0

1)How would you check to see if a list of ~10000 IPs if they have port 80 open?

2)How would you go about the same scenario but with a port range?

3)How would you check a list of 10000 IPs to see which of their ports is open?

gWaldo
  • 11,957
  • 8
  • 42
  • 69
Mona Jalal
  • 433
  • 2
  • 5
  • 13
  • 1
    Obligatory: port-scanning someone else's network without permission is a Terms violation for basically every ISP and hosting provider in existence. If you are in the US, you should consult a lawyer before doing anything like this for networks you don't control. – coderanger May 23 '16 at 07:59

2 Answers2

1

nmap is the starting place for this endeavor.

nmap tends to get slow for me when I start getting beyond a threshold of targets (ports x ips), so staying within your own shell, you could break into ranges and fork those off to processes, and have each redirect their output to a file, database, etc.

For the truely huge dataset, you might consider something along the lines of an AWS Lambda function, botnet, etc

gWaldo
  • 11,957
  • 8
  • 42
  • 69
1

Nmap:

nmap -pN -p80 -T4 --randomize-hosts -oA myscan 192.168.0.0/16

explained: don't ping nor tcp ping since you are going to syn to port 80 anyway, fast timing, randomize hosts, output to nmap grep and xml formats for later manipulation.

masscan:

masscan -p80 -oG myscan.gnmap 192.168.0.0/16

explained: same as above, greppable output. Faster but less accurate.

blau
  • 738
  • 4
  • 9