Nmap vs Masscan - Which One is Better?
Nmap and Masscan both are port scanner tools. Both tools are used in the engagement of penetration testing. Refer to articles on Nmap and Masscan to learn more about both tools. This blog provides a list of features of both tools and tries to identify the better tool.
Installation - Masscan
sudo apt-get --
assume-yes install git make gcc
git clone https://github.com/robertdavidgraham/masscan
cd masscan
make
make install
Installation - Nmap
sudo apt-get install nmap
Details of Nmap and Masscan
Feature | Nmap | Masscan |
Main Function | Port Scanning of a small network | Port Scanning of a large network |
Supported Protocols | FTP, HTTP, IMAP4, memcached, POP3, SMTP, SSH, SSL, SMBv1, SMBv2, Telnet, RDP, VNC | FTP, HTTP, IMAP4, memcached, POP3, SMTP, SSH, SSL, SMBv1, SMBv2, Telnet, RDP, VNC |
IPv4 Scan Support | Available | Available |
IPv6 Scan Support | Available | Available |
Speed | Speed is configurable by using -T option. | Speed is configurable. Although able to transmit10 million packets per second from a single machine. |
Default scan | Available - Nmap scan top ports | Must specify scan ports to initiate scan |
Syntax | nmap <IP> | masscan -p0-65535 <IP> |
Scan Scripts | Available - huge database available | Not Available |
How to scan the entire Internet with Masscan
masscan 0.0.0.0/0 -p0-65535
Conclusion
Both tools are used to identify open ports of the IT system. Open ports are further assessed for vulnerabilities. Although Nmap is a more mature tool and much more options to assess targets. Masscan is a tool basically used for fast scans of large no of targets. Nmap provides a huge set of scripts to identify general vulnerabilities based on open ports and services. This blog list out features available in both tools and also helps in identifying which tool is better for engagements in security assessments.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.