Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

aeondave/masscan

Name: masscan
Author: aeondave

offensive-tools/network/masscan/SKILL.md

npx skillsauth add aeondave/malskill masscan

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Masscan

Ultra-fast TCP SYN scanner for large-scale port discovery.

Quick Start

masscan 10.0.0.0/16 -p445 --rate=10000 -oG out.gnmap
masscan 10.0.0.0/8 -p0-1023 --rate=50000 -oX out.xml
masscan -iL targets.txt -p80,443,8080,445 --rate=10000

Core Flags

| Flag | Purpose | |------|---------| | -p <ports> | Port list / range (e.g. 0-65535, 80,443) | | --rate <n> | Packets per second (start low) | | -oG / -oX / -oJ | Output: grepable / XML / JSON | | -iL <file> | Read targets from file | | --banners | Grab service banners | | --excludefile | Exclude IPs from scan | | --adapter-ip | Source IP | | --router-mac | Default gateway MAC |

Common Workflows

Feed results into nmap

# Discover open ports fast
masscan 10.0.0.0/24 -p1-65535 --rate=5000 -oG masscan.out

# Extract unique ports
grep "open" masscan.out | awk '{print $4}' | cut -d/ -f1 | sort -u | paste -sd, > ports.txt

# Extract unique hosts
grep "open" masscan.out | awk '{print $6}' | sort -u > hosts.txt

# Deep scan on discovered ports/hosts
nmap -sV -sC -O -p$(cat ports.txt) -iL hosts.txt -oA nmap_deep

Banner grabbing

masscan 10.0.0.0/24 -p22,80,443,445,8080 --banners --rate=1000 -oJ results.json

Config file (repeat scans)

# masscan.conf
rate = 10000
ports = 0-65535
output-format = json
output-filename = results.json
excludefile = /etc/masscan/exclude.conf

masscan 10.0.0.0/8 -c masscan.conf

Resume interrupted scan

masscan 10.0.0.0/8 -p- --rate=50000 --resume paused.conf

Rate Tuning

| Environment | Safe Rate | |-------------|-----------| | Internal lab | 10,000–100,000 | | Corporate network | 1,000–5,000 | | Internet | 10,000–1,000,000 | | Stealth | 100–500 |

Start at --rate=1000 and increase; watch for packet loss
Set --adapter-ip if multiple interfaces exist
Use --router-mac if default gateway detection fails

Resources

| File | When to load | |------|--------------| | references/tuning.md | Config file options, adapter settings, exclude lists |

aeondave/masscan

offensive-tools/network/masscan/SKILL.md

Auth/lab ref: ultra-fast async TCP SYN port scanner capable of scanning the entire IPv4 internet in minutes.

4 stars

tools

Updated Jun 8, 2026

$ install --global

skillsauth

npx skillsauth add aeondave/malskill masscan

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Jun 8, 2026, 3:53 AM129.3s2 files scanned

SKILL.md

name:: masscan
description:: Auth/lab ref: ultra-fast async TCP SYN port scanner capable of scanning the entire IPv4 internet in minutes.
license:: MIT
compatibility:: Linux / macOS / Windows (WSL); Build from source or package manager.
author:: AeonDave
version:: 1.1

Masscan

Ultra-fast TCP SYN scanner for large-scale port discovery.

Quick Start

masscan 10.0.0.0/16 -p445 --rate=10000 -oG out.gnmap
masscan 10.0.0.0/8 -p0-1023 --rate=50000 -oX out.xml
masscan -iL targets.txt -p80,443,8080,445 --rate=10000

Core Flags

Common Workflows

Feed results into nmap

# Discover open ports fast
masscan 10.0.0.0/24 -p1-65535 --rate=5000 -oG masscan.out

# Extract unique ports
grep "open" masscan.out | awk '{print $4}' | cut -d/ -f1 | sort -u | paste -sd, > ports.txt

# Extract unique hosts
grep "open" masscan.out | awk '{print $6}' | sort -u > hosts.txt

# Deep scan on discovered ports/hosts
nmap -sV -sC -O -p$(cat ports.txt) -iL hosts.txt -oA nmap_deep

Banner grabbing

masscan 10.0.0.0/24 -p22,80,443,445,8080 --banners --rate=1000 -oJ results.json

Config file (repeat scans)

# masscan.conf
rate = 10000
ports = 0-65535
output-format = json
output-filename = results.json
excludefile = /etc/masscan/exclude.conf

masscan 10.0.0.0/8 -c masscan.conf

Resume interrupted scan

masscan 10.0.0.0/8 -p- --rate=50000 --resume paused.conf

Rate Tuning

| Environment | Safe Rate | |-------------|-----------| | Internal lab | 10,000–100,000 | | Corporate network | 1,000–5,000 | | Internet | 10,000–1,000,000 | | Stealth | 100–500 |

Start at --rate=1000 and increase; watch for packet loss
Set --adapter-ip if multiple interfaces exist
Use --router-mac if default gateway detection fails

Resources

| File | When to load | |------|--------------| | references/tuning.md | Config file options, adapter settings, exclude lists |

Related Skills

aeondave/vibe-audit-technique

development

VerifiedTrustedCommunity

White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).

4SKILL.mdUpdated Jun 12, 2026

aeondave/vibe-audit-technique

aeondave/source-review-technique

development

VerifiedTrustedCommunity

Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.

4SKILL.mdUpdated Jun 12, 2026

aeondave/source-review-technique

aeondave/hardware-technique

development

VerifiedTrustedCommunity

Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.

4SKILL.mdUpdated Jun 12, 2026

aeondave/hardware-technique

aeondave/container-technique

devops

VerifiedTrustedCommunity

Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.

4SKILL.mdUpdated Jun 12, 2026

aeondave/container-technique

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/aeondave/malskill.git

# Copy into Claude Code skills folder (global)
cp -r malskill/offensive-tools/network/masscan ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

aeondave/malskill

4 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT