ZMap is a

free and open-source Free and open-source software (FOSS) is a term used to refer to groups of software consisting of both free software and open-source software where anyone is freely licensed to use, copy, study, and change the software in any way, and the source ...

security scanner that was developed as a faster alternative to

Nmap Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym ''Fyodor Vaskovich''). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap prov ...

. ZMap was designed for

information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthori ...

research and can be used for both

white hat White hat, white hats, or white-hat may refer to: Art, entertainment, and media * White hat, a way of thinking in Edward de Bono's book ''Six Thinking Hats'' * White hat, part of black and white hat symbolism in film Other uses * White hat (compu ...

and

black hat Black hat, blackhats, or black-hat refers to: Arts, entertainment, and media * Black hat (computer security), a hacker who violates computer security for little reason beyond maliciousness or for personal gain * Black hat, part of black and whi ...

purposes. The tool is able to discover

vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

and their impact, and detect affected IoT devices. Using one

gigabit The bit is the most basic unit of information in computing and digital communications. The name is a portmanteau of binary digit. The bit represents a logical state with one of two possible values. These values are most commonly represent ...

per second of network bandwidth, ZMap can scan the entire

IPv4 Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version d ...

address space In computing, an address space defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity. For software programs to save and retrieve ...

in 44 minutes on a single

port A port is a maritime facility comprising one or more wharves or loading areas, where ships load and discharge cargo and passengers. Although usually situated on a sea coast or estuary, ports can also be found far inland, such as ...

. With a ten gigabit connection, ZMap scan can complete a scan in under five minutes.

Operation

ZMap iterates on techniques utilized by its predecessor,

, by altering the scanning method in a few key areas. Nmap sends out individual signals to each IP address and waits for a reply. As replies return, Nmap compiles them into a database to keep track of responses, a process that slows down the scanning process. In contrast, ZMap uses

cyclic Cycle, cycles, or cyclic may refer to: Anthropology and social sciences * Cyclic history, a theory of history * Cyclical theory, a theory of American political history associated with Arthur Schlesinger, Sr. * Social cycle, various cycles in so ...

multiplicative group In mathematics and group theory, the term multiplicative group refers to one of the following concepts: *the group under multiplication of the invertible elements of a field, ring, or other structure for which one of its operations is referre ...

s, which allows ZMap to scan the same space roughly 1,300 times faster than Nmap. The ZMap software takes every number from 1 to 2³²-1 and creates an iterative formula that ensures that each of the possible

32-bit In computer architecture, 32-bit computing refers to computer systems with a processor, memory, and other major system components that operate on data in 32- bit units. Compared to smaller bit widths, 32-bit computers can perform large calcula ...

numbers is visited once in a

pseudorandom A pseudorandom sequence of numbers is one that appears to be statistically random, despite having been produced by a completely deterministic and repeatable process. Background The generation of random numbers has many uses, such as for random ...

order. Building the initial list of numbers for every

IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...

takes upfront time, but it is a fraction of what is required to aggregate a list of every sent and received probe. This process ensures that once ZMap starts sending probes out to different IPs, an accidental

denial of service In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conn ...

could not occur because an abundance of transmissions would not converge on one

subnet A subnetwork or subnet is a logical subdivision of an IP network. Updated by RFC 6918. The practice of dividing a network into two or more networks is called subnetting. Computers that belong to the same subnet are addressed with an identical ...

at the same time. ZMap also speeds up the scanning process by sending a probe to every IP address only once by default, whereas Nmap resends a probe when it detects a connection delay or fails to get a reply. This results in about 2% of IP addresses being missed during a typical scan, but when processing billions of IP address, or potential IoT devices being targeted by

cyberattack A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, or personal computer devices. An attacker is a person or process that attempts to access data, functions, or other restricted ...

ers, 2% is an acceptable tolerance.

Usage

ZMap can be used for both vulnerability detection and

exploitation Exploitation may refer to: *Exploitation of natural resources *Exploitation of labour ** Forced labour *Exploitation colonialism *Slavery **Sexual slavery and other forms *Oppression *Psychological manipulation In arts and entertainment * Exploi ...

. The application has been used for

port 443 Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is ...

scans to estimate

power outage A power outage (also called a powercut, a power out, a power failure, a power blackout, a power loss, or a blackout) is the loss of the electrical power network supply to an end user. There are many causes of power failures in an electrici ...

s during

Hurricane Sandy Hurricane Sandy (unofficially referred to as ''Superstorm Sandy'') was an extremely destructive and strong Atlantic hurricane, as well as the largest Atlantic hurricane on record as measured by diameter, with tropical-storm-force winds span ...

in 2013. One of the developers of ZMap, Zakir Durumeric, used his software to determine a computer's online state,

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...

, and

services Service may refer to: Activities * Administrative service, a required part of the workload of university faculty * Civil service, the body of employees of a government * Community service, volunteer service for the benefit of a community or a p ...

. ZMap has also been used to detect vulnerabilities in

universal plug and play Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the ...

devices and search for weak public keys in

HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is e ...

website logs.

References

{{reflist

External links

Official website
Cross-platform free software Free network management software Linux security software Network analyzers Port scanners Security testing tools Unix network-related software C (programming language) software

Operation

Usage

See also

References

External links