Download ZMap and scan the entire internet in less than 45 minutes

Image Enlarge
L-R: Wustrow, Halderman, and Durumeric

Three U-M computer science researchers have released ZMap, a new open-source tool that can perform a scan of the entire public IPv4 address space on the Internet in less than 45 minutes. For researchers probing the entire public address space, existing tools have required painstaking and time-consuming configuration, as well as either months of data collection or the use of large clusters of computers. ZMap changes that by running on a single computer and producing results over 1000 times faster.

The researchers, CSE PhD candidates Zakir DurumericEric Wustrow, and Prof. J. Alex Halderman, have hopes that ZMap’s nimble and efficient operation will spark a new era of network-based inquiry, enabling a multitude of studies where previously just a few carefully-crafted investigations could be made. Only a handful of Internet-wide scans have been reported in the research literature, but the ZMap team performed more than 200 scans themselves over the course of the last year while developing and experimenting with their new tool. Now, ZMap users will literally be able to formulate and answer strategic questions on Internet-based data during a typical one-hour meeting.

The researchers presented details regarding ZMap in their paper, “ZMap: Fast Internet-Wide Scanning and its Security Applications,” and released the ZMap application at the 22nd USENIX Security Symposium, which took place in Washington DC from August 14-16, 2013.

In the paper, the authors present the ZMap scanner architecture, experimentally characterize its performance and accuracy, and explore the security implications of high speed Internet-scale network surveys, both offensive and defensive. They also discuss best practices for good Internet citizenship when performing Internet-wide surveys, informed by our own experiences conducting a long-term research survey over the past year.

The range of potential applications for ZMap given by the researchers includes visibility into distributed systems, tracking of protocol adoption, the ability to enumerate hosts that suffer from a specific vulnerability, discovering unadvertised services, monitoring service availability, and new forms of privacy, anonymous communications, and the monitoring of such. Specific examples include the tracing the global adoption of the HTTPS protocol or identifying HTTPS outages after a natural disaster.

ZMap is available for download from the ZMap web page, along with the research paper, presentation slides, and a Getting Started guide to use of the software.

Prof. Halderman is a noted security expert whose research spans applied computer security and tech-centric public policy. In addition to electronic voting, his research projects have dealt with software security, data privacy, anticensorship, digital rights management, and cybercrime.

Early news coverage of ZMap:

The Washington Post: Here’s what you find when you scan the entire Internet in an hour

The Register: New tool lets single server map entire internet in 45 minutes

Threatpost: Scanning the Internet in 45 Minutes

The Verge: Take a snapshot of the entire internet in just 44 minutes with ZMap scanner

Engineering Education Research; J. Alex Halderman; Research News