As a network administrator, do you really know what’s happening on your network? Using a port scanning tool can help identify potential vulnerabilities as well as paint a detailed picture as to what devices are open to certain types of communication. In this article, we’ll review the six best port scanner tools you can use to help discover vulnerabilities, and better defend your network.
What are port scanner tools used for?
From network administrators, security experts, and even hackers, all port scanners help detect what ports are open, closed, or filtered on a device that is on a network.
These details combined with manufacturer information can help give context as to what a device’s purpose is on the network. With that information, attackers will attempt to use known exploits over those ports to gain unauthorized access.
Checking for unnecessary open ports is usually one of the first steps an attacker will do when trying to find ways into your network. As an administrator, we can run these tools first to defend from potential attacks. Port scanner tools give admins a chance to shut down unused ports that are open and terminate suspicious connections.
Ports can be left open unintentionally, or forced open by rootkits and other advanced types of malware. These ports are essentially exploited as backdoors to exfiltrate stolen data and push out commands to existing malware on the network. Performing a network security audit with a trusted port scanner tool can help detect some of the stealthiest types of malware and attacks.
Using a port scanner tool on a network you own is perfectly fine. If for whatever reason you need to run a port scan tool on someone else’s network, ensure you have written permission to do so. Running these tools on networks you do not have permission to is deemed illegal in most countries.
The Best Port Scanner Tools
Let’s dive into some of the best port scanning tools on the market today, and review exactly why they made the list. Some tools below have multiple uses, but today we’ll be focusing on their port scanning features.
1. ManageEngine Vulnerability Manager Plus (FREE TRIAL)
ManageEngine Vulnerability Manager Plus is a comprehensive vulnerability discovery, assessment, and remediation platform suitable for SMB to enterprise networks.
Key Features:
- Support for a wide range of operating systems
- Built-in patch management for OS and third-party applications
- Automated scanning for continuous vulnerability remediation
Why do we recommend it?
ManageEngine Vulnerability Manager Plus earns its recommendation by offering a comprehensive and scalable solution for vulnerability management. Its capacity to conduct thorough scans across diverse networks, including remote sites and WANs, ensures that vulnerabilities are identified throughout the entire infrastructure. The platform’s intuitive severity ranking system streamlines the prioritization of remediation efforts, enhancing the efficiency of the vulnerability management process. With support for various operating systems, including Windows, Linux, and Mac, ManageEngine Vulnerability Manager Plus caters to the needs of diverse networks, making it a versatile and effective choice for businesses of varying sizes.
Vulnerability Manager Plus starts by scanning your entire network to locate vulnerabilities across your hardware and network infrastructure. The scan easily extends beyond your LAN to include remote site subnets and other interconnected WANs. Once complete, the scan provides a severity ranking for each issue found, making it easy to tackle what issues need to be addressed first. The platform supports Windows, Linux, and Mac operating systems, making it an ideal choice for more diverse networks.
Finally, the management platform helps ensure that loopholes stay closed and helps prevent future vulnerabilities moving forward.
Who is it recommended for?
ManageEngine Vulnerability Manager Plus is ideal for SMB to enterprise networks seeking an all-encompassing vulnerability management solution. Network administrators and security professionals tasked with overseeing diverse operating systems, including Windows, Linux, and Mac, will find this platform particularly beneficial. Its automated scanning capabilities and built-in patch management for both OSs and third-party applications make it well-suited for organizations aiming for continuous vulnerability remediation. The flexibility and robust threat intelligence support further position ManageEngine Vulnerability Manager Plus as a valuable asset for businesses looking to fortify their security posture.
Pros:
- Great for continuous scanning and patching throughout the lifecycle of any device
- Robust reporting can help show improvements after remediation
- Flexible – can run on Windows, Linux, and Mac
- Backend threat intelligence is constantly updated with the latest threats and vulnerabilities
- Supports a free version, which is great for small businesses
Cons:
- Can take time to fully implement and integrate into your vulnerability remediation workflow
Download a fully-featured 30-day free trial of the ManageEngine Vulnerability Manager Plus.
