What is a Network Port Scanner?
A network port scanner is a tool used by network security professionals and penetration testers to scan computer networks for open ports. Ports are communication endpoints that enable computers to send and receive data.
A port scanner identifies which ports on a network are open and listening for connections. By scanning a network's ports, security professionals can assess the security posture of the network and identify potential vulnerabilities.
Port scanners can perform various types of scans, such as TCP SYN scans, UDP scans, and TCP connect scans. These scans help identify services running on specific ports and can provide information about the state and availability of those services.
The information gathered by a port scanner can be used to conduct further analysis, such as banner grabbing, which involves retrieving information about the software or service running on a specific port. This information can help security professionals identify outdated or vulnerable software that may pose a security risk.
1. Nmap
Nmap is a powerful and versatile network scanning tool. It is used to discover hosts and services on a computer network, thus providing valuable information about the network's security.
Nmap can be used for tasks such as network inventory, vulnerability scanning, and network mapping. It is a widely used tool by network administrators and security professionals.
2. Astsu
Astsu is a free and open-source network scanner that can scan common ports, discover hosts in network, OS Scan. It works on Windows, Linux and can be installed on macOS.
ReddyyZ3. NetProbe: Network Probe
NetProbe is a tool you can use to scan for devices on your network. The program sends ARP requests to any IP address on your network and lists the IP addresses, MAC addresses, manufacturers, and device models of the responding devices.
Features
- Scan for devices on a specified IP address or subnet
- Display the IP address, MAC address, manufacturer, and device model of discovered devices
- Live tracking of devices (optional)
- Save scan results to a file (optional)
- Filter by manufacturer (e.g., 'Apple') (optional)
- Filter by IP range (e.g., '192.168.1.0/24') (optional)
- Scan rate in seconds (default: 5) (optional)
HalilDeniz4. sx
sx is the command-line network scanner designed to follow the UNIX philosophy.
Features
- ⚡ 30x times faster than nmap
- ARP scan: Scan your local networks to detect live devices
- ICMP scan: Use advanced ICMP scanning techniques to detect live hosts and firewall rules
- TCP SYN scan: Traditional half-open scan to find open TCP ports
- TCP FIN / NULL / Xmas scans: Scan techniques to bypass some firewall rules
- Custom TCP scans with any TCP flags: Send whatever exotic packets you want and get a result with all the TCP flags set in the reply packet
- UDP scan: Scan UDP ports and get full ICMP replies to detect open ports or firewall rules
- Application scans:
- SOCKS5 scan: Detect live SOCKS5 proxies by scanning ip range or list of ip/port pairs from a file
- Docker scan: Detect open Docker daemons listening on TCP ports and get information about the docker node
- Elasticsearch scan: Detect open Elasticsearch nodes and pull out cluster information with all index names
- Randomized iteration over IP addresses using finite cyclic multiplicative groups
- JSON output support: sx is designed specifically for convenient automatic processing of results
5. ZMap: The Internet Scanner
ZMap is a fast single packet network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space on a single port in under 45 minutes. With a 10gigE connection and PF_RING, ZMap can scan the IPv4 address space in under 5 minutes.
ZMap operates on GNU/Linux, Mac OS, and BSD. ZMap currently has fully implemented probe modules for TCP SYN scans, ICMP, DNS queries, UPnP, BACNET, and can send a large number of UDP probes.
If you are looking to do more involved scans (e.g., banner grab or TLS handshake), take a look at ZGrab 2, ZMap's sister project that performs stateful application-layer handshakes.
zmap6. RustScan
RustScan is a free and open-source port scanner.
Features
- Scans all 65k ports in 3 seconds.
- Full scripting engine support. Automatically pipe results into Nmap, or use our scripts (or write your own) to do whatever you want.
- Adaptive learning. RustScan improves the more you use it. No bloated machine learning here, just basic maths.
- The usuals you would expect. IPv6, CIDR, file input and more.
- Automatically pipes ports into Nmap.
RustScan7. XMap: The Internet Scanner
XMap is a fast network scanner that can perform Internet-wide IPv6 & IPv4 network research scanning. It is a reimplementation and improvement of ZMap, offering compatibility and faster probing speeds. XMap can scan the 32-bits address space in under 45 minutes, or under 5 minutes with a 10 gigE connection and PF_RING.
It supports IPv6 scanning, random network space scanning, and simultaneous probing of multiple ports. XMap operates on GNU/Linux, macOS, and BSD, and includes probe modules for ICMP Echo scans, TCP SYN scans, UDP probes, and DNS scans.
idealeer8. GoScan
GoScan is an interactive network scanner client built in Go that provides abstraction and automation over nmap. It can be used for host discovery, port scanning, and service enumeration in various scenarios, including professional engagements and unstable environments.
Results can be uploaded asynchronously, allowing for flexibility in the scanning process.
marco-lancini9. Furious
Furious is a fast, lightweight, portable network scanner that can perform a SYN scan of a single host with all known ports in approximately 4 seconds, compared to 98 seconds with nmap.
It can be installed on Linux, Windows, and macOS. however, it requires WinPcap to run on Windows.
liamg10. liwasc
liwasc is a high-performance network and port scanner. It can quickly give you a overview of the nodes in your network, the services that run on them and manage their power status.
Features
liwasc is a high-performance network and port scanner with the following features:
- Scan a network: liwasc can list the nodes in a network, their power status, manufacturer information, IP & MAC addresses, and more metadata using an ARP scan and the mac2vendor database.
- Scan a node: liwasc can list the ports and services of a node and provide metadata (service names, registration dates, etc.) using a high-performance custom TCP and UDP port scanner, and the Service Name and Transport Protocol Port Number Registry.
- Power on a node: liwasc can turn on nodes in a network by sending Wake-on-LAN packets.
- Periodically scan a network: liwasc can periodically scan a network based on a CRON syntax and persist the results in a database using the integrated periodic scans feature.
- Give remote insight into a network: liwasc can be securely exposed to the public internet and serve as a remote controller for a network as it is based on open web technologies, has a gRPC API, and supports OpenID Connect authentication.
pojntfx11. WatchYourLAN
WatchYourLAN is a free and open-source lightweight network IP scanner with web GUI.
aceberg12. Network-Scanner
This is a free and open-source Python script that scans a network for connected devices.
dharmil1813- Scanners Box
Scanners Box also known as scanbox, is a powerful hacker toolkit, which has collected more than 10 categories of open source scanners from Github, including subdomain, database, middleware and other modular design scanner etc.
But for other Well-known scanning tools, such as nmap, w3af, brakeman, arachni, nikto, metasploit, aircrack-ng will not be included in the scope of collection.
Hazem
We5ter14. Tsunami
Tsunami is a network security scanner with a plugin system for detecting high severity vulnerabilities. It is currently in 'pre-alpha' release for developer preview and is under active development with expected major API changes in the future.
google15. webscan
webscan is a browser-based network IP scanner and local IP detector that uses WebRTC to detect IPs bound to the user/victim and discovers all live IP addresses on valid subnets.
It works on mobile and desktop across major browsers and OS's, and the beta version allows the addition of multiple techniques.
It takes advantage of non-responsive img tag sockets to prevent rate limiting by altering the src attribute or using fetch()'s signal support.
samyk16. Network scanner
A Network tool kit for scanning active IP addresses and open ports.
aboelkassem17. NetworkSherlock
NetworkSherlock is a powerful port scanning tool designed for network security professionals and penetration testers.
It offers advanced scanning capabilities, detailed banner grabbing, and integration with Shodan for enhanced scanning and analysis of network vulnerabilities.
Features
- Scans multiple IPs, IP ranges, and CIDR blocks.
- Supports port scanning over TCP and UDP protocols.
- Detailed banner grabbing feature.
- Ping check for identifying reachable targets.
- Multi-threading support for fast scanning operations.
- Option to save scan results to a file.
- Provides detailed version information.
- Colorful console output for better readability.
- Shodan integration for enhanced scanning capabilities.
- Configuration file support for Shodan API key.
HalilDeniz18. opscan
This is a free and open-source open port scanner built using Rust language.
sigoden19. Go-Portscanner
TCP Network Port Scanner written in Go, nmap style.
ivopetiz