ZMap is a free and open-source security scanner that was developed as a faster alternative to

Nmap Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym ''Fyodor Vaskovich''). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provide ...

. ZMap was designed for

information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...

research and can be used for both

white hat White hat, white hats, or white-hat may refer to: Art, entertainment, and media * White hat, a way of thinking in Edward de Bono's book ''Six Thinking Hats'' * White hat, part of black and white hat symbolism in film Other uses * White hat (compu ...

and

black hat Black hat, blackhats, or black-hat refers to: Arts, entertainment, and media * Black hat (computer security), a hacker who violates computer security for little reason beyond maliciousness or for personal gain * Black hat, part of black and whit ...

purposes. The tool is able to discover

vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

and their impact, and detect affected IoT devices. Using one gigabit per second of

network bandwidth In computing, bandwidth is the maximum rate of data transfer across a given path. Bandwidth may be characterized as network bandwidth, data bandwidth, or digital bandwidth. This definition of ''bandwidth'' is in contrast to the field of signal p ...

, ZMap can scan the entire IPv4 address space in 44 minutes on a single

port A port is a maritime facility comprising one or more wharves or loading areas, where ships load and discharge cargo and passengers. Although usually situated on a sea coast or estuary, ports can also be found far inland, such as H ...

. With a ten gigabit connection, ZMap scan can complete a scan in under five minutes.

Operation

ZMap iterates on techniques utilized by its predecessor,

, by altering the scanning method in a few key areas. Nmap sends out individual signals to each IP address and waits for a reply. As replies return, Nmap compiles them into a database to keep track of responses, a process that slows down the scanning process. In contrast, ZMap uses

cyclic Cycle, cycles, or cyclic may refer to: Anthropology and social sciences * Cyclic history, a theory of history * Cyclical theory, a theory of American political history associated with Arthur Schlesinger, Sr. * Social cycle, various cycles in s ...

multiplicative group In mathematics and group theory, the term multiplicative group refers to one of the following concepts: *the group under multiplication of the invertible elements of a field, ring, or other structure for which one of its operations is referre ...

s, which allows ZMap to scan the same space roughly 1,300 times faster than Nmap. The ZMap software takes every number from 1 to 2³²-1 and creates an iterative formula that ensures that each of the possible 32-bit numbers is visited once in a

pseudorandom A pseudorandom sequence of numbers is one that appears to be statistically random, despite having been produced by a completely deterministic and repeatable process. Background The generation of random numbers has many uses, such as for rand ...

order. Building the initial list of numbers for every

IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...

takes upfront time, but it is a fraction of what is required to aggregate a list of every sent and received probe. This process ensures that once ZMap starts sending probes out to different IPs, an accidental

denial of service In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connec ...

could not occur because an abundance of transmissions would not converge on one

subnet A subnetwork or subnet is a logical subdivision of an IP network. Updated by RFC 6918. The practice of dividing a network into two or more networks is called subnetting. Computers that belong to the same subnet are addressed with an identical ...

at the same time. ZMap also speeds up the scanning process by sending a probe to every IP address only once by default, whereas Nmap resends a probe when it detects a connection delay or fails to get a reply. This results in about 2% of IP addresses being missed during a typical scan, but when processing billions of IP address, or potential IoT devices being targeted by

cyberattack A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricte ...

ers, 2% is an acceptable tolerance.

Usage

ZMap can be used for both vulnerability detection and

exploitation Exploitation may refer to: *Exploitation of natural resources *Exploitation of labour ** Forced labour *Exploitation colonialism *Slavery ** Sexual slavery and other forms *Oppression *Psychological manipulation In arts and entertainment *Exploi ...

. The application has been used for port 443 scans to estimate

power outage A power outage (also called a powercut, a power out, a power failure, a power blackout, a power loss, or a blackout) is the loss of the electrical power network supply to an end user. There are many causes of power failures in an electricity ...

s during

Hurricane Sandy Hurricane Sandy (unofficially referred to as ''Superstorm Sandy'') was an extremely destructive and strong Atlantic hurricane, as well as the largest Atlantic hurricane on record as measured by diameter, with tropical-storm-force winds spann ...

in 2013. One of the developers of ZMap, Zakir Durumeric, used his software to determine a computer's online state,

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also i ...

, and

services Service may refer to: Activities * Administrative service, a required part of the workload of university faculty * Civil service, the body of employees of a government * Community service, volunteer service for the benefit of a community or a p ...

. ZMap has also been used to detect vulnerabilities in

universal plug and play Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the n ...

devices and search for weak public keys in

HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...

website logs.

References

{{reflist

External links

Official website
Cross-platform free software Free network management software Linux security software Network analyzers Port scanners Security testing tools Unix network-related software C (programming language) software

Operation

Usage

See also

References

External links