π A fast network scanning tool to detect open ports and security vulnerabilities
MassVulScan is a high-performance network scanning tool for pentesters (HackTheBox / HTB / Kali compatible) and system/network administrators looking to identify open ports and potential vulnerabilities on their internal/external networks. Built on powerful tools like masscan and nmap, it combines speed and accuracy to scan large-scale networks efficiently.
- Fast Port Scanning: Built on
masscanfor quick open-port detection. - Vulnerability Detection: Uses
nmapscripts for detailed service analysis. - Optimized Scans: Intelligent subnet filtering to avoid duplicates.
- Modern and Interactive: Enhanced aesthetics and interactivity with Gum.
- Optimized Installation: Only installing missing packages.
- Platform Compatibility: Runs on Linux, Debian OS family only.
- Power of Bash: Simplicity meets performance
2.0.1 (2025-04-11)
Correction de bugs/Fixed bugs:
- Nmap 7.95 compilation issue resolved (e.g., Debian 12, Issue #4)
- Code review and cleanup
- Path issue resolved for certain generated reports (-h command with a host containing special characters)
- Missing packages and revision of their installation order
2.0.0 (2025-04-09)
AmΓ©liorations ou changements/Implemented enhancements or changes:
- Significant rewrite of Bash scripts
- Optimized installation: only installing missing packages and performs a prerequisites check only on the first run (speed gain)
- Improved version comparison for certain packages
- MassVulScan evolves: more modern, interactive, and visually appealing with Gum (interactive mode)
- Tool updates: compatibility with the latest versions of Nmap (7.95) and Masscan (1.3.2)
- Adding a new option "-d | --dns" to choose the (private or public) DNS server (default: 1.1.1.1)
- Adding a new option for NSE scripts to choose --script-args (e.g.,
--script-args mincvss=5(interactive mode) - Some packages have been replaced to improve compatibility depending on the OS used
Correction de bugs/Fixed bugs:
- Fixing minor bugs
Refer to the requirements.txt file for the exact list of necessary packages.
# Clone the repository
git clone https://github.com/choupit0/MassVulScan.git
# Go to the project directory
cd MassVulScan
# Run the main script (root or sudo)
./MassVulScan.shOn the first launch (only), the script will check that all prerequisites are installed and at the correct version (masscan and nmap). Otherwise, it will offer to install only what is missing.
# Install ALL the dependencies (root or sudo) ~5 minutes
./sources/installation.shIf you run the second script directly, it will offer to install ALL prerequisites for you without exception and without checking whether they are already present or not.
| Parameter | Description |
|---|---|
-auto-installation |
Install ALL prerequisites without exception and version checking, and without approval |
./sources/installation.sh -auto-installationMassVulScan follows a streamlined process to identify active hosts, open ports, and potential vulnerabilities across your network:
| Step | Description |
|---|---|
| 1 | Quick Host Discovery: Uses nmap to efficiently identify online hosts. |
| 2 | Rapid Port Scanning: Performs an ultra-fast scan with masscan to detect open TCP/UDP ports per host. |
| 3 | Data Organization: Compiles and sorts detected ports and protocols by host. Data can be saved for later analysis. |
| 4 | Service and Vulnerability Detection: Runs multiple parallel sessions (nmap + vulners.nse by default) to detect services and vulnerabilities, one session per host. |
| 5.1 | HTML Report: Contains detailed information on each host, including vulnerabilities, with a clean and accessible layout. |
| 5.2 | TXT Report: Focuses on potentially vulnerable hosts for quick reference (if vulnerabilities are discovered). |
The HTML report uses a Bootstrap stylesheet (nmap-bootstrap-xsl) for enhanced readability and a user-friendly format.
targets.txt containing a list of networks, IPs and/or hostnames to scan.
./MassVulScan.sh -f targets.txtexclude.txt containing including IPv4 addresses (CIDR format compatible) to NOT scan (Ex. ISP routers, gateways, etc...).
./MassVulScan.sh -f targets.txt -x exclude.txt./MassVulScan.sh -h 172.18.0.0/24./MassVulScan.sh -h 172.18.0.10-172.18.0.100
./MassVulScan.sh -h 172.18.50,172.18.32.16
./MassVulScan.sh -h 192.168.1.0/24 -i -c
./MassVulScan.sh -H| Commands | Description |
|---|---|
-h |
Target host(s), IPs compatible with CIDR format, a comma-separated list, or a range |
-f |
File with IPs and/or hostnames to scan, one by line (CIDR format compatible) |
| Option | Description |
|---|---|
-x |
Exclude these IPs (CIDR format compatible), one by line (e.g. gateways from your providers) |
-i |
Interactive mode: ports to scan, rate level and NSE script to use (e.g. vulners --script-args mincvss=5) |
-a |
Scan all ports (TCP + UDP) at 1.5K pkts/sec with NSE vulners script |
-c |
Perform a pre-scanning to identify online hosts and scan only them |
-r |
Generate a TXT file including IPs scanned with open ports and protocols |
-n |
Quick mode without full Nmap scan to detect the hosts with open ports (no HTML report) |
-d |
DNS server to use (useful with the -f command and hostnames, current: 1.1.1.1) |
-H |
Show help |
-V |
Show MassVulScan version |
By default the script will scan only the first 1000 TCP/UDP ports among the most common ports. You can find the list here: /usr/local/share/nmap/nmap-services. Similarly, the rate or number of packets per second is set to 1500 by default.
Note that the script will detect if you have multiple network interfaces. This is important for Masscan, which will always used the interface that has the default route. You will be asked to choose one (no problem with Nmap).
The script is also compatible with Nmap's categories (https://nmap.org/book/nse-usage.html#nse-categories) to search for specific vulnerabilities (the better known as ms17-010, EternalBlue) in addition to the CVEs identified from vulners.com.
No known issues.
Make the script full compatible with IPv6 (work in progress).
Identify why Nmap is slower when run via the script compared to directly from the CLI.
Manage better multiple IP addresses on one network interface.
Improve process of installation (install what is strictly necessary, comparison of versions).
Improve the interactive part for parameter selections.
Allow scanning a host without using an input file (command-line argument).
Improve the parsing of hosts file to detect duplicate networks, Ex: 10.10.18.0/24 and 10.10.18.0/28, and avoid duplicate scan.