Automic VaultAutomic Vault

brew

Install zmap with Homebrew, apk, apt, dnf, MacPorts, Nix, pacman

Network scanner for Internet-wide network studies. Version 4.4.0 via Homebrew; verified 2026-05-29.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install zmap

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install zmap

MacPorts ports tree · net/zmap/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add zmap

Alpine Linux edge package indexes · zmap · source: dl-cdn.alpinelinux.org

Debian aptverified · 92%
sudo apt install zmap

Debian stable package indexes · zmap · source: deb.debian.org

Fedora dnfverified · 92%
sudo dnf install zmap

Fedora Rawhide package metadata · zmap · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#zmap

nixpkgs package indexes · pkgs/by-name/zm/zmap/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S zmap

Arch Linux sync databases · zmap · source: geo.mirror.pkgbuild.com

overview

Package summary

Network scanner for Internet-wide network studies

Commands and aliases

  • zblocklist
  • ziterate
  • zmap
  • ztee

history

Project history and usage

ZMap is a fast single-packet Internet scanner created for large-scale network measurement. Its signature achievement was making a single-port scan of the public IPv4 address space feasible from one machine in under 45 minutes, then pushing the technique into both academic measurement and commercial attack-surface monitoring.

Project history

The zmap/zmap repository was created in January 2013, and the project debuted publicly with the 2013 USENIX Security paper by Zakir Durumeric, Eric Wustrow, and J. Alex Halderman at the University of Michigan. The paper introduced ZMap as a modular open-source scanner designed for Internet-wide surveys, not host-by-host penetration testing.

The ZMap Project site describes the broader project as starting in 2013 with ZMap, followed a year later by ZGrab for application-layer scanning. That suite expanded into a family of measurement tools and libraries for hosts, services, DNS, TLS, and Web PKI research.

In 2014, the Zippier ZMap work described optimizations for 10 Gbps scanning, including parallelized address generation, improved blacklisting, and zero-copy packet I/O. The later Ten Years of ZMap paper documents how ZMap's packet construction, address generation, and operational behavior changed as maintainers learned from real Internet scanning.

Adoption history

ZMap's adoption is unusually well documented. The 2024 Ten Years of ZMap paper says that since the 2013 release, networking and security researchers used the scanner in hundreds of research papers and that security companies built products on top of it for attack-surface and dependency monitoring.

The same work notes a darker adoption path: ZMap's speed made it useful to attackers as well as defenders. That dual-use reality shaped the project's attention to blocklists, scan etiquette, packet behavior, and the broader ethics of Internet-wide measurement.

How it is used

ZMap is used when the question is about a service across the Internet rather than all services on one host. A user selects a probe module and target port, supplies allow/block-list policy and rate limits, then pipes responsive hosts to downstream tooling such as ZGrab for protocol handshakes or to custom analysis pipelines.

Operationally, good use means rate-limiting, honoring exclusion lists, using clear source identification, and treating scan results as sensitive measurement data. ZMap is powerful enough that responsible configuration is part of the tool's practical meaning.

Why package nerds care

ZMap is one of the canonical research-to-package success stories in security tooling. It compressed a job that once required weeks or many machines into a Unix-installable scanner, which changed the ergonomics of Internet measurement.

For package nerds, it also anchors a recognizable ecosystem: zmap for fast probes, zgrab for application-layer collection, zdns for DNS measurement, zcrypto for protocol parsing, and zlint for Web PKI linting.

Timeline

  • 2013-01-23: The zmap/zmap GitHub repository is created.
  • 2013-08: ZMap is presented at USENIX Security 13.
  • 2014-08: Zippier ZMap presents 10 Gbps Internet-wide scanning optimizations.
  • 2014: The ZMap Project releases ZGrab for application-layer scanning.
  • 2024-11: Ten Years of ZMap analyzes a decade of adoption and operational evolution.

Related projects

  • Nmap is the classic host and network scanner that ZMap is often contrasted with for Internet-wide single-port scans.
  • ZGrab, ZDNS, ZCrypto, ZLint, and Censys are closely related ZMap ecosystem projects and downstream uses.
  • Masscan is an adjacent high-speed scanner in the same broad space.

security posture

Risk level: blue

broad file, network, media, or database tool signal.

Risk classifier

blue risk · medium confidence · tool

Why

  • broad file, network, media, or database tool signal

Signals

  • text:network

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 5 runtime dependencies.
  • Build metadata lists 4 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
/etc/zmap/zmap.conf/etc/zmap/blacklist.conf

executables

Installed executables

CommandKindExposureNote
zblocklistcliglobal executable
ziteratecliglobal executable
zmapcliglobal executable
zteecliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version4.4.0
manager updated2026-05-29
local dataok
upstreamcurrent
latest detectedv4.4.0

https://github.com/zmap/zmap

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:zmap
Version4.4.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/zmap
Homepagehttps://zmap.io
Repositoryhttps://github.com/zmap/zmap
Upstream docshttps://github.com/zmap/zmap/wiki
LicenseApache-2.0
Source archivehttps://github.com/zmap/zmap/archive/refs/tags/v4.4.0.tar.gz
Last updated2026-05-29T09:12:11Z
Pulseupdated
Dependenciesgmp, json-c, judy, libdnet, libunistring
Build dependenciesbyacc, cmake, gengetopt, pkgconf
Uses from macOSlibpcap
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namezmap
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

zmap 2.1.1-2.1+b1

network scanner for researchers

https://zmap.io/

sudo apt install zmap
  • Section: net
  • Architecture: amd64
  • Source Package: zmap
  • 5 dependencies
  • normalized package name match
  • Matched by: Zmap
Debian stable package indexes · deb.debian.org · Debian stable package indexes: zmap from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

zmap

nix profile install nixpkgs#zmap
  • normalized package name match
  • Matched by: Zmap
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/zm/zmap/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

zmap 2.1.1-2.1build2

network scanner for researchers

https://zmap.io/

sudo apt install zmap
  • Section: universe/net
  • Architecture: amd64
  • 5 dependencies
  • normalized package name match
  • Matched by: Zmap
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: zmap from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk95%

zmap 4.3.4-r0

High performance internet scanner

https://www.zmap.io/

sudo apk add zmap
  • License: Apache-2.0
  • Architecture: x86_64
  • Source Package: zmap
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Zmap
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: zmap from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
apk95%

zmap-doc 4.3.4-r0

High performance internet scanner (documentation)

https://www.zmap.io/

sudo apk add zmap-doc
  • License: Apache-2.0
  • Architecture: x86_64
  • Source Package: zmap
  • normalized package name match
  • Matched by: Zmap
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: zmap-doc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
dnf95%

zmap 4.4.0-1.fc45

Network scanner for Internet-wide network studies

https://zmap.io

sudo dnf install zmap
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: zmap
  • 9 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Zmap
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: zmap from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
pacman95%

zmap 4.4.0-1

Fast network scanner designed for Internet-wide network surveys

https://zmap.io/

sudo pacman -S zmap
  • License: Apache-2.0
  • Architecture: x86_64
  • 6 dependencies
  • normalized package name match
  • Matched by: Zmap
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: zmap from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
MacPorts95%

zmap

sudo port install zmap
  • normalized package name match
  • Matched by: Zmap
MacPorts ports tree · api.github.com · MacPorts ports tree: net/zmap/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment