Open JmFoces opened 3 years ago
nmap sends both payloads in parallel. Masscan only sends the last. I've been using the nmap-payloads file from https://github.com/ParrotSec/nmap/blob/master/nmap-payloads which has two UDP port 123 payloads. I've noticed that a network I scan will only detect port 123 UDP as open if I comment out the second UDP port 123 payload from that file.
Can masscan be updated to send multiple payloads?
Hi!
The first, thank you for such nice project.
I've been playing around with nmap payloads and detected some behaviors that could be improved. I would try to fix this by myself. I'll post a pull request when have some freetime.
1º Sends just the last payload. I'm not completely sure if nmap behaves this way. File example: cat < /tmp/nmp1
udp 443 "Payload 1"
udp 443 "Payload 2"
EOF
masscan -Pn -dv --banners --nmap-payloads /tmp/nmp1 -p U:443 x.y.z.p Just sends payload2
2º Lines ending with comments trigger errors during parse: cat < /tmp/nmp2
udp 443 "Payload 1"
udp 443 "Payload 2" # comment
EOF
sudo masscan --retries 0 -n -Pn -dv --banners --nmap-payloads /tmp/nmp2 -p U:443 x.y.z.p /tmp/nmp2:2: syntax error, expected "udp".
3º Given a valid nmap-payloads if --retries > 1 masscan sends a lot of repeated packets. sudo masscan --retries 2 -n -Pn -dv --banners --nmap-payloads /tmp/nmp1 -p U:443 x.y.z.p
sudo masscan --packet-trace --retries 2 -n -Pn -dv --banners --nmap-payloads /tmp/nmp1 -p U:443 x.y.z.1 [+] pcap: found library: libpcap.so [+] interface = eno1 [+] if(eno1): pcap: libpcap version 1.10.0 (with TPACKET_V3) [+] if(eno1): successfully opened [+] interface-type = 1 if:eno1: type=ethernet(1) [+] source-mac =
[+] source-ip = x.y.z.26
[+] router-ip = x.y.z.1
SENT (0.0199) ARP [x.y.z.26] > [x.y.z.1] request
[+] arp: x.y.z.1 ==
[+] router-mac-ipv4 =
Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2021-05-08 07:47:24 GMT
Initiating SYN Stealth Scan
Scanning 1 hosts [1 port/host]
[+] starting transmit thread #0
[+] starting throttler: rate = 100.00-pps
[+] starting receive thread #0
SENT (0.0321) UDP [x.y.z.26]:40044 > [x.y.z.1]:443
[+] waiting for threads to finish SENT (0.1322) UDP [x.y.z.26]:40044 > [x.y.z.1]:443
SENT (0.1323) UDP [x.y.z.26]:40044 > [x.y.z.1]:443
SENT (0.1323) UDP [x.y.z.26]:40044 > [x.y.z.1]:443
SENT (0.1324) UDP [x.y.z.26]:40044 > [x.y.z.1]:443
SENT (0.1324) UDP [x.y.z.26]:40044 > [x.y.z.1]:443
SENT (0.1324) UDP [x.y.z.26]:40044 > [x.y.z.1]:443
SENT (0.1324) UDP [x.y.z.26]:40044 > [x.y.z.1]:443
SENT (0.1325) UDP [x.y.z.26]:40044 > [x.y.z.1]:443
SENT (0.1325) UDP [x.y.z.26]:40044 > [x.y.z.1]:443
SENT (0.1325) UDP [x.y.z.26]:40044 > [x.y.z.1]:443
SENT (0.1422) UDP [x.y.z.26]:40044 > [x.y.z.1]:443
SENT (0.1521) UDP [x.y.z.26]:40044 > [x.y.z.1]:443
SENT (0.1621) UDP [x.y.z.26]:40044 > [x.y.z.1]:443
SENT (0.1721) UDP [x.y.z.26]:40044 > [x.y.z.1]:443 ...
That's all I've found. I'm using Debian Bullseye version: Package: masscan Version: 2:1.3.2+ds1-1
Thanks again for the tool and have a good day!