--Top-ports options doesn't work as expected.

[XCtzn]

Hi,

The --top-ports options doesn't seems to accept anything higher than 1000. Is it expected ? when i do the same with nmap i can choose a higher value.

e.g with 200 :

Thanks in advance for your help. Regards,

[mzpqnxow]

Is this a build from git or a distribution package?

[ScatteredThoughts]

@mzpqnxow I'm seeing the same behavior, and I built it from git.

[mzpqnxow]

After going through both nmap and masscan recently for an unrelated reason, I can confirm masscan has only a hard-coded list of 1000 ports

nmap has > 8k (maybe 15k?) as a data file with a bunch of additional metadata for each service. This includes "frequency" data (though if I remember correctly, 1/3 of them have a frequency of 0.0)

I'm on mobile but you can see the ports data that nmap uses in the nmap-services file in /usr/share/nmap/ (or here)

The immediate answer to your question- the behavior of masscan to not allow a value > 1000 is expected

My recommendation (if you want more than 1000 "top" ports) is to write a script to explicitly generate a list of N ports based on the nmap-services file (if you trust their "frequency" value) and then send the output to a one-line masscan .conf file

Because you can specify -c multiple times, you can easily add it to any invocation (just add -c ports.conf)

The nmap-services file is a bit clunky to parse but with some extra kwargs, pandas.read_csv() can load it, which makes it easy to work with (sorting, grouping, filtering, etc)

On this subject- I seem to remember there being at least a handful of ports in the masscan top 1000 that are not in the nmap top 1000 (and vice-versa) which may be of interest to you. I don't know when either of these lists was last reviewed