# Install zmap with Homebrew, apk, apt, dnf, MacPorts, Nix, pacman

Network scanner for Internet-wide network studies. Version 4.4.0 via Homebrew; verified 2026-05-29.

## Install

```sh
sudo av install brew:zmap
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install zmap
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install zmap
```

  Evidence: MacPorts ports tree: net/zmap/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add zmap
```

  Evidence: Alpine Linux edge package indexes: zmap from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install zmap
```

  Evidence: Debian stable package indexes: zmap from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install zmap
```

  Evidence: Fedora Rawhide package metadata: zmap from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#zmap
```

  Evidence: nixpkgs package indexes: pkgs/by-name/zm/zmap/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S zmap
```

  Evidence: Arch Linux sync databases: zmap from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

## Package facts

- **Package key:** brew:zmap
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/zmap>
- **Version:** 4.4.0
- **Source summary:** Network scanner for Internet-wide network studies
- **Homepage:** <https://zmap.io>
- **Repository:** <https://github.com/zmap/zmap>
- **Upstream docs:** <https://github.com/zmap/zmap/wiki>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/zmap/zmap/archive/refs/tags/v4.4.0.tar.gz>
- **Last updated:** 2026-05-29T09:12:11Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- zblocklist (cli)
- ziterate (cli)
- zmap (cli)
- ztee (cli)
- zblocklist (alias)
- ziterate (alias)
- zmap (alias)
- ztee (alias)

## Dependencies

- gmp
- json-c
- judy
- libdnet
- libunistring

## Build dependencies

- byacc
- cmake
- gengetopt
- pkgconf

## Uses from macOS

- libpcap

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 4.4.0
- Package-manager updated: 2026-05-29
- Local data: ok
- Upstream repository: https://github.com/zmap/zmap
- Upstream latest detected: v4.4.0 (current)
## Project history and usage

ZMap is a fast single-packet Internet scanner created for large-scale network measurement. Its signature achievement was making a single-port scan of the public IPv4 address space feasible from one machine in under 45 minutes, then pushing the technique into both academic measurement and commercial attack-surface monitoring.

### Project history

The zmap/zmap repository was created in January 2013, and the project debuted publicly with the 2013 USENIX Security paper by Zakir Durumeric, Eric Wustrow, and J. Alex Halderman at the University of Michigan. The paper introduced ZMap as a modular open-source scanner designed for Internet-wide surveys, not host-by-host penetration testing.

The ZMap Project site describes the broader project as starting in 2013 with ZMap, followed a year later by ZGrab for application-layer scanning. That suite expanded into a family of measurement tools and libraries for hosts, services, DNS, TLS, and Web PKI research.

In 2014, the Zippier ZMap work described optimizations for 10 Gbps scanning, including parallelized address generation, improved blacklisting, and zero-copy packet I/O. The later Ten Years of ZMap paper documents how ZMap's packet construction, address generation, and operational behavior changed as maintainers learned from real Internet scanning.

### Adoption history

ZMap's adoption is unusually well documented. The 2024 Ten Years of ZMap paper says that since the 2013 release, networking and security researchers used the scanner in hundreds of research papers and that security companies built products on top of it for attack-surface and dependency monitoring.

The same work notes a darker adoption path: ZMap's speed made it useful to attackers as well as defenders. That dual-use reality shaped the project's attention to blocklists, scan etiquette, packet behavior, and the broader ethics of Internet-wide measurement.

### How it is used

ZMap is used when the question is about a service across the Internet rather than all services on one host. A user selects a probe module and target port, supplies allow/block-list policy and rate limits, then pipes responsive hosts to downstream tooling such as ZGrab for protocol handshakes or to custom analysis pipelines.

Operationally, good use means rate-limiting, honoring exclusion lists, using clear source identification, and treating scan results as sensitive measurement data. ZMap is powerful enough that responsible configuration is part of the tool's practical meaning.

### Why package nerds care

ZMap is one of the canonical research-to-package success stories in security tooling. It compressed a job that once required weeks or many machines into a Unix-installable scanner, which changed the ergonomics of Internet measurement.

For package nerds, it also anchors a recognizable ecosystem: zmap for fast probes, zgrab for application-layer collection, zdns for DNS measurement, zcrypto for protocol parsing, and zlint for Web PKI linting.

### Timeline

- 2013-01-23: The zmap/zmap GitHub repository is created.
- 2013-08: ZMap is presented at USENIX Security 13.
- 2014-08: Zippier ZMap presents 10 Gbps Internet-wide scanning optimizations.
- 2014: The ZMap Project releases ZGrab for application-layer scanning.
- 2024-11: Ten Years of ZMap analyzes a decade of adoption and operational evolution.

### Related projects

- Nmap is the classic host and network scanner that ZMap is often contrasted with for Internet-wide single-port scans.
- ZGrab, ZDNS, ZCrypto, ZLint, and Censys are closely related ZMap ecosystem projects and downstream uses.
- Masscan is an adjacent high-speed scanner in the same broad space.

### Sources

- <https://api.github.com/repos/zmap/zmap>
- <https://github.com/zmap/zmap>
- <https://par.nsf.gov/servlets/purl/10553593>
- <https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/durumeric>
- <https://www.usenix.org/conference/woot14/workshop-program/presentation/adrian>
- <https://zmap.io/about>


## Security Notes

broad file, network, media, or database tool signal.

- **Geiger risk:** blue / medium
- broad file, network, media, or database tool signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: /etc/zmap/zmap.conf, /etc/zmap/blacklist.conf
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** zmap
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Debian apt - zmap - 2.1.1-2.1+b1: normalized package name match | Debian stable package indexes: zmap from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | network scanner for researchers | https://zmap.io/
- Nix - zmap: normalized package name match | nixpkgs package indexes: pkgs/by-name/zm/zmap/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - zmap - 2.1.1-2.1build2: normalized package name match | Ubuntu 24.04 LTS package indexes: zmap from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | network scanner for researchers | https://zmap.io/
- apk - zmap - 4.3.4-r0: normalized package name match | Alpine Linux edge package indexes: zmap from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | High performance internet scanner | https://www.zmap.io/
- apk - zmap-doc - 4.3.4-r0: normalized package name match | Alpine Linux edge package indexes: zmap-doc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | High performance internet scanner (documentation) | https://www.zmap.io/
- dnf - zmap - 4.4.0-1.fc45: normalized package name match | Fedora Rawhide package metadata: zmap from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Network scanner for Internet-wide network studies | https://zmap.io
- pacman - zmap - 4.4.0-1: normalized package name match | Arch Linux sync databases: zmap from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Fast network scanner designed for Internet-wide network surveys | https://zmap.io/
- MacPorts - zmap: normalized package name match | MacPorts ports tree: net/zmap/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [libdnet](https://www.automicvault.com/pkg/brew/libdnet/) - Runtime dependency declared by Homebrew.
- [byacc](https://www.automicvault.com/pkg/brew/byacc/) - Build dependency declared by Homebrew.
- [cmake](https://www.automicvault.com/pkg/brew/cmake/) - Build dependency declared by Homebrew.
- [gengetopt](https://www.automicvault.com/pkg/brew/gengetopt/) - Build dependency declared by Homebrew.
- [pkgconf](https://www.automicvault.com/pkg/brew/pkgconf/) - Build dependency declared by Homebrew.
- [smap](https://www.automicvault.com/pkg/brew/smap/) - Shares av.db curated category or tags: cli, networking, scanner, security.
- [checkdmarc](https://www.automicvault.com/pkg/brew/checkdmarc/) - Shares av.db curated category or tags: cli, networking, security.
- [fastd](https://www.automicvault.com/pkg/brew/fastd/) - Shares av.db curated category or tags: cli, networking, security.
- [ghostunnel](https://www.automicvault.com/pkg/brew/ghostunnel/) - Shares av.db curated category or tags: cli, networking, security.
- [go-camo](https://www.automicvault.com/pkg/brew/go-camo/) - Shares av.db curated category or tags: cli, networking, security.
- [havn](https://www.automicvault.com/pkg/brew/havn/) - Shares av.db curated category or tags: cli, networking, security.
- [hubble](https://www.automicvault.com/pkg/brew/hubble/) - Shares av.db curated category or tags: cli, networking, security.
- [nebula](https://www.automicvault.com/pkg/brew/nebula/) - Shares av.db curated category or tags: cli, networking, security.

## Combined YAML source

View the package source record on GitHub. [combined/zmap.yml](https://github.com/automic-vault/db/blob/main/combined/zmap.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
