ZMap Internet scanner

ZMap Internet scanner

ZMap Internet scanner, en este artículo de hoy traemos ZMap, se define la herramienta como un escáner de red de código libre, lo que caracteriza a este escáner de red de otros es que es capaz de hacer un escáner completo a todo el espacio de direcciones IPv4 en tan sólo 45 minutos, eso sí, deberemos tener en nuestros hogares una conexión simétrica a velocidad de 1Gbps, velocidad a la que no todos tendremos acceso.

Índice

    ZMap Internet scanner a quien va dirigida esta herramienta

    Esta herramienta está dirigida a investigadores, estudiantes y entusiastas de las redes de ordenadores.

    ZMap está soportada por los siguientes sistemas operativos.

    • Debian
    • Ubuntu
    • Fedora
    • Red Hat Enterprise Linux
    • CentOS

    En mi caso, voy a usarla en un sistema que en el que corre Ubuntu.

    Antes de bajarla y compilar tendremos que instalar algunas dependencias.

    sudo apt-get install libgmp3-dev libpcap-dev gengetopt
    
    

    Una vez que, hemos instalado las dependencias, deberemos de bajar la herramienta, hay dos opciones dsponibles, bajarse el tar.gz o clonar directamente de Github.

    En mi caso, clonaré de Github y así si quiero actualizar solo tendré que hacer git pull y volver a compilar.

    Para compilar la herramienta solo tendremos que ir a src/ y hacer make y make install.

    Una de las primeras que prueba que hice fue escaner 10000 hosts en busca del puerto 25. Para hacer esto, basta con correr ZMap de la siguiente forma:

    [email protected]:~# zmap --bandwidth=10M --target-port=25 --max-targets=10000 --output-file=results.txt
    Aug 19 07:42:54.359 [INFO] zmap: started
     0:01 11%; send: 10000 done (12.9 Kp/s avg); recv: 3 2 p/s (2 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.03%
     0:02 23%; send: 10000 done (12.9 Kp/s avg); recv: 3 0 p/s (1 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.03%
     0:03 34%; send: 10000 done (12.9 Kp/s avg); recv: 3 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.03%
     0:04 46%; send: 10000 done (12.9 Kp/s avg); recv: 3 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.03%
     0:05 57% (3s left); send: 10000 done (12.9 Kp/s avg); recv: 3 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.03%
     0:06 68% (2s left); send: 10000 done (12.9 Kp/s avg); recv: 3 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.03%
     0:07 80% (1s left); send: 10000 done (12.9 Kp/s avg); recv: 3 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.03%
     0:08 91% (0s left); send: 10000 done (12.9 Kp/s avg); recv: 3 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.03%
     0:09 103% (0s left); send: 10000 done (12.9 Kp/s avg); recv: 3 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.03%
    Aug 19 07:43:04.451 [INFO] zmap: completed
    
    

    Si miramos el contenido del fichero results,txt que es donde he guardado los resultados:

    [email protected]:~# cat results.txt
    213.246.156.148
    163.16.44.104
    61.57.32.154
    
    

    Si queremos lanzar ZMap, pero con los parámetros reducidos.

    [email protected]:~# zmap -p 23 -N 10 -B 1M -o resultados_25.txt
    Aug 19 09:36:31.683 [INFO] zmap: started
     0:01 80%; send: 1470 1.47 Kp/s (1.46 Kp/s avg); recv: 8 7 p/s (7 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.54%
    Aug 19 09:36:33.774 [INFO] zmap: completed
    [email protected]:~# more resultados_25.txt
    143.160.61.169
    113.63.226.184
    217.194.195.200
    80.11.76.213
    195.88.91.22
    123.24.195.124
    94.20.219.157
    180.43.215.15
    222.131.30.119
    218.62.20.93
    
    

    Si no especificamos ancho de banda ni límite de host, está claro que el escaneo se demorará mas tiempo.

