API_REFERENCE.md

API Reference

ZMap Class

The main interface for PyZmap operations.

Scan Methods

• scan(target_port, subnets, output_file, **kwargs)

  • Perform a network scan and return the results
  • Returns: List of IP addresses that responded

• run(**kwargs)

  • Run ZMap with specified parameters
  • Returns: Tuple of (return code, stdout, stderr)

Information Methods

• get_probe_modules() - Get list of available probe modules
• get_output_modules() - Get list of available output modules
• get_output_fields(probe_module) - Get list of available output fields
• get_interfaces() - Get list of available network interfaces
• get_version() - Get ZMap version string

Input Configuration Methods

• blocklist_from_file(blocklist_file) - Validate and use a blocklist file
• allowlist_from_file(allowlist_file) - Validate and use an allowlist file
• create_blocklist_file(subnets, output_file) - Create a blocklist file from subnets
• create_allowlist_file(subnets, output_file) - Create an allowlist file from subnets
• create_target_file(targets, output_file) - Create a file with target IPs
• generate_standard_blocklist(output_file) - Generate standard RFC1918 blocklist

Result Processing Methods

• parse_results(file_path, fields) - Parse scan results into structured data
• parse_metadata(file_path) - Parse scan metadata from JSON file
• extract_ips(results, ip_field) - Extract IP addresses from parsed results
• stream_results(file_path, fields) - Stream results without loading all into memory
• count_results(file_path) - Count results in a file efficiently

ZMapScanConfig Class

Handles configuration for ZMap scans.

Fields

• Core Options:

  • target_port: Port number to scan
  • bandwidth: Send rate in bits/second (supports G, M, K suffixes)
  • rate: Send rate in packets/sec
  • cooldown_time: How long to continue receiving after sending last probe
  • interface: Network interface to use
  • source_ip: Source address for scan packets
  • source_port: Source port(s) for scan packets
  • gateway_mac: Gateway MAC address
  • source_mac: Source MAC address
  • target_mac: Target MAC address
  • vpn: Send IP packets instead of Ethernet (for VPNs)

• Scan Control Options:

  • max_targets: Cap number of targets to probe
  • max_runtime: Cap length of time for sending packets
  • max_results: Cap number of results to return
  • probes: Number of probes to send to each IP
  • retries: Max number of times to try to send packet if send fails
  • dryrun: Don't actually send packets
  • seed: Seed used to select address permutation
  • shards: Total number of shards
  • shard: Which shard this scan is (0 indexed)

• Advanced Options:

  • sender_threads: Threads used to send packets
  • cores: Comma-separated list of cores to pin to
  • ignore_invalid_hosts: Ignore invalid hosts in allowlist/blocklist file
  • max_sendto_failures: Maximum NIC sendto failures before scan is aborted
  • min_hitrate: Minimum hitrate that scan can hit before scan is aborted

• Metadata Options:

  • notes: User-specified notes for scan metadata
  • user_metadata: User-specified JSON metadata