ZTSCAN: ENHANCING ZERO TRUST RESOURCE DISCOVERY WITH MASSCAN AND NMAP INTEGRATION
DOI:
https://doi.org/10.33480/jitk.v10i4.6628Keywords:
network scanning, Nmap, masscan, resource discovery, zero trust architectureAbstract
Implementing Zero Trust Architecture (ZTA) requires a comprehensive understanding of network assets as a fundamental step in implementing security policies. This study proposes ZTscan, an automated tool to increase the efficiency of network asset resource discovery. This proposed tool is then made open source in Github for anyone to evaluate and extend. The research constructs a GNS3-based testing scenario to evaluate the performance of the proposed tool against other scanning tools, including standalone Nmap, Masscan, RustScan, and ZMap. The evaluation focuses on three key metrics: accuracy, scanning speed, and generated data throughput. Experimental results demonstrate that ZTscan achieves 100% accuracy, matching Nmap_Pingsyn while outperforming faster tools such as Masscan, ZMap, and RustScan in precision. ZTscan completes scans 10.64%, faster than Nmap TCP SYN scan while maintaining comparable high accuracy. In terms of throughput, ZTscan reaches a stable peak throughput that is 13.8% lower than Nmap TCP SYN scan without causing disruptive traffic spikes. The findings of this study serve as a reference for resource discovery strategies in ZTA implementation, particularly in scenarios that require fast and accurate network scanning while minimizing potential disruptions or network interference.
Downloads
References
Direktorat Operasi Keamanan Siber BSSN, ‘Lanskap Keamanan Siber Indonesia 2023’, Jakarta, 2024.
N. Basta, M. Ikram, M. A. Kaafar, and A. Walker, ‘Towards a Zero-Trust Micro-segmentation Network Security Strategy: An Evaluation Framework’, in Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022: Network and Service Management in the Era of Cloudification, Softwarization and Artificial Intelligence, NOMS 2022, Institute of Electrical and Electronics Engineers Inc., 2022. doi: 10.1109/NOMS54207.2022.9789888.
Z. Adahman, A. W. Malik, and Z. Anwar, ‘An analysis of zero-trust architecture and its cost-effectiveness for organizational security’, Comput Secur, vol. 122, Nov. 2022, doi: 10.1016/j.cose.2022.102911.
Z. P. Putra, R. Harwahyu, and E. Hebert, ‘Performance Evaluation Elastic Security as Open Source Endpoint Detection and Response for Advanced Persistent Threat Cyberattack’, International Journal of Electrical, Computer, and Biomedical Engineering, vol. 2, no. 2, Jun. 2024, doi: 10.62146/ijecbe.v2i2.49.
R. Harwahyu, F. H. E. Ndolu, and M. V. Overbeek, ‘Three layer hybrid learning to improve intrusion detection system performance’, International Journal of Electrical and Computer Engineering, vol. 14, no. 2, pp. 1691–1699, 2024, doi: 10.11591/ijece.v14i2.pp1691-1699.
S. Lee, J.-H. Huh, and H. Woo, ‘Security System Design and Verification for Zero Trust Architecture’, Electronics (Basel), vol. 14, no. 4, p. 643, Feb. 2025, doi: 10.3390/electronics14040643.
Y. Cao, S. R. Pokhrel, Y. Zhu, R. Doss, and G. Li, ‘Automation and Orchestration of Zero Trust Architecture: Potential Solutions and Challenges’, Apr. 01, 2024, Chinese Academy of Sciences. doi: 10.1007/s11633-023-1456-2.
N. Nahar, K. Andersson, O. Schelen, and S. Saguna, ‘A Survey on Zero Trust Architecture: Applications and Challenges of 6G Networks’, IEEE Access, vol. 12, pp. 94753–94764, 2024, doi: 10.1109/ACCESS.2024.3425350.
P. Dhiman et al., ‘A Review and Comparative Analysis of Relevant Approaches of Zero Trust Network Model’, Feb. 01, 2024, Multidisciplinary Digital Publishing Institute (MDPI). doi: 10.3390/s24041328.
W. Yeoh, M. Liu, M. Shore, and F. Jiang, ‘Zero trust cybersecurity: Critical success factors and A maturity assessment framework’, Comput Secur, vol. 133, Oct. 2023, doi: 10.1016/j.cose.2023.103412.
M. Medhat, S. G. Sayed, S. M. Abd-Alhalem, and A. E. Takieldeen, ‘Whitelisting Requirements for Effective Cyber Defense Solutions’, in 2023 International Telecommunications Conference, ITC-Egypt 2023, Institute of Electrical and Electronics Engineers Inc., 2023, pp. 484–489. doi: 10.1109/ITC-Egypt58155.2023.10206403.
S. Gupta Bhol, J. R. Mohanty, and P. Kumar Pattnaik, ‘Taxonomy of cyber security metrics to measure strength of cyber security’, Mater Today Proc, vol. 80, pp. 2274–2279, Jan. 2023, doi: 10.1016/j.matpr.2021.06.228.
S. Rose, O. Borchert, S. Mitchell, and S. Connelly, ‘Zero Trust Architecture’, Gaithersburg, MD, Aug. 2020. doi: 10.6028/NIST.SP.800-207.
P. Phiayura and S. Teerakanok, ‘A Comprehensive Framework for Migrating to Zero Trust Architecture’, IEEE Access, vol. 11, pp. 19487–19511, 2023, doi: 10.1109/ACCESS.2023.3248622.
Z. Zhang, D. Towey, Z. Ying, Y. Zhang, and Z. Q. Zhou, ‘MT4NS: Metamorphic Testing for Network Scanning’, in Proceedings - 2021 IEEE/ACM 6th International Workshop on Metamorphic Testing, MET 2021, Institute of Electrical and Electronics Engineers Inc., Jun. 2021, pp. 17–23. doi: 10.1109/MET52542.2021.00010.
C. Itodo and M. Ozer, ‘Multivocal literature review on zero-trust security implementation’, Comput Secur, vol. 141, p. 103827, Jun. 2024, doi: 10.1016/J.COSE.2024.103827.
T. Kasama, Y. Endo, M. Kubo, and D. Inoue, ‘Please Stop Knocking on My Door: An Empirical Study on Opt-out of Internet-wide Scanning’, IEEE Access, 2025, doi: 10.1109/ACCESS.2025.3551691.
F. Mohammed, N. A. A. Rahman, Y. Yusof, and J. Juremi, ‘Automated Nmap Toolkit’, in ASSIC 2022 - Proceedings: International Conference on Advancements in Smart, Secure and Intelligent Computing, Institute of Electrical and Electronics Engineers Inc., 2022. doi: 10.1109/ASSIC55218.2022.10088375.
J. M. Redondo and D. Cuesta, ‘Towards improving productivity in NMAP security audits’, Journal of Web Engineering, vol. 18, no. 7, pp. 539–578, 2019, doi: 10.13052/jwe1540-9589.1871.
J. Asokan, A. Kaleel Rahuman, B. Suganthi, S. Fairooz, M. Sundar Prakash Balaji, and V. Elamaran, ‘A Case Study Using Companies to Examine the Nmap Tool’s Applicability for Network Security Assessment’, in 12th IEEE International Conference on Advanced Computing, ICoAC 2023, Institute of Electrical and Electronics Engineers Inc., 2023. doi: 10.1109/ICoAC59537.2023.10249544.
J. M. Pittman, ‘A Comparative Analysis of Port Scanning Tool Efficacy’, Mar. 2023, [Online]. Available: http://arxiv.org/abs/2303.11282
M. El-Hajj, ‘Leveraging Digital Twins and Intrusion Detection Systems for Enhanced Security in IoT-Based Smart City Infrastructures’, Electronics (Switzerland), vol. 13, no. 19, Oct. 2024, doi: 10.3390/electronics13193941.
R. D. Graham, ‘MASSCAN: Mass IP port scanner’, 2024. [Online]. Available: https://github.com/robertdavidgraham/masscan
G. Fyodor. Lyon, Nmap network scanning : official Nmap project guide to network discovery and security scanning. 2009. Accessed: Apr. 29, 2025. [Online]. Available: https://nmap.org/book/toc.html
R. Taupaani, ‘ZTScan’, Mar. 2025. [Online]. Available: https://github.com/numburanggata/ResourceDiscovery#
J. H. Jafarian, M. Abolfathi, and M. Rahimian, ‘Detecting Network Scanning Through Monitoring and Manipulation of DNS Traffic’, IEEE Access, vol. 11, pp. 20267–20283, 2023, doi: 10.1109/ACCESS.2023.3250106.
R. Aliyev, ‘A Comprehensive Spectrum of Open Ports: A Global Internet Wide Analysis’, in 12th International Symposium on Digital Forensics and Security, ISDFS 2024, Institute of Electrical and Electronics Engineers Inc., 2024. doi: 10.1109/ISDFS60797.2024.10526469.
X. Yu, Z. Hu, and Y. Xin, ‘A New Approach Customizable Distributed Network Service Discovery System’, Wirel Commun Mob Comput, vol. 2021, 2021, doi: 10.1155/2021/6627639.
Z. Durumeric, D. Adrian, P. Stephens, E. Wustrow, and J. A. Halderman, ‘Ten Years of ZMap’, in Proceedings of the 2024 ACM on Internet Measurement Conference, New York, NY, USA: ACM, Nov. 2024, pp. 139–148. doi: 10.1145/3646547.3689012.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Reikal Taupaani, Ruki Harwahyu
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
-a.jpg)
-b.jpg)
