ZMap: Open-Source Network Scanner

Network scanning is the most important part of the information gathering process that a hacker penetration tester performs
at its very first step; the result of network scanning give an extensive  information about the network, its OS, installed IDS/IPS and
firewalls, open ports and many other important information.

Selecting the right tool for the principle job is an art, and you are the artist. So select your hacking weapon wisely and if we talk about network scanning then we have Nmap (I think it does not need any introduction, right?). Undoubtedly Nmap is the smart tool that has an ability to get most of the job done but nmap is not the end, we have many other tools and they also have their own merits and demerits and one of them is ZMap.

What is ZMap?

ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 5 minutes, approaching the theoretical limit of ten gigabit Ethernet.

ZMap can be used to study protocol adoption over time, monitor service
availability, and help us better understand large systems distributed
across the Internet.

ZMap Examples

By default, ZMap will perform a TCP SYN scan on the specified
port at the maximum rate possible. A more conservative configuration that will scan 10,000 random
addresses on port 80 at a maximum 10 Mbps can be run as follows:
$ zmap --bandwidth=10M --target-port=80 --max-targets=10000 --output-file=results.csv 
Or more concisely specified as:
$ zmap -B 10M -p 80 -n 10000 -o results.csv
ZMap can also be used to scan specific
subnets or CIDR blocks. For example, to scan only and on port 80, run:
zmap -p 80 -o results.csv
If the scan started successfully, ZMap will output status updates every one second similar to the following:
0% (1h51m left); send: 28777 562 Kp/s (560 Kp/s avg); recv: 1192 248 p/s (231 p/s avg); hits: 0.04%
0% (1h51m left); send: 34320 554 Kp/s (559 Kp/s avg); recv: 1442 249 p/s (234 p/s avg); hits: 0.04%
0% (1h50m left); send: 39676 535 Kp/s (555 Kp/s avg); recv: 1663 220 p/s (232 p/s avg); hits: 0.04%
0% (1h50m left); send: 45372 570 Kp/s (557 Kp/s avg); recv: 1890 226 p/s (232 p/s avg); hits: 0.04%
These updates provide information about the current
state of the scan and are of the following form: %-complete (est time
remaining); packets-sent curr-send-rate (avg-send-rate); recv:
packets-recv recv-rate (avg-recv-rate); hits: hit-rate.
If you do not know the scan rate that your
network can support, you may want to experiment with different
scan rates or bandwidth limits to find the fastest rate that
your network can support before you see decreased results.
Download Zmap and learn more here

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What are Online Casinos doing to be as Safe and Secure as Possible?

Online casinos have continued to increase in popularity over recent years as more and more gamblers have turned to virtual options to further enhance...

Reconnaissance for Bug Bounty Hunters & Pentesters

New to the bug bounty and confused about where to start? Worry not! This reconnaissance for bug bounty hunters guides you to take the...

Access & Manage Android Phone Remotely – L3MON Tutorial

There is software available, like Metasploit, to gain remote access to any android phone. But other than that, we have the L3MON tool (A...

How to Hide Shellcode Behind Closed Port?

Every company has a variety of scanners for analyzing its network and identifying new or unknown open ports. It's unthinkable to disguise the potentially...