Tim Rice

Leverage ZMap to speed up scans

Discussion created by Tim Rice on May 24, 2017
Latest reply on Jun 9, 2017 by smaske


I have found that the Rapid7 discovery scans take very long to perform.  I have found, if I perform a zmap scan in import into Metasploit or Nexpose, then my scans are so much faster.


An example would be a /16 ping sweep with nmap can take several hours where zmap takes less than 2 minutes.  Has Rapid7 thought about using some of the next gen scanning tools such as masscan and zmap to speed up scans?

Example of all hosts with port 80 open

sudo zmap -p 80 -o port_80.txt -v 5 -f saddr -i vlan754 -G 00:00:00:00:00

(Replace the 00:00:00:00:00 with the gateway mac.  Replace the vlan754 with your ethernet device)


Here is an example of a zmap scan of a /12 network (1,048,576) hosts that took about 4 minutes to perform.

time sudo zmap -M icmp_echoscan -r 4000 -o /scripts/zmap_scan/ipaddress_172.txt