# Masscan

### Installing Masscan

Masscan can be installed on various operating systems, including Windows, Linux, and macOS. Here are the steps to install Masscan on different platforms:

### Linux

Masscan can be easily installed on a Linux machine using the package manager. For example, if you are using a Debian-based distribution, such as Ubuntu or Mint, you can use the following command:

```bash
sudo apt-get install masscan
```

If you are using a Red Hat-based distribution, such as Fedora or CentOS, you can use the following command:

```bash
sudo yum install masscan
```

### Windows

To install Masscan on Windows, you need to first install the WinPcap library, which provides low-level network access required by Masscan. You can download the WinPcap library from the official website at <https://www.winpcap.org/>.

Once you have installed WinPcap, you can download Masscan from the official GitHub repository at <https://github.com/robertdavidgraham/masscan>. Extract the contents of the downloaded archive, and then open a command prompt or terminal window in the Masscan directory.

To compile Masscan on Windows, you can use the following command:

```powershell
make -j
```

### macOS

To install Masscan on macOS, you need to first install the Xcode Command Line Tools, which provides the necessary development tools for compiling Masscan. You can install the Xcode Command Line Tools by running the following command:

```bash
xcode-select --install
```

Once you have installed the Xcode Command Line Tools, you can download Masscan from the official GitHub repository at <https://github.com/robertdavidgraham/masscan>. Extract the contents of the downloaded archive, and then open a terminal window in the Masscan directory.

To compile Masscan on macOS, you can use the following command:

```bash
make -j
```

### Using Masscan for Fast Port Scanning on Subdomains

Masscan is a fast port scanner that can be used to enumerate ports on all subdomains of a domain. To use masscan for this task, you would need to first obtain a list of all subdomains for the domain in question. This can typically be done using a tool like Subfinder or a simple bash script.

Once you have a list of subdomains, you can use masscan to scan each subdomain for open ports. Here's an example command that you could use:

```bash
masscan -p1-65535 -iL subdomains.txt -oG subdomain_scan_results.txt
```

In this command, `-p1-65535` specifies the range of ports to scan (in this case, all 65535 possible ports), `-iL subdomains.txt` specifies the input file containing the list of subdomains to scan, and `-oG subdomain_scan_results.txt` specifies the output format and the file to store the results in.

Once the scan is complete, you can review the results in the `subdomain_scan_results.txt` file to see which ports are open on each subdomain.

### Combining Masscan with Nmap

By combining Masscan and Nmap, you can quickly identify open ports on a target and then use Nmap to gather more detailed information about the services running on those ports.

Here's an example of how you can use Masscan to scan a target and pipe the results directly to Nmap:

```bash
masscan -p1-65535 [target] | awk '{print $6}' | sort -u | xargs -I{} nmap -p{} [target]
```

In this command, `masscan -p1-65535 [target]` scans the target for open ports, and the output is piped to `awk '{print $6}'`. The `awk` command filters the Masscan output to extract only the open ports, which are then sorted and passed as arguments to Nmap using `sort -u | xargs -I{} nmap -p{} [target]`.

The `nmap` command then scans the target for the specific open ports, providing detailed information about the services running on those ports. The results of the Nmap scan will be displayed on the terminal.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://bugbounty-for-starters.humbertojunior.com.br/reconnaissance-phase/fingerprint/masscan.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.