In this article we discuss the Zmap tool, this tool is a quick single packet network scanner, meaning this tool allows you to scan the internet for information that you are after.
The ZMAP project
The Zmap project can be found on Github, on the github page, you can take a look into the code, and even make adjustments if you want. The license and copyright of Zmap belongs to:
ZMap Copyright 2017 Regents of the University of Michigan
License and Copyright
Scan the web in 45 minutes
This quick single packet network scanner can parse and scan the entire public IPv4 address space in under 45 minutes (That is 4,294,967,296 IP addresses).
With a 10gigE connection and PF_RING, ZMap can scan the IPv4 address space in 5 minutes.
Installation of Zmap
It is very easy to install ZMAP, you simply need to follow the instructions provided on their Github project page. To make it more easy for you, below, you can find the install commands for Ubuntu, Debian, Fedora, CentOS, RHEL, Gentoo, macOS (Homebrew) and Arch Linux:
| OS | Command |
|---|---|
| Debian and Ubuntu | sudo apt install zmap |
| Fedora, CentOS, and RHEL | sudo yum install zmap |
| Gentoo | sudo emerge zmap |
| macOS | brew install zmap |
| Arch Linux | sudo pacman -S zmap |
Zmap Commands
ZMap perform a TCP SYN scan by default, on the specified port at the maximum rate possible.
Scan 10,000 random addresses on port 80 at a maximum 10 Mbps:
zmap --bandwidth=10M --target-port=80 --max-targets=10000 --output-file=scanresults.csvzmap -B 10M -p 80 -n 10000 -o scanresults.csvScan CIDR blocks and specifc subnets
zmap -p 80 10.0.0.0/8 192.168.0.0/16More commands can be found on the official Zmap WIKI.