🗺️ Network scanning & recon
Masscan
Internet-scale port scanner. Scans a /16 in seconds.
Why use it
When Nmap is too slow, Masscan delivers. It uses an asynchronous transmit model to scan millions of IPs per second — perfect for exposure mapping and large recon tasks. Pair it with Nmap for the deep follow-up.
What you get
- TCP SYN scanning at line rate
- IP exclusion lists for safe scoping
- JSON, XML, and grepable output
- Banner grabbing on selected ports
System requirements
| Cpu | 1 core |
|---|---|
| Ram | 256 MB |
| Disk | 50 MB |
| Os | Linux preferred |
| Docker | Yes |
Installation
sudo apt install masscan on Debian/Ubuntu, or build from source. Scan with conservative rate first: sudo masscan -p1-65535 192.168.1.0/24 --rate=1000 -oL out.txt. Always set --rate — defaults can saturate links.
Suggested configuration
For homelab use, never exceed your link capacity. Add --excludefile excludes.txt with anything you don't own. Pipe Masscan output to Nmap for service detection: masscan -p443 0.0.0.0/0 ... | xargs nmap -sV -p443.
Integration ideas
- Feed Masscan results into Nmap for service detection
- Pipe into Nuclei for fast vuln confirmation
- Forward findings to your asset inventory
Alternatives
- Nmap — Slower but does service detection.
- ZMap — Academic alternative; even faster for /0 scans.
Cyentrix verdict
Use it for breadth, then Nmap for depth. Critical for attack-surface management.