2. ManageEngine OpUtils (FREE TRIAL)
ManageEngine OpUtils is a bundle of different tools that contains a port mapper, an IP address manager, and a physical switch portmapper. The interface is very modern and clean unlike some of the old-school scanning tools, which is refreshing, to say the least.
Why do we recommend it?
The ManageEngine OpUtils bundle encompasses a range of functionalities, including a port mapper, IP address manager, physical switch port mapper, bandwidth monitor, wake-on-LAN tool, rogue device detection, switch port management, and SNMP monitoring tools. Its modern and clean interface sets it apart from traditional scanning tools, providing a user-friendly experience. OpUtils excels in delivering precisely what tech professionals need, offering quick and efficient network scans, open port identification, and detailed status analysis, making it a valuable asset for network management.
What makes OpUtils great is that it’s technically a bundle of some of the most frequently used tools by techs and sysadmins. This includes a bandwidth monitor, wake-on-LAN tool, rogue device detection, switch port management, SNMP monitoring tools, and about a half dozen smaller tools tailored to specific devices such as Cisco.
OpUtils lets you scan the entire network based on a custom IP range for open ports, or alternatively, you can choose a single device and run an entire port scan over all ports. What makes this tool great is that it does just exactly what you want it to do.
Who is it recommended for?
ManageEngine OpUtils is recommended for technicians and system administrators looking for a comprehensive toolkit that consolidates essential network management tools. With features catering to tasks such as port mapping, IP address management, and switch port analysis, OpUtils is suitable for a wide range of users involved in network monitoring and administration. The user-friendly interface makes it accessible for those who prioritize efficiency and modern design. Whether you need to perform network scans, identify open ports, or manage SNMP devices, OpUtils offers a versatile solution. The availability of a 30-day free trial allows users to explore its capabilities before making a commitment.
In a matter of seconds, you can have a device’s full range of ports and their status displayed for analysis. OpUtils is available for Windows Server and Linux systems. You can test out ManageEngine OpUtils free through a 30-day free trial.
3. Nmap
Nmap is one of the most widely used and trusted port scanner tools in the world of cybersecurity. It’s the cornerstone of any pentester’s toolkit and helps aid in network discovery, device vulnerability, and network reconnaissance. Nmap which is aptly short for network mapper lives up to its name doing just that.
Why do we recommend it?
Nmap stands out as a leading and widely trusted port scanner tool in the realm of cybersecurity. Its robust capabilities make it a cornerstone in the toolkit of penetration testers, aiding in network discovery, device vulnerability assessment, and network reconnaissance. The tool’s success is attributed to its open-source architecture and user-friendly design, fostering active communities for troubleshooting, bug fixing, and feature enhancements. Nmap excels in providing detailed outputs, offering insights into network information, device responses, port statuses, and running services. Its command-line interface, while potentially intimidating for newcomers, is complemented by Zenmap, a graphical alternative that simplifies the scanning process.
What’s made the tool so successful is its open-source architecture and relative ease of use. This has allowed dedicated communities to troubleshoot bugs and add additional features that might be helpful for port scanning.
Nmap scans networks and provides very detailed outputs containing information about the network, how devices responded to the scan, the status of the ports, and what services the device might be running.
This is all done through a command-line interface, which can be a bit intimidating to newer users. While I personally am a fan of the command line, those who want a more graphical-based approach can use Zenmap. Zenmap is essentially Nmap without having to type all of the commands out.
Since Nmap is so lightweight it is preferred among many security professionals, as it can be used to scan massive corporate networks with very little resource footprint. Behind Nmap is an entire Lua programming language and Nmap scripting language. This allows you to automate and script out very specific types of conditions you’re looking to find in your scan.
Who is it recommended for?
Nmap is highly recommended for cybersecurity professionals, penetration testers, and network administrators seeking a powerful and versatile port scanner tool. Its open-source nature allows for continuous community-driven improvements, ensuring reliability and effectiveness. While the command-line interface may require some familiarity, Zenmap provides a graphical option for those who prefer a more user-friendly experience. Nmap’s lightweight footprint makes it ideal for scanning large corporate networks with minimal resource usage. The tool’s compatibility with various operating systems, including Windows, macOS, Linux, Free BSD, and Solaris, enhances its accessibility and makes it an invaluable asset for cybersecurity enthusiasts. Nmap’s free and open-source model further contributes to its popularity and widespread use in the cybersecurity community.
Nmap is completely free and open source. Nmap runs on nearly all operating systems including Windows, macOS, Linux, Free BSD, and Solaris.
4. SolarWinds Port Scanner
SolarWinds Port Scanner combines the raw power of Nmap and displays its outputs elegantly through a simple and intuitive interface. By selecting an individual device or range of IPs SolarWinds Port Scanner will get to work and display the results in the same window on the right-hand column.
Why do we recommend it?
SolarWinds Port Scanner stands out as an excellent choice due to its effective combination of the powerful Nmap engine with a user-friendly interface. The tool efficiently translates the robust scanning capabilities of Nmap into an intuitive display, allowing users to select specific devices or IP ranges effortlessly. With features like multi-thread scanning and adaptive timing behavior, SolarWinds Port Scanner excels in scanning larger networks swiftly. Its ability to save and reuse scan configurations, coupled with support for various export formats and IANA port names, enhances its usability for both regular scans and comprehensive network assessments.
The tool also utilizes multi-thread scanning and adaptive timing behavior to shorten the total time needed to scan, making it a great tool for larger networks with more devices. For administrators that run scans regularly scan configs can be saved and reused at later on other networks or at a later time.
Results can be exported into several formats such as XML, CSV, and XLSX and fully supports IANA port names that can be edited in a separate file after scanning has been completed.
The tool gives a great quick breakdown if the ports are open, closed, or filtered, and even performs OS detection. The OS detection feature is used by attackers to gain contextual information about what services could be running, as well as narrow down what types of attacks are possible.
Each tool has its own methods of identifying operating systems. This is called a “Fingerprint” and is usually based on a number of different factors such as TCP/IP stack or other information that the device is broadcasting.
Who is it recommended for?
SolarWinds Port Scanner is highly recommended for network administrators and security professionals who prioritize a balance between advanced scanning capabilities and user-friendly interfaces. Its suitability extends to those managing larger networks with multiple devices, thanks to its efficient multi-thread scanning and adaptive timing. This tool is ideal for users who require quick and reliable insights into open, closed, or filtered ports, along with robust OS detection features. The ability to export results in various formats adds to its versatility, making it a valuable asset for network administrators seeking a comprehensive yet accessible port scanning solution.
Having such reliable OS detection and ease of use puts SolarWinds Port Scanner on our list. This tool is available for free for Windows operating systems only.
5. Angry IP Scanner
Angry IP Scanner is a great tool for quick and simple port scans, especially if used for network discovery. While other tools are more focused on security, Angry IP Scanner is built more for network discovery and device identification.
Why do we recommend it?
Angry IP Scanner earns its recommendation as an excellent tool for swift and straightforward port scans, especially when geared towards network discovery. While some tools prioritize security aspects, Angry IP Scanner excels in network exploration and device identification. It has become a staple for help desks and technicians navigating unfamiliar networks, offering a quick and efficient solution for scanning subnets or entire IP ranges. Within minutes, the tool provides a list of IP addresses, their open ports, hostnames, and ping times, enhancing troubleshooting efforts and network connectivity assessments.
This tool is a staple among help desks and any technicians who find themselves working on a new network that they are unfamiliar with. In a matter of seconds, you can specify a subnet or entire IP range to scan. In just a minute or so a list of IP addresses will quickly populate along with their open ports and hostname.
The tool also displays the ping time from you to the device, which can be helpful if troubleshooting network connectivity. I personally used this tool to help track down devices that lost their static IP address, and it has never let me down.
