Zmap
Internet-wide port scanner capable of scanning the entire IPv4 address space in minutes
Recon & OSINT8 commands
#port#scanner#internet#network#masscan
Installation
1Install via apt
2Build from source
3Verify installation
# Debian/Ubuntu
sudo apt install zmap
# Fedora/RHEL
sudo dnf install zmap
# Build from source
git clone https://github.com/zmap/zmap.git
cd zmap
cmake . && make && sudo make install
# Verify
zmap --versionBasic Usage
Scan specific ports across large IP ranges with high throughput
# Scan port 80 on subnet
zmap -p 80 10.0.0.0/8
# Scan with output to file
zmap -p 443 192.168.0.0/16 -o results.csv
# Rate-limited scan
zmap -p 22 10.0.0.0/8 --rate=1000
# Banner grab
zmap -p 80 --banner 10.0.0.0/8
# Exclude specific IPs/subnets
zmap -p 8080 0.0.0.0/0 --exclude-file exclude.txt
# JSON output
zmap -p 443 --output-module=json 192.168.0.0/16
# Scan with custom probe module
zmap -p 443 --probe-module=tcp_syn 10.0.0.0/8Command Reference
8 commands
1Port to scan
-p2Output file
-o3Packets per second
--rate4Banner grab
--banner5File with IPs/subnets to exclude
--exclude-file6Output format (csv, json)
--output-module7Probe type (tcp_syn, icmp_echo)
--probe-module8Scan seed for reproducibility
--seedWhen to Use
1
Internet-wide scanning for exposed services2
Finding all web servers on a large IP block3
Research and academic network measurement4
Identifying vulnerable services across IP ranges5
Open port discovery on cloud provider rangesNotes & Tips
1
Capable of scanning the entire IPv4 internet in ~45 minutes on 10GbE2
Requires root privileges for raw packet operations3
Only scans one port at a time4
Use responsibly and respect network policiesCommon Errors & Solutions
Permission denied (raw sockets)
Run with sudo or set capabilities: sudo setcap cap_net_raw=ep /usr/sbin/zmap
Network congestion
Reduce rate with --rate flag to avoid overwhelming the network