ZMap Logo

The ZMap Project

The ZMap Project is a collection of open source tools that enable researchers to perform large-scale studies of the hosts and services that compose the public Internet.


ZMap is a fast single packet network scanner designed for Internet-wide network surveys. On a computer with a gigabit connection, ZMap can scan the entire public IPv4 address space in under 45 minutes. With a 10gigE connection and PF_RING, ZMap can scan the IPv4 address space in 5 minutes.


ZGrab is a stateful application-layer scanner that works with ZMap. ZGrab is written in Go and supports HTTP, HTTPS, SSH, Telnet, FTP, SMTP, POP3, IMAP, Modbus, BACNET, Siemens S7, and Tridium Fox. For example, ZGrab can perform a TLS connection and collect the root HTTP page of all hosts ZMap finds on TCP/443.


ZDNS is a utility for performing fast DNS lookups, such as completing an A lookup for all names in a zone file, or collecting CAA records for a large number of websites. ZDNS contains its own recursive resolver and supports A, AAAA, ANY, AXFR, CAA, CNAME, DMARC, MX, NS, PTR, TXT, SOA, and SPF records.


ZTag processes ZGrab output and annotates raw scan data with additional metadata such as device model and vulnerabilities. It can also be used to transform raw protocol handshakes into more descriptive records like those in Censys.


ZBrowser is a command-line headless web browser built on top of Headless Chrome. It produces JSON reports on the structure websites including the object dependency tree and network requests.


ZCrypto is a TLS and X.509 library designed for researchers. It is based on Golang's TLS implementation, but also supports older, known-weak cipher suites, more lenient X.509 parsing, and TLS handshake transcription.


ZLint is a golang-based X.509 certificate linter that checks for conformity with RFC 5280 and CA/B baseline requirements.


ZIterate is a utility that will produce random permutations of the IPv4 address space. It supports selecting IPs from a set of networks and sharding across multiple servers.


ZBlacklist allows quickly filtering out IP addresses that belong to a set of network blocks. It can be used to remove organizations who have requested exclusion from scans.


ZAnnotate is a golang utility that annotates IPs with additional metadata, such as Maxmind GeoIP2 locations and routing data from a TABLE_DUMPv2 MRT file.


ZSchema is a high-level programming language for describing database schemas. Schemas can be used to validate datasets and be compiled into schemas for other databases.


ZCertificate is a command-line utility that parses X.509 certificates, performs browser validation and ZLint tests, and produces a JSON description of the certificate.


ZTee is a custom version of the Linux utility tee that can efficiently buffer large amounts of scan data between different phases of a scan. It also produces metadata and updates on progress.


mrt2json is a simple utility for dumping MRT files to JSON similar to bgpdump.