ZMap · The Internet Scanner

 ZMAPはLINX系OS全般に対応しているようですが、今回はKali Linx 64bitへのインストールの手順を説明します。
 最も簡単な方法は以下のようにapt-getすることなのですが、何故か自分の環境ではできませんでした。("Unable to locate package zmap" というエラーが表示される。)

$ sudo apt-get install zmap



$ sudo apt-get install build-essential cmake libgmp3-dev libpcap-dev gengetopt byacc flex


$ sudo make
$ sudo make install


zmap 1.2.0

A fast Internet-wide scanner.

Usage: zmap [OPTIONS]... [SUBNETS]...

Basic arguments:
  -p, --target-port=port        TCP port number to scan (for SYN scans)
  -o, --output-file=name        Output file
  -b, --blacklist-file=path     File of subnets to exclude, in CIDR notation, 
  -w, --whitelist-file=path     File of subnets to constrain scan to, in CIDR 
                                  notation, e.g.
  -f, --output-fields=fields    Fields that should be output in result set

Scan options:
  -n, --max-targets=n           Cap number of targets to probe (as a number or 
                                  a percentage of the address space)
  -N, --max-results=n           Cap number of results to return
  -t, --max-runtime=ses         Cap length of time for sending packets
  -r, --rate=pps                Set send rate in packets/sec
  -B, --bandwidth=bps           Set send rate in bits/second (supports suffixes 
                                  G, M and K)
  -c, --cooldown-time=secs      How long to continue receiving after sending 
                                  last probe  (default=`8')
  -e, --seed=n                  Seed used to select address permutation
  -T, --sender-threads=n        Threads used to send packets  (default=`1')
  -P, --probes=n                Number of probes to send to each IP  
  -d, --dryrun                  Don't actually send packets
      --shards=N                Set the total number of shards  (default=`1')
      --shard=n                 Set which shard this scan is (0 indexed)  

Network options:
  -s, --source-port=port|range  Source port(s) for scan packets
  -S, --source-ip=ip|range      Source address(es) for scan packets
  -G, --gateway-mac=addr        Specify gateway MAC address
  -i, --interface=name          Specify network interface to use
  -X, --vpn                     Sends IP packets instead of Ethernet (for VPNs)

Advanced options:
  -M, --probe-module=name       Select probe module  (default=`tcp_synscan')
  -O, --output-module=name      Select output module  (default=`default')
      --probe-args=args         Arguments to pass to probe module
      --output-args=args        Arguments to pass to output module
      --output-filter=filter    Specify a filter over the response fields to 
                                  limit what responses get sent to the output 
      --list-output-modules     List available output modules
      --list-probe-modules      List available probe modules
      --list-output-fields      List all fields that can be output by selected 
                                  probe module

Additional options:
  -C, --config=filename         Read a configuration file, which can specify 
                                  any of these options  
  -l, --log-file=name           Write log entries to file
  -L, --log-directory=directory Write log entries to a timestamped file in this 
  -q, --quiet                   Do not print status updates
  -g, --summary                 Print configuration and summary at end of scan
      --metadata-file=name      Output file for scan metadata (JSON)
      --disable-syslog          Disables logging messages to syslog
  -v, --verbosity=n             Level of log detail (0-5)  (default=`3')
  -h, --help                    Print help and exit
  -V, --version                 Print version and exit

	zmap -p 80 -o - (scan the Internet for hosts on port 80 and output to stdout)
	zmap -N 5 -B 10M -p 80 -o -  (find 5 HTTP servers, scanning at 10 Mb/s)
	zmap -p 80 -o (scan 10./8, 192.168./16 on port 80)
	zmap -p 80 (scan, on port 80)

Probe-module (tcp_synscan) Help:
Probe module that sends a TCP SYN packet to a specific port. Possible 
classifications are: synack and rst. A SYN-ACK packet is considered a success 
and a reset packet is considered a failed response.

Output-module (csv) Help:
no help text available