    [email protected]:~# zmap --target-port=8080 --output-file=resultados_8080.txt
    Aug 19 09:38:53.477 [INFO] zmap: started
     0:01 0%; send: 18551 18.5 Kp/s (18.4 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:02 0%; send: 37377 18.8 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:03 0%; send: 56118 18.7 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:04 0%; send: 74834 18.7 Kp/s (18.7 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:05 0% (2d07h left); send: 93693 18.9 Kp/s (18.7 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:06 0% (2d07h left); send: 111996 18.3 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:07 0% (2d07h left); send: 130548 18.6 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:08 0% (2d07h left); send: 149214 18.7 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:09 0% (2d07h left); send: 167837 18.6 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:10 0% (2d07h left); send: 186361 18.5 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:11 0% (2d07h left); send: 205065 18.7 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:12 0% (2d07h left); send: 223693 18.6 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:13 0% (2d07h left); send: 242297 18.6 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:14 0% (2d07h left); send: 260935 18.6 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:15 0% (2d07h left); send: 279495 18.6 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:16 0% (2d07h left); send: 297910 18.4 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:17 0% (2d07h left); send: 316723 18.8 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:18 0% (2d07h left); send: 335076 18.4 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:19 0% (2d07h left); send: 353652 18.6 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:20 0% (2d07h left); send: 372047 18.4 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:21 0% (2d07h left); send: 390340 18.3 Kp/s (18.6 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:22 0% (2d07h left); send: 408427 18.1 Kp/s (18.5 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:23 0% (2d07h left); send: 426574 18.1 Kp/s (18.5 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:24 0% (2d07h left); send: 444466 17.9 Kp/s (18.5 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
     0:25 0% (2d07h left); send: 462865 18.4 Kp/s (18.5 Kp/s avg); recv: 0 0 p/s (0 p/s avg); drops: 0 p/s (0 p/s avg); hits: 0.00%
    
    

    Si queremos ver algunos ejemplos de esos puertos 8080 que se han encontrado.

    [email protected]:~# nmap -vv -PN -p 8080 -iL 8080.txt -A
    
    Starting Nmap 5.21 ( http://nmap.org ) at 2013-08-19 09:41 EDT
    NSE: Loaded 36 scripts for scanning.
    Initiating Parallel DNS resolution of 10 hosts. at 09:41
    Completed Parallel DNS resolution of 10 hosts. at 09:41, 9.55s elapsed
    Initiating SYN Stealth Scan at 09:41
    Scanning 10 hosts [1 port/host]
    Discovered open port 8080/tcp on 78.142.173.146
    Discovered open port 8080/tcp on 77.235.239.133
    Discovered open port 8080/tcp on 80.22.254.170
    Discovered open port 8080/tcp on 109.228.95.167
    Discovered open port 8080/tcp on 75.107.9.98
    Discovered open port 8080/tcp on 190.157.171.219
    Discovered open port 8080/tcp on 74.41.143.53
    Discovered open port 8080/tcp on 189.222.25.61
    Discovered open port 8080/tcp on 211.84.229.132
    Discovered open port 8080/tcp on 75.104.137.117
    
    

    Y en esos puertos encuentro, lo que ya me esperaba:

    Nmap scan report for 75.104.137.117
    Host is up (0.18s latency).
    Scanned at 2013-08-19 09:41:54 EDT for 188s
    PORT STATE SERVICE VERSION
    8080/tcp open http-proxy?
    
    

     

    Nmap scan report for adsl-109-228-l8103.crnagora.net (109.228.95.167)
    Host is up (0.19s latency).
    Scanned at 2013-08-19 09:41:54 EDT for 167s
    PORT STATE SERVICE VERSION
    8080/tcp open http-proxy?
    
    

     

    Host is up (0.22s latency).
    Scanned at 2013-08-19 09:41:54 EDT for 177s
    PORT STATE SERVICE VERSION
    8080/tcp open tcpwrapped
    Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
    OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
    No OS matches for host
    TCP/IP fingerprint:
    
    

    Arquitectura de Zmap

    zmap_architecture

    Interesante proyecto para nuestras investigaciones!

    Página del proyecto => https://zmap.io/

    Paper => https://zmap.io/paper.pdf

    Subir