Provided by: zmap_1.1.0-1_amd64
NAME
zmap - A fast Internet-wide scanner
SYNOPSIS
zmap [ OPTIONS ... ]
DESCRIPTION
ZMap is a network tool for scanning the entire Internet (or large samples).
OPTIONS
Basic options -p, --target-port=port TCP port number to scan (for SYN scans) -o, --output-file=name When using an output module that uses a file (such as the default), write results to this file. Use - for stdout. -b, --blacklist-file=path File of subnets to exclude, in CIDR notation (e.g. 192.168.0.0/16), one-per line. It is recommended you use this to exclude RFC 1918 addresses, multicast, IANA reserved space, and other IANA special-purpose addresses. An example blacklist file is provided in conf/blacklist.conf for this purpose. -w, --whitelist-file=path File of subnets to constrain scan to, in CIDR notation, e.g. 192.168.0.0/16 Scan options -n, --max-targets=n Cap number of targets to probe (as a number or a percentage of the address space) -N, --max-results=n Cap number of results to return -t, --max-runtime=secs Cap length of time for sending packets -r, --rate=pps Set send rate in packets/sec -B, --bandwidth=bps Set send rate in bits/second (supports suffixes G, M and K). This overrides the --rate flag. -c, --cooldown-time=secs How long to continue receiving after sending last probe (default=8) -e, --seed=n Seed used to select address permutation. Specify the same seed in order to scan the same sample repeatedly. -T, --sender-threads=n Threads used to send packets (default=1) -P, --probes=n Number of probes to send to each IP (default=1) -d, --dryrun Print out each packet to stdout instead of sending it. (May be useful for debugging.) Network options -s, --source-port=port|range Source port(s) for scan packets -S, --source-ip=ip|range Source address(es) for scan packets -G, --gateway-mac=addr Specify gateway MAC address. All packets will be sent to this Ethernet address. -i, --interface=name Specify network interface to use. -X, --vpn If using ZMap through a VPN, use this option. Instead of sending raw Ethernet frames, ZMap will send IP packets. When using this option, it is generally also necessary to provide the interface (through the -i flag). Advanced options -M, --probe-module=name Select probe module (default=tcp_synscan) -O, --output-module=name Select output module (default=simple_file) -f, --output-fields=fields Fields that should be output in result set; see --list-output-fields --probe-args=args Arguments to pass to probe module --output-args=args Arguments to pass to output module --list-output-modules List available output modules --list-probe-modules List available probe modules --list-output-fields List all fields that can be output (using --output-fields ) by selected probe module Additional options -C, --config=filename Read a configuration file, which can specify any of these options (default=/etc/zmap/zmap.conf) -q, --quiet Do not print status updates -g, --summary Print configuration and summary at end of scan -v, --verbosity=n Level of log detail (0-5) (default=3) -h, --help Print help and exit -V, --version Print version and exit
EXAMPLES
Scan the whole Internet for hosts with port 443 open (results discarded): zmap -p 443 Find 5 HTTP servers (port 80), scanning at 10 Mb/s, print the results to stdout: zmap -N 5 -B 10M -p 80 -o -
WARNING
By default, ZMap attempts to scan at the line speed of your Ethernet interface and can easily use 1 Gbit/second of bandwidth. If your network is not able to support sending packets this quickly, your local network may become congested, causing connectivity problems for you and those around you. Use the -B (--bandwidth) option to set ZMap's maximum bandwidth to an appropriate limit for your network and upstream connection.
AUTHOR
Zakir Durumeric, Eric Wustrow, J. Alex Halderman (https://www.zmap.io)