ZMap: Fast Internet-wide Scanning and its Security Applications

ZMap is an open-source network scanner specifically architected for performing Internet-wide scans. By bypassing the OS network stack and using a stateless, probe-driven design, ZMap can scan the entire public IPv4 address space on a single port in under 45 minutes from a commodity machine, more than 1300 times faster than nmap. The paper describes the system design, validates its accuracy and coverage against existing tools, and demonstrates its utility through several security applications: tracking HTTPS deployment, monitoring service outages following large-scale events, identifying vulnerable hosts, and uncovering cryptographic key reuse at scale. ZMap underpins the bulk of subsequent Internet-wide measurement work, including most of the censorship-measurement platforms in this corpus.