Let’s dive into the intriguing world of port scanners—where the digital equivalent of checking if the doors and windows are locked meets a touch of whimsy. Imagine if you will, a trio of characters in the grand digital saga: Nmap, Masscan, and Unicornscan. Each with their own quirks, talents, and party tricks, they embark on the quest to discover the open ports of the digital realm.

Nmap: The Seasoned Wizard

First, we have Nmap, the seasoned wizard of the group. With its long beard and wise eyes, Nmap is the Gandalf of port scanning. It’s been around since the dawn of time (well, since 1997, which in tech years is pretty much the same thing). Nmap is versatile, powerful, and can tell you what’s behind door number one through one thousand with a flick of its staff. Need to know what services are running on your network or what operating system a remote host is using? Nmap’s got your back. But be warned, with great power comes great… verbosity. Nmap will give you all the information you need and then some. It’s the scanner that keeps on giving, whether you asked for it or not.

1. nmap 192.168.1.1 – Basic network scan of a single IP.
2. nmap 192.168.1.0/24 – Scan an entire subnet.
3. nmap -p 22,80,443 192.168.1.1 – Scan specific ports on a target.
4. nmap -sV 192.168.1.1 – Detect service versions on open ports.
5. nmap -O 192.168.1.1 – Enable OS detection.
6. nmap -A 192.168.1.1 – Aggressive scan (OS, version detection, script scanning, and traceroute).
7. nmap -sS 192.168.1.1 – Perform a SYN stealth scan. (by default does the same)
8. nmap -sU 192.168.1.1 – Scan UDP ports.
9. nmap -F 192.168.1.1 – Fast scan (limited to 100 most common ports).
10. nmap --script vuln 192.168.1.1 – Check for vulnerabilities on the target.

Masscan: The Speedy Rogue

Next up, we have Masscan, the rogue of the party. Masscan wears a cloak of invisibility (not really, but it’s super fast), darting from port to port at breakneck speeds. It claims to be the fastest Internet port scanner in the land, and it’s not wrong. Masscan can scan the entire Internet in under 6 minutes if unleashed at full throttle, albeit with the right conditions and enough bandwidth. It’s like the Flash, if the Flash was really into network security. However, with great speed comes a sacrifice in detail. Masscan is all about the quick hit; it’ll tell you what’s open but doesn’t hang around to chat about it.

1. masscan 192.168.1.0/24 -p0-65535 – Scan all ports across a subnet.
2. masscan -p80,443 10.0.0.0/8 --rate=10000 – Scan large networks for specific ports at high speed.
3. masscan --rate=100000 --wait 0 -p0-65535 192.168.1.1 – Ultra-fast scan of all ports on a single IP.
4. masscan -pU:53,111,137,T:21-25,80,443 192.168.1.0/24 – Scan both UDP and TCP ports.
5. masscan -p80 0.0.0.0/0 --excludefile blacklist.txt – Scan the internet for port 80, excluding IPs listed in a file.
6. masscan --banners -p80 192.168.1.0/24 – Capture banners on port 80.
7. masscan -p22 192.168.1.0/24 --rate=500 --echo > scan.conf – Generate a configuration file for later use.
8. masscan --top-ports 100 192.168.1.0/24 – Scan the top 100 ports.
9. masscan -p445 --heartbleed 192.168.1.0/24 – Check for Heartbleed vulnerability.
10. masscan --adapter-ip 192.168.1.2 --adapter-port 60000 – Specify source IP and port.

Unicornscan: The Mysterious Sorcerer

Finally, we encounter Unicornscan, the mysterious sorcerer with a penchant for the arcane. Unicornscan seeks to bring an elegant, comprehensive, and high-speed approach to the world of port scanning, blending the lines between scanning and sorcery. It excels in asynchronous stateless TCP scanning, UDP scanning, and can even handle the complexities of banner grabbing and OS fingerprinting with a mystical flair. Unicornscan is like that enigmatic character in every fantasy novel that knows more than they let on, providing insights in riddles and speaking in the language of packets and protocols.

1. unicornscan 192.168.1.1:a – Scan all ports on a target.
2. unicornscan -I 192.168.1.0/24 – Perform a ping scan on a subnet.
3. unicornscan -msf 192.168.1.1 – TCP SYN scan on all ports.
4. unicornscan -mU 192.168.1.1 – UDP scan on all ports.
5. unicornscan -p 80,443 192.168.1.1 – Scan specific TCP ports.
6. unicornscan -i 192.168.1.1:80 – Send TCP packets to port 80.
7. unicornscan -E 192.168.1.1 – Perform aggressive mode scanning.
8. unicornscan -l results.txt 192.168.1.1 – Log results to a file.
9. unicornscan -Dv 192.168.1.1 – Enable verbose mode with debugging.
10. unicornscan -B 256 192.168.1.1 – Adjust scan bandwidth throttle.

The Convergence

So, when our three heroes converge at the round table of network security, how do they compare? Nmap, with its detailed insights and versatile toolkit, is the go-to for the detailed recon of one’s domain. It’s the wise advisor you turn to when you need to know exactly what’s lurking in the shadows.

Masscan, on the other hand, is your scout, racing ahead to map the vast expanses of the network kingdom at unparalleled speeds. It’s the one you send out when time is of the essence and you need a quick lay of the land.

And Unicornscan? It’s the wildcard, blending speed with a touch of thoroughness, capable of revealing the unseen with a flair for the dramatic. It’s the tool for those who walk the line between the need for speed and the desire for depth.

Together, they form the ultimate fellowship of port scanning, each with its own role and specialty. Whether you’re a network wizard, a speed demon, or a seeker of mysteries, there’s a scanner in this trio for you. Just remember, with great scanning power comes great responsibility. Use these tools wisely, young padawan, and may the ports be ever in your favor.