Nmap vs Masscan - Which One is Better?

Nmap and Masscan both are port scanner tools. Both tools are used in the engagement of penetration testing. Refer to articles on Nmap and Masscan to learn more about both tools. This blog provides a list of features of both tools and tries to identify the better tool.

Installation - Masscan

sudo apt-get --assume-yes install git make gcc
git clone https://github.com/robertdavidgraham/masscan
cd masscan
make
make install

Installation - Nmap

sudo apt-get install nmap

Details of Nmap and Masscan

Feature	Nmap	Masscan
Main Function	Port Scanning of a small network	Port Scanning of a large network
Supported Protocols	FTP, HTTP, IMAP4, memcached, POP3, SMTP, SSH, SSL, SMBv1, SMBv2, Telnet, RDP, VNC	FTP, HTTP, IMAP4, memcached, POP3, SMTP, SSH, SSL, SMBv1, SMBv2, Telnet, RDP, VNC
IPv4 Scan Support	Available	Available
IPv6 Scan Support	Available	Available
Speed	Speed is configurable by using -T option.	Speed is configurable. Although able to transmit10 million packets per second from a single machine.
Default scan	Available - Nmap scan top ports	Must specify scan ports to initiate scan
Syntax	nmap <IP>	masscan -p0-65535 <IP>
Scan Scripts	Available - huge database available	Not Available

How to scan the entire Internet with Masscan

masscan 0.0.0.0/0 -p0-65535

Conclusion

Both tools are used to identify open ports of the IT system. Open ports are further assessed for vulnerabilities. Although Nmap is a more mature tool and much more options to assess targets. Masscan is a tool basically used for fast scans of large no of targets. Nmap provides a huge set of scripts to identify general vulnerabilities based on open ports and services. This blog list out features available in both tools and also helps in identifying which tool is better for engagements in security assessments.