macOS
brew install zmaplocal Homebrew formula metadata
sudo port install zmapMacPorts ports tree · net/zmap/Portfile · source: api.github.com
brew
Network scanner for Internet-wide network studies. Version 4.4.0 via Homebrew; verified 2026-05-29.
install
brew install zmaplocal Homebrew formula metadata
sudo port install zmapMacPorts ports tree · net/zmap/Portfile · source: api.github.com
sudo apk add zmapAlpine Linux edge package indexes · zmap · source: dl-cdn.alpinelinux.org
sudo apt install zmapDebian stable package indexes · zmap · source: deb.debian.org
sudo dnf install zmapFedora Rawhide package metadata · zmap · source: dl.fedoraproject.org
nix profile install nixpkgs#zmapnixpkgs package indexes · pkgs/by-name/zm/zmap/package.nix · source: api.github.com
sudo pacman -S zmapArch Linux sync databases · zmap · source: geo.mirror.pkgbuild.com
overview
Network scanner for Internet-wide network studies
history
ZMap is a fast single-packet Internet scanner created for large-scale network measurement. Its signature achievement was making a single-port scan of the public IPv4 address space feasible from one machine in under 45 minutes, then pushing the technique into both academic measurement and commercial attack-surface monitoring.
The zmap/zmap repository was created in January 2013, and the project debuted publicly with the 2013 USENIX Security paper by Zakir Durumeric, Eric Wustrow, and J. Alex Halderman at the University of Michigan. The paper introduced ZMap as a modular open-source scanner designed for Internet-wide surveys, not host-by-host penetration testing.
The ZMap Project site describes the broader project as starting in 2013 with ZMap, followed a year later by ZGrab for application-layer scanning. That suite expanded into a family of measurement tools and libraries for hosts, services, DNS, TLS, and Web PKI research.
In 2014, the Zippier ZMap work described optimizations for 10 Gbps scanning, including parallelized address generation, improved blacklisting, and zero-copy packet I/O. The later Ten Years of ZMap paper documents how ZMap's packet construction, address generation, and operational behavior changed as maintainers learned from real Internet scanning.
ZMap's adoption is unusually well documented. The 2024 Ten Years of ZMap paper says that since the 2013 release, networking and security researchers used the scanner in hundreds of research papers and that security companies built products on top of it for attack-surface and dependency monitoring.
The same work notes a darker adoption path: ZMap's speed made it useful to attackers as well as defenders. That dual-use reality shaped the project's attention to blocklists, scan etiquette, packet behavior, and the broader ethics of Internet-wide measurement.
ZMap is used when the question is about a service across the Internet rather than all services on one host. A user selects a probe module and target port, supplies allow/block-list policy and rate limits, then pipes responsive hosts to downstream tooling such as ZGrab for protocol handshakes or to custom analysis pipelines.
Operationally, good use means rate-limiting, honoring exclusion lists, using clear source identification, and treating scan results as sensitive measurement data. ZMap is powerful enough that responsible configuration is part of the tool's practical meaning.
ZMap is one of the canonical research-to-package success stories in security tooling. It compressed a job that once required weeks or many machines into a Unix-installable scanner, which changed the ergonomics of Internet measurement.
For package nerds, it also anchors a recognizable ecosystem: zmap for fast probes, zgrab for application-layer collection, zdns for DNS measurement, zcrypto for protocol parsing, and zlint for Web PKI linting.
security posture
broad file, network, media, or database tool signal.
blue risk · medium confidence · tool
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
/etc/zmap/zmap.conf/etc/zmap/blacklist.confexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
zblocklist | cli | global executable | |
ziterate | cli | global executable | |
zmap | cli | global executable | |
ztee | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
install metadata
| Package key | brew:zmap |
|---|---|
| Version | 4.4.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/zmap |
| Homepage | https://zmap.io |
| Repository | https://github.com/zmap/zmap |
| Upstream docs | https://github.com/zmap/zmap/wiki |
| License | Apache-2.0 |
| Source archive | https://github.com/zmap/zmap/archive/refs/tags/v4.4.0.tar.gz |
| Last updated | 2026-05-29T09:12:11Z |
| Pulse | updated |
| Dependencies | gmp, json-c, judy, libdnet, libunistring |
| Build dependencies | byacc, cmake, gengetopt, pkgconf |
| Uses from macOS | libpcap |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | zmap |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
zmap 2.1.1-2.1+b1
network scanner for researchers
sudo apt install zmapzmap
nix profile install nixpkgs#zmapzmap 2.1.1-2.1build2
network scanner for researchers
sudo apt install zmapzmap 4.3.4-r0
High performance internet scanner
sudo apk add zmapzmap-doc 4.3.4-r0
High performance internet scanner (documentation)
sudo apk add zmap-doczmap 4.4.0-1.fc45
Network scanner for Internet-wide network studies
sudo dnf install zmapzmap 4.4.0-1
Fast network scanner designed for Internet-wide network surveys
sudo pacman -S zmapzmap
sudo port install zmapsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.