> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Masscan

> Masscan fast port scanning: rate tuning, output parsing, and integration with Nmap.

## Install

```bash theme={"dark"}
apt install masscan
```

***

## Basic Scan

```bash theme={"dark"}
masscan -p 80 10.10.10.0/24
masscan -p 0-65535 TARGET
masscan -p 80,443,8080 TARGET
```

***

## Rate Tuning

```bash theme={"dark"}
masscan -p- TARGET --rate 1000        # 1k packets/sec
masscan -p- TARGET --rate 10000       # 10k packets/sec (aggressive)
masscan -p- TARGET --rate 100000      # 100k packets/sec (very aggressive)
```

<Warning>High rates can crash targets or trigger IDS. Start low, increase gradually.</Warning>

***

## Common Scans

### Full Port Scan — Single Target

```bash theme={"dark"}
masscan -p 0-65535 TARGET --rate 1000 -oL ports.txt
```

### Subnet Scan — Common Ports

```bash theme={"dark"}
masscan -p 21,22,23,25,53,80,110,139,143,443,445,993,995,1433,3306,3389,5432,5985,8080,8443 10.10.10.0/24 --rate 1000
```

### Exclude Hosts

```bash theme={"dark"}
masscan -p- 10.10.10.0/24 --rate 1000 --excludefile exclude.txt
```

***

## Output Formats

```bash theme={"dark"}
masscan -p- TARGET --rate 1000 -oL output.txt    # List
masscan -p- TARGET --rate 1000 -oX output.xml    # XML
masscan -p- TARGET --rate 1000 -oG output.gnmap  # Grepable
masscan -p- TARGET --rate 1000 -oJ output.json   # JSON
```

***

## Parse & Feed to Nmap

### Extract Open Ports

```bash theme={"dark"}
masscan -p- TARGET --rate 1000 -oL ports.txt
grep "open" ports.txt | cut -d' ' -f3 | sort -n | tr '\n' ',' | sed 's/,$//'
```

### Pipe to Nmap

```bash theme={"dark"}
ports=$(masscan -p- TARGET --rate 1000 -oL - | grep "open" | cut -d' ' -f3 | sort -n | tr '\n' ',' | sed 's/,$//')
nmap -sV -sC -p $ports TARGET -oA targeted
```

***

## Options

| Flag            | Description                            |
| --------------- | -------------------------------------- |
| `-p`            | Port(s) to scan                        |
| `--rate`        | Packets per second                     |
| `--banners`     | Grab banners                           |
| `--source-port` | Spoof source port                      |
| `--source-ip`   | Spoof source IP                        |
| `--adapter-ip`  | Use specific interface IP              |
| `--excludefile` | Exclude hosts from file                |
| `--wait 5`      | Wait 5 sec after scan for late replies |

***

## Quick Reference

| Task         | Command                                        |
| ------------ | ---------------------------------------------- |
| Full scan    | `masscan -p- TARGET --rate 1000`               |
| Subnet       | `masscan -p 80,443 10.10.10.0/24 --rate 500`   |
| With banners | `masscan -p 80 TARGET --banners --rate 1000`   |
| To Nmap      | Parse masscan output → `nmap -sV -sC -p PORTS` |
