ghost
commented
6 years ago To quote the README.md file, under "Banner Checking"
Masscan can do more than just detect whether ports are open. It can also complete the TCP connection and interaction with the application at that port in order to grab simple "banner" information.
The problem with this is that masscan contains its own TCP/IP stack separate from the system you run it on. When the local system receives a SYN-ACK from the probed target, it responds with a RST packet that kills the connection before masscan can grab the banner.
The easiest way to prevent this is to assign masscan a separate IP address. This would look like the following:
# masscan 10.0.0.0/8 -p80 --banners --source-ip 192.168.1.200
sudo masscan --rate 20000 -p0-65535 --banners 208.67.222.222 --source-ip 192.168.1.253
Starting masscan 1.0.4 (http://bit.ly/14GZzcT) at 2017-11-28 12:56:22 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [65536 ports/host]
Discovered open port 53/tcp on 208.67.222.222
Discovered open port 5353/tcp on 208.67.222.222
Discovered open port 443/tcp on 208.67.222.222 The only problem I see is that it's not actually returning any banners.
Edit
Also, if you want to capture banners with nmap, you need to run it this way:
sudo nmap -sT --script banner 192.168.0.0/24It will return something like this:
Host is up (0.0071s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
|_banner: SSH-2.0-OpenSSH_6.7
80/tcp open http
MAC Address: XX:XX:XX:XX:XX:XX (Manufacturer)Also, if you throw in the -sV option in the above scan, nmap will estimate the version of the program running:
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.7
|_banner: SSH-2.0-OpenSSH_6.7
80/tcp open http lighttpd 1.4.35
|_http-server-header: lighttpd/1.4.35
mzpqnxow
Most recent 1.04, compiled and installed manually. Was having the same issues with 1.0.3 installed from Ubuntu 17.04 repos. Hosts that are validated to be up and with open ports are not found by masscan.
Looks like something is amiss with libpcap and sniffing the responses:
$ sudo masscan --rate 20000 --ports 0-65535 --banners -v 208.67.222.222 pcap: found library: libpcap.so pcap: pcap_dev_name: failed pcap: pcap_dev_description: failed pcap: pcap_dev_next: failed pcap: pcap_sendqueue_alloc: failed pcap: pcap_sendqueue_transmit: failed pcap: pcap_sendqueue_destroy: failed pcap: pcap_sendqueue_queue: failed initializing adapter enp0s25: type=0x 1 pcap: libpcap version 1.8.1 pcap:'enp0s25': successfully opened adapter initialization done.
Starting masscan 1.0.4 (http://bit.ly/14GZzcT) at 2017-11-27 20:49:28 GMT -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth Initiating SYN Stealth Scan Scanning 1 hosts [65536 ports/host] THREAD: status: starting thread THREAD: xmit: starting thread #0 THREAD: recv: starting thread #0 maxrate = 20000.00 0.00% done, 0:00:00 remaining, found=0
THREAD: recv: starting main loop THREAD: xmit done, waiting for receive thread to realize this
THREAD: xmit: stopping thread #0waiting 0-secs, found=0
THREAD: recv: stopping thread #0waiting -2-secs, found=0
THREAD: status: stopping thread waiting -3-secs, found=0
$ sudo nmap -sS -O 208.67.222.222
Starting Nmap 7.40 ( https://nmap.org ) at 2017-11-27 15:49 EST Nmap scan report for resolver1.opendns.com (208.67.222.222) Host is up (0.0069s latency). Not shown: 998 filtered ports PORT STATE SERVICE 53/tcp open domain 443/tcp open https Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Aggressive OS guesses: Crestron XPanel control system (89%), Linux 3.13 (87%), HP P2000 G3 NAS device (86%), ASUS RT-N56U WAP (Linux 3.4) (86%), Linux 3.1 (86%), Linux 3.16 (86%), Linux 3.2 (86%), CyanogenMod 12 (Android 5.0.2) (86%), Linux 2.6.32 (86%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (86%) No exact OS matches for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 23.80 seconds