ZMap: a faster network scanner than Nmap

Posted by FunInformatique 3 minutes of reading
mapping
mapping

Last updated: January 1, 2023

Scanning a network is the most important part in a penetration test that an IT security professional performs in its very first step.

The result of a scan of a computer network gives extensive information about the operating system of the machines connected to this network. It also gives information about firewalls that are installed, open ports and lots of other information.

In fact, the main goal in this phase is to obtain a set of precise information on the target. Thus, one can determine the best route to penetrate the system. But, to scan a network, we need the right tools. So, select your working weapon wisely!

And if we are talking about network analysis, we are directly thinking of Nmap. No doubt Nmap is a smart tool and has an ability to get the most work out of it, but Nmap is not the only network scanning tool, we have many other tools and they also have their own merits and the one of them is ZMap.

What is ZMap?

ZMap is an open-source network scanner that allows penetration testers to easily perform surveys on a remote server. Indeed, it makes it possible to detect open ports, identify hosted services and obtain information on the operating system of a remote machine.

With a single machine and a fast internet connection, ZMap is able to perform a full scan of IPv4 address space in less than an hour.
logo_test_transparent_monitor
You should know that this tool is up to 1 times faster than the popular Nmap scanner. The latter keeps in memory a list of nodes on the Internet that would have responded to the probes while Zmap ignores this time-consuming step in its process.

ZMap usage example

By default, ZMap will perform a TCP SYN scan on the specified port at the maximum possible rate. A more conservative setup that will scan 10.000 random addresses on port 80 at a maximum of 10 Mbps can be run as follows:

ZMap --bandwidth=10M target-port=80 --max-targets=10000 --output-file=results.csv

Or more concisely specified:

10M ZMap -B -p 80 -n -o 10000 results.csv

ZMap can also be used to scan specific subnets. For example, to scan only 10.0.0.0/8 and 192.168.0.0/16 on port 80, enter the following command:

ZMap -p 80 -o results.csv 10.0.0.0/8 192.168.0.0/16

To have other examples of use and to master Zmap well, take a look at thea documentation ! And to download and install Zmap, it's by HERE.

Those who liked this article also liked these: