22 Free Open-source Port Scanner for Pentesters and Cybersecurity Experts
A port scanner is a network tool used to identify open or accessible ports on a device, server, or network. It sends requests to a target’s various ports and analyzes the responses to determine which ports are open and what services are running on them.
Port scanning is crucial for network security because open ports can reveal vulnerabilities and provide entry points for attackers.
By using port scanners, security professionals can assess the security posture of their systems, detect unauthorized access, and prevent potential breaches.
Port scanners are one part of what pentesters and cybersecurity experts use for their security tests. In this blog, we covered several pentesting tools and frameworks that may benefits security experts:
1- RustScan
RustScan is a free and open-source fast modern port scanner that enables pentesters to scan 65k ports in about 3 seconds. It automatically pipes ports into Nmap.
2- Port Finder
A port-Finder is a free application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.
3- Naabu
Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner.
It is a really simple tool that does fast SYN/CONNECT/UDP scans on the host/list of hosts and lists all ports that return a reply.
Features
- Fast And Simple SYN/CONNECT/UDP probe based scanning
- Optimized for ease of use and lightweight on resources
- DNS Port scan
- Automatic IP Deduplication for DNS port scan
- IPv4/IPv6 Port scan (experimental)
- Passive Port enumeration using Shodan Internetdb
- Host Discovery scan (experimental)
- NMAP integration for service discovery
- Multiple input support - STDIN/HOST/IP/CIDR/ASN
- Multiple output format support - JSON/TXT/STDOUT
4- NetworkSherlock
NetworkSherlock is a powerful and flexible port scanning tool designed for network security professionals and penetration testers. With its advanced capabilities, NetworkSherlock can efficiently scan IP ranges, CIDR blocks, and multiple targets.
Features
- Scans multiple IPs, IP ranges, and CIDR blocks.
- Supports port scanning over TCP and UDP protocols.
- Detailed banner grabbing feature.
- Ping check for identifying reachable targets.
- Multi-threading support for fast scanning operations.
- Option to save scan results to a file.
- Provides detailed version information.
- Colorful console output for better readability.
- Shodan integration for enhanced scanning capabilities.
- Configuration file support for Shodan API key.
5- havn
havn
- ˈheɪvən
|| "HAY" + "vuhn"
- is a lightweight self-contained port scanning application written in Rust, using asynchronous Tokio multithreading to deliver fast and reliable results. With sensible defaults and configurable options, users are able customise the scanning process according to their needs. It is designed and built to be compatible with multiple platforms, including Docker, and has a binary size of less than 1mb.
It can be installed on Linux systems as Ubuntu, Arch Linux, macOS, or can be installed using Docker.
6- Port Scanner
Port Scanner is a Python-based straightforward Python tool designed to scan open ports on a specified target IP address.
Its features include:
- Multi-threaded port scanning
- Easy configuration via
config.json
- Records open ports in
open_ports.txt
after scanning
7- Scapy port scanner
This is a free and open-source simple port scanner built using Scapy, performs SYN, UDP and Xmas scans.
8- Port Scanner
Port Scanner is yet another go-to tool for scanning network. Scan all the open ports for a given host with just one click.
It is written using Python, Flask, and supports multithreading.
9- NimScan
Written in Nim, NimScan is a fast port scanner that works on Windows only.
10- MASSCAN: Mass IP Port Scanner
Masscan is a fast network port scanner designed to scan the entire internet within minutes. It functions similarly to nmap, though its primary focus is speed, using its asynchronous transmission and raw packet scanning capabilities. It allows users to scan over 10 million packets per second, making it ideal for large-scale reconnaissance.
Masscan can be fine-tuned for custom scans by specifying target ranges, ports, and output formats, and it's useful for security researchers and system administrators aiming to identify open ports across vast networks.
11- Th3inspector Tool
Th3Inspector is a versatile information-gathering tool used primarily for reconnaissance in cybersecurity. It performs various tasks, including whois lookups, DNS information, and IP geolocation.
While Th3Inspector focuses on information gathering, it also features some basic network scanning capabilities, such as port scanning.
It can scan specified target IP addresses for open ports, providing users with an overview of accessible services. This is especially useful in early-stage penetration testing, where identifying potential entry points is critical.
12- Furious IP/Port Scanner
This is a 😠 Go IP/port scanner with SYN (stealth) scanning and device manufacturer identification. It is written to work on Windows, Linux, and macOS.
13- OWASP Nettacker
OWASP Nettacker is an automated tool designed for network reconnaissance and penetration testing. It can perform port scanning, vulnerability detection, and information gathering across multiple hosts, providing a comprehensive overview of network security.
Nettacker’s port scanning feature allows for detecting open ports and services on a target system, essential for identifying potential security gaps.
Its ability to automate complex scans makes it highly beneficial for penetration testers and security professionals, enhancing efficiency while ensuring thoroughness in network security assessments.
14- Scilla
Scilla is a free and open-source Information Gathering tool - DNS / Subdomains / Ports / Directories canning and enumeration.
15- JF⚡can
JFScan is a wrapper that leverages the speed of Masscan and Nmap's fingerprinting capabilities. JFScan accepts targets in the form of URLs, domains, or IPs (including CIDR). You can specify a file with targets using an argument, or use stdin.
JFScan also allows you to output only the results and chain them with other tools like Nuclei. The domain:port output of JFScan is crucial for identifying vulnerabilities in web applications, as the virtual host determines which content will be served.
In addition, JFScan can scan discovered ports with Nmap, and enables you to define custom options and leverage Nmap's advanced scripting capabilities.
16- CyberScan
CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including (latitude, longitude , region , country ...).
It works on Windows (XP/7/8/8.1/10), Linux and macOS.
17- Rock-On
Rock-On is a all in one recon tool that will help your Recon process give a boost. It is mainley aimed to automate the whole process of recon and save the time that is being wasted in doing all this stuffs manually. A thorough blog will be up in sometime. Stay tuned for the Stable version with a UI.
18- UDPX
UDPX is a fast and lightweight UDP scanner written in Go, supporting the discovery of over 45 services and allowing custom probes. It’s portable across Linux, macOS, and Windows, requiring no additional dependencies like libpcap. UDPX scans whole /16 networks in approximately 20 seconds for a single service and outputs results in JSONL format.
Unlike TCP scanning, UDPX sends protocol-specific packets to ports, waiting for a response to identify open ports. Its simple setup and customization make it ideal for quick, efficient network scans.
19- Spidex
Spidex is a continuous reconnaissance scanner focused on identifying network exposure. It performs large-scale port-oriented scanning and collects data on each device connected to the internet, including open ports, geographic location, web technologies, and banners.
The engine stores a detailed report for each scan cycle, covering execution time, devices found, and other metrics. With its multi-threaded architecture, Spidex enhances performance by processing up to 450-500 threads in parallel, significantly reducing scan time and boosting efficiency for large-scale network analysis.
20- Netspionage
Network Forensics CLI utility that performs Network Scanning, OSINT, and Attack Detection.
21- PortSpider
PortSpider is a tool for scanning huge network ranges to find open ports and vulnerable services. This tool is not intended to scan one target, rather a whole IP range. (eg. 192.168.0.0/24) Most of the time companies/organizations have public information about their owned public IP ranges, so portSpider will help you to scan all of their machines at once for vulnerable devices/services.
22- PS2
PS2 is a simple port scanner written entirely in PowerShell, designed for legal network security purposes. It allows users to scan for open ports on specified targets. The tool emphasizes that users must comply with applicable laws and take full responsibility for their actions when using it.
Developed with ease of use in mind, PS2 is ideal for security professionals or hobbyists looking to perform basic port scanning tasks on systems using PowerShell without needing additional software.