Ultimate Masscan Cheat Sheet
Ultimate Masscan Cheat Sheet
The "Internet Scale" port scanner. Scans the entire web in under 6 minutes.
1. Scanning Targets
Masscan works similarly to Nmap but is purely command-line and asynchronous (SYN scan only).
Single IP
CIDR Range
Scan a subnet.
Multiple Ports
Scan ports 80 and 443.
Range of Ports
2. Ports & Rates
The --rate flag is the most important setting in Masscan.
Scan Speed (Packets Per Second)
Default is 100 pps (very slow). Increase this for speed.
(10,000 packets/sec = Fast. 100,000+ requires dedicated hardware).
Scan All Ports
Scan 0-65535.
UDP Scanning
Use U: prefix for UDP ports.
--rate 500.
3. Banner Grabbing
Masscan can grab banners (like Nmap version scan) to identify services.
Enable Banners
Custom Source Port
Some firewalls block scans unless they come from a specific port (like 53 or 80).
Ping Scan (ICMP)
Masscan verifies if hosts are up using ICMP echo.
4. Output Formats
Masscan does not output to the terminal nicely like Nmap. You usually want to save to a file.
Binary Format (Recommended)
Fastest and smallest. Can be read by Masscan later.
Read Binary File
Convert the binary scan to text.
XML / JSON / List
5. Configuration File
Instead of typing long commands, save your settings in a masscan.conf file.
Generate Config
Output current settings to a file.
Run with Config
Example Config Content
rate = 1000.00 ports = 80,443,U:53 output-format = json output-filename = results.json excludefile = exclude.txt
6. Exclusions & Safety
Crucial: Never scan networks you don't own or have permission to scan. Exclude sensitive IPs.
Exclude File
Create a file exclude.txt with IPs/Ranges to skip.
Post a Comment