ZMap: a faster network scanner than Nmap


Last updated: January 1, 2023

Scanning a network is the most important part in a penetration test that an IT security professional performs at its very first step.

The result of a scan of a computer network provides extensive information about the operating system of the machines connected to that network. It also gives information about the firewalls that are installed, open ports and a lot of other information.

In fact, the main goal in this phase is to obtain a set of precise information on the target. Thus, one can determine the best route to penetrate the system. But, to scan a network, we need the right tools. So, select your working weapon wisely!

And if we talk about network analysis, we think directly of Nmap. No doubt Nmap is a smart tool and one that has an ability to get the most work done, but Nmap is not the only network analysis tool, we have many other tools and they also have their own merits and one of them is ZMap.

What is ZMap?

ZMap is an open-source network scanner that allows penetration testers to easily perform studies on a remote server. Indeed, it allows you to detect open ports, identify hosted services and obtain information about the operating system of a remote machine.

With a single machine and a fast internet connection, ZMap is capable of performing a complete analysis of IPv4 address space in less than an hour.
You should know that this tool is up to 1 times faster than the popular Nmap scanner. The latter keeps in memory a list of nodes on the Internet that would have responded to the probes while Zmap ignores this time-consuming step in its process.

ZMap usage example

By default, ZMap will perform a TCP SYN scan on the specified port at the maximum possible rate. A more conservative setup that will scan 10.000 random addresses on port 80 at a maximum of 10 Mbps can be run as follows:

ZMap –bandwidth = 10M target-port = 80 –max-targets = 10000 –output-file = results.csv

Or more concisely specified:

10M ZMap -B -p 80 -n -o 10000 results.csv

ZMap can also be used to scan specific subnets. For example, to scan only and on port 80, enter the following command:

ZMap -p 80 -o results.csv

For other examples of use and to master Zmap, take a look at thea documentation ! And to download and install Zmap, go to HERE.