s avg); recv: 1890 226 p/s (232 p/s avg); hits: 0.04%
These updates provide information about the current
state of the scan and are of the following form: %-complete (est time
remaining); packets-sent curr-send-rate (avg-send-rate); recv:
packets-recv recv-rate (avg-recv-rate); hits: hit-rate.
If you do not know the scan rate that your
network can support, you may want to experiment with different
scan rates or bandwidth limits to find the fastest rate that
your network can support before you see decreased results.
Download Zmap and learn more here

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

OSINT WIFI Tutorial: Track People using WiFi via Wigle

Due to the drastic growth of internet access, Wi-fi networks have become progressively popular. Wi-fi technologies link to the network topologies allows users to...

Why Attack Surface Analysis is a Core of Cybersecurity?

The pandemic of COVID-19 has changed the world dramatically. Almost all everyday actions have gone online: people work from home, students attend lectures through...

The Attack Surface Mapping guide for Ethical Hackers

This article explains how to map the attack surface in a precise and realistic way. An attack surface aims to figure out which areas...

Addressing Myths About Online Casinos & Security

Many people carry a perception that online casinos inherently involve a security risk. The sense is that these sites can be somehow “sketchy” or...