You can also get a brief description of what the device could be running, for example, Angry IP may detect a device is running Apache or Windows. The scans are done using multithreading making it incredibly fast and efficient to run even on larger networks.
Who is it recommended for?
Angry IP Scanner is highly recommended for help desks, technicians, and network administrators dealing with new or unfamiliar networks. Its user-friendly interface and rapid scanning capabilities make it a valuable asset for swift network discovery. The tool’s ability to detect devices, display open ports, and provide brief descriptions of running services, such as Apache or Windows, adds to its versatility. While not primarily designed for security-focused port scanning, Angry IP Scanner strikes an excellent balance between functionality and ease of use. Moreover, its cost-effective nature, being freely available, positions it as an unbeatable choice for those seeking an efficient yet budget-friendly port scanning solution.
The tool isn’t the best port scanner for security purposes but strikes a great balance between port scanning features and ease of use. For the low price of free, you simply can’t beat it.
6. Netcat
Netcat is similar to Nmap and dates back to the early 1990s. Despite being so old, it’s still in use today and has been a trusted tool in the utility bags of technicians all over the world. Netcat is the definition of barebones, meaning it doesn’t have any fancy features or utilities, it simply just does its job.
Why do we recommend it?
Netcat, despite its age dating back to the early 1990s, remains a trusted and reliable tool in the utility bags of technicians globally. This command-line-based tool is the epitome of barebones functionality, devoid of fancy features, focusing on efficiently executing its core tasks. Netcat’s strength lies in its versatility and the ability to perform specific scanning methods. For example, using the -z syntax allows quiet scanning for open ports without sending data, enabling discreet assessments without triggering intrusion detection systems. Its detailed and security-oriented results make it a specialized yet powerful tool for network security purposes.
Netcat is command-line based meaning it has a steep learning curve than other GUI port scanner tools. You can get very specific with your scanning methods. For instance, you can use the -z syntax to only scan for open ports without sending data to them. This is a way to quietly scan for ports without alerting intrusion detection systems.
Let’s take a look at some of the commands and how their output would look.
To scan port ranges 50-100 for open ports quietly you could use the following command:
nc -z -v 10.10.5.8 50-100
Since the -v command was used, the results will display in a verbose form.
nc: connect to 10.10.5.8 port 20 (tcp) failed: Connection refused nc: connect to 10.10.5.8 port 21 (tcp) failed: Connection refused Connection to 10.10.5.8 22 port [tcp/ssh] succeeded! nc: connect to 10.10.8.8 port 23 (tcp) failed: Connection refused nc: connect to 10.10.5.8 port 79 (tcp) failed: Connection refused Connection to 10.10.5.8 80 port [tcp/http] succeeded!
While these results aren’t as simple as the results you’d get for SolarWinds or ManageEngine, they are more detailed and security-oriented. That being said Netcat is definitely a more specialized tool based on network security.
Alternatively, you can even send files through Netcat and spin up an online chat server between two hosts. The tool has many uses, but one of its best features is its port scanning abilities.
Who is it recommended for?
Netcat is recommended for seasoned technicians and network security professionals who value a command-line approach and require detailed, security-focused port scanning. The tool’s steep learning curve may be challenging for beginners, but its capabilities extend beyond traditional port scanning. Netcat’s versatility allows for tasks such as sending files and establishing online chat servers between hosts. While it lacks a graphical user interface, Netcat’s specialized features make it an indispensable asset for those with a security-centric focus. It is available for both Windows and Linux environments, catering to a broad range of users in the cybersecurity domain.
Netcat is available for Windows as well as Linux environments.
7. Unicornscan
Unicornscan is a popular port scanner tool among the security community but doesn’t get much attention outside of these small groups. This Linux command-line tool supports asynchronous TCP and UDP scanning as well as IP port scanning with service and system detection.
Why do we recommend it?
