loading
loading
Network
An internet-scale asynchronous port scanner that emits structured JSON, sweeping huge IP ranges at millions of packets per second.
overview
masscan-json runs the asynchronous masscan port scanner and writes structured JSON instead of a text grid. It sends its own TCP/IP packets and tracks replies out of band, so a single machine can sweep large IP ranges at high packet rates and report every host that answers on the ports you chose.
You set --rate for packets per second, -p for the port set, and either --range or -iL for targets. Optional --banners grabs a short service hint during the pass, and --excludefile keeps out-of-scope addresses out of the sweep. The JSON shape lets a downstream node read open host and port pairs as fields without grepping lines.
In a Trickest workflow the node takes a target list or IP range and writes a file and a folder of JSON results. Run it as the wide first pass, then hand open ports to a prober and a deeper scanner so slower stages only touch addresses that already answered.
use cases
Scan a full CIDR block or acquired netblock for open ports in one pass, then narrow slower tooling to the hosts that answer.
Emit JSON so a downstream node reads host and port pairs as fields and probes each one for the service behind it.
Turn on --banners to capture a service hint alongside each open port so triage starts without a second connection per host.
Set --excludefile and a controlled --rate to keep a wide sweep inside the ranges you own and within the network's tolerance.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| ip-range | STRING | --range | Range of IP addresses to be scanned. |
| targets | FILE | -iL | List of targets. |
| ports | STRING | -p | Port or Port range to be scanned. |
| rate | STRING | --rate | Packets per second. Default: 100. |
| banners | BOOLEAN | --banners | Grab banner information. |
| exclude-file | FILE | --excludefile | Exclude a range of ports. |
| single-source-ip-address | STRING | --source-ip | Provide a separate source ip address. |
Showing key inputs. masscan-json exposes 9 inputs in total.
| Name | Type | Flag | Description |
|---|---|---|---|
| rate | STRING | --rate | Packets per second. Default: 100 |
| ports | STRING | -p | Port or Port range to be scanned |
| banners | BOOLEAN | --banners | Grab banner information |
| offline | BOOLEAN | --offline | Test in offline mode |
| targets | FILE | -iL | List of targets |
| ip-range | STRING | --range | Range of IP adresses to be scanned |
| exclude-file | FILE | --excludefile | Exclude a range of ports |
| keep-packets-locally | STRING | --router-mac | Keeps packets on the local network segments so that they won't go out to the Internet. |
| single-source-ip-address | STRING | --source-ip | Provide a separate source ip address |
example
# masscan-json: JSON sweep of a documentation netblock for common web portsmasscan 198.51.100.0/24 -p80,443,8080 --rate 1000 --banners -oJ open-ports.json{"ip":"198.51.100.23","port":443,"proto":"tcp","status":"open"}{"ip":"198.51.100.23","port":80,"proto":"tcp","status":"open"}{"ip":"198.51.100.64","port":22,"proto":"tcp","status":"open"}{"ip":"203.0.113.12","port":8080,"proto":"tcp","status":"open"}{"ip":"203.0.113.88","port":443,"proto":"tcp","status":"open"}{"ip":"203.0.113.88","port":80,"proto":"tcp","status":"open"}{"ip":"198.51.100.17","port":8443,"proto":"tcp","status":"open"}guidance
Use masscan-json for the fast, wide first pass when you need open ports across a large IP range and want the results as JSON. It is a port sweeper, not a service or vulnerability scanner, so pair it with a prober that reads its output and identifies what is listening.
The same scanner with default text output. Use masscan-json when a downstream node needs to parse fields.
Resolves domains at scale instead of scanning ports. Run it to build the target list, then sweep with masscan-json.
Expands and splits CIDR ranges. Use it to prepare the input ranges this scanner sweeps.
faq
related
Quickly map an organization's network ranges using ASN information.
Maximize your resolver count by combining the target's DNS servers with public resolvers.
Expand CIDR ranges into a list of IP addresses easily.
Expand CIDR ranges into a list of IP addresses easily, from a file.
Maintain a list of IPv4 DNS servers verified against baseline servers for accurate responses.
Patched dnsvalidator that keeps only IPv4 resolvers verified against baseline servers.
An IP range is expanded by mapcidr, masscan-json sweeps the resulting hosts for open ports, and the open host and port pairs are written as JSON output.
Facts on this page come from the live Trickest tool library.