Scanning the Internet used to be a task that took months, but a new tool created by a team of researchers from the University of Michigan can scan all (or most) of the allocated IPv4 addresses in less than 45 minutes by using a typical desktop computer with a gigabit Ethernet connection.
The name of the tool is Zmap, and its uses can be many.
“ZMap can be used to study protocol adoption over time, monitor service availability, and help us better understand large systems distributed across the Internet,” the researchers say, and they have used it to see how fast organizations / websites are implementing HTTPS, how Hurricane Sandy disrupted Internet use in the affected areas, how widespread are certain security bugs, and when is the best time to perform scans like these.
Among the things that they discovered are that in the last year the use of HTTPS increased by nearly 20 percent (nearly 23 percent when it comes to the top 1 million websites), and that the Universal Plug and Play vulnerability discovered earlier this year was still found on 16.7 percent of all detected UPnP devices after a few weeks passed from the revelation.
The scanner can also be used to enumerate vulnerable hosts (and hopefully notify its administrators of the fact so that they can remedy the situation), to uncover hidden services, detect service disruptions and even study criminal behavior, the researchers pointed out.
On the other hand, it can also be used for “evil” – attackers can also wield it to detect vulnerable hosts in order to compromise them.
“While ZMap is a powerful tool for researchers, please keep in mind that by running ZMap, you are potentially scanning the ENTIRE IPv4 address space and some users may not appreciate your scanning. We encourage ZMap users to respect requests to stop scanning and to exclude these networks from ongoing scanning,” the researchers noted and added that coordinating with local network administrators before initiating such a scan is also a good idea.
“It should go without saying that researchers should refrain from exploiting vulnerabilities or accessing protected resources, and should comply with any special legal requirements in their jurisdictions,” they stressed.