常见用法
取自masscan的readme。
1)Usage is similar to nmap. To scan a network segment for some ports:
#masscan -p80,8000-8100 10.0.0.0/8
This will:
scan the 10.x.x.x subnet, all 16 million addresses
scans port 80 and the range 8000 to 8100, or 102 addresses total
2)Getting output
By default, masscan produces fairly large text files, but it’s easy to convert them into any other format. There are five supported output formats:
比较推荐输出用-iL,可以将输出结果方便地转入EXCEL中进行编辑。
实例
./masscan -iL poor.txt -p48898,20476,18245,23,5632,4800,5006 -oL scan0821.txt –max-rate 100000
记得-iL poor.txt命令要在输出命令前面,否则执行可能会报异常。
Masscan在不同扫描平台的结果对比:
范围:15万IP
公网单独IP单独服务器引擎(半小时搞定):10W并发,900+条数据;
笔记本虚拟机-1:5000并发,48条数据;
笔记本虚拟机-2:1000并发,188条数据;
非单独IP服务器-1(用时15分钟):5000并发,945条数据;
非单独IP服务器-2(rate:100-kpps):10W并发,781条数据;
数据输出模式选择json时,输出数据格式如下:
[
{ "ip": "140.246.165.189", "timestamp":