Unicornscan, a Linux command-line tool, has gained popularity within the security community for its robust port scanning capabilities. While it might not enjoy widespread recognition outside security-focused circles, its asynchronous TCP and UDP scanning, coupled with IP port scanning and detailed service and system detection, make it a powerful asset for security professionals. Unicornscan’s strength lies in its flexibility, allowing security experts to perform highly detailed scans using unconventional network discovery methods. These methods often unveil details missed by other tools during scans of remote systems and services.
Like Nmap, the tool is incredibly detailed and flexible allowing security professionals to scan devices for ports in a number of different and unique ways. One of the reasons for Unicornscan’s popularity is its use of unconventional network discovery methods that can discover details missed by other tools when scanning remote systems and services.
Although there is no GUI for Unicronscan, we find the syntax to be simple to use, even easier than Nmap in some cases. One of the easiest ways to get access to Unicornscan is to get it from a free Kali Linux distribution. Alternatively, you can install it on other forms of Linux as well.
Who is it recommended for?
Unicornscan is highly recommended for security professionals, penetration testers, and network administrators operating within the Linux environment. The tool’s popularity within the security community is a testament to its effectiveness in uncovering nuanced details during scans. While it lacks a graphical user interface, Unicornscan’s command-line syntax is user-friendly, especially for those already familiar with Linux command-line tools. Users can conveniently access Unicornscan through free distributions like Kali Linux, making it readily available for penetration testing and security assessments.
8. Pentest-Tools
Pentest Tools is a website where you can scan ports of external IP addresses. You can think of it as an online “done for you” version of Nmap. Simply put in the external IP address you wish to scan and click scan. The light version is free, which only shares the top 100 ports and shares the hostname as well as the IP address and service version the device is running.
Why do we recommend it?
Pentest-Tools serves as a convenient online platform for users looking to perform port scans on external IP addresses without the need for extensive technical knowledge. Comparable to an “online done-for-you” version of Nmap, Pentest-Tools simplifies the scanning process. Users can input the external IP address they want to scan and initiate the process with a click. The light version, available for free, offers insights into the top 100 ports, along with the hostname, IP address, and service version of the target device.
For access to the direct operating system, all 65535 port scan results, and a full traceroute, you’ll need to pay. Plans are broken up into four tiers and start at $65.00 per month. Considering Nmap is a free tool, I don’t think this service is worth it among technical professionals but could be useful for someone who is not as tech-savvy but still needs the results of an in-depth port scan.
Below is the output from a “light” scan with the Pentest Tools site:
Starting Nmap ( https://nmap.org ) at 2021-02-23 21:40 EET
NSE: Loaded 40 scripts for scanning.
Initiating Ping Scan at 21:40
Scanning XX.XXX.XXX.XXX [4 ports]
Completed Ping Scan at 21:40, 0.23s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 21:40
Scanning ec2-XX-XX-XX-XX.compute-1.amazonaws.com (XX.XXX.XXX.XXX) [100 ports]
Discovered open port 443/tcp on XX-XX-XX-XX
Discovered open port 80/tcp on XX-XX-XX-XX
Increasing send delay for XX-XX-XX-XX from 0 to 5 due to 11 out of 15 dropped probes since last increase.
Completed SYN Stealth Scan at 21:40, 22.63s elapsed (100 total ports)
Initiating Service scan at 21:40
Who is it recommended for?
Pentest-Tools is recommended for individuals who may not possess advanced technical skills but still require the results of a thorough port scan. This online platform offers a user-friendly interface for users seeking a quick and easy way to perform port scans on external IP addresses. While technical professionals might prefer free alternatives like Nmap, Pentest-Tools could be particularly useful for those who value simplicity and convenience. For users requiring more advanced features, such as access to full port scan results and a comprehensive traceroute, subscription plans starting at $65.00 per month are available.
9. IP Fingerprints
IP Fingerprints is another online tool that allows you to scan remote IP addresses through a few simple clicks. What’s nice about this tool is that it is entirely free and allows you to choose which ports or port ranges you want to scan. For more in-depth scanning you can switch to the Advanced tab and toggle between different types of scanning filters.
Why do we recommend it?
IP Fingerprints stands out as a valuable online tool for port scanning remote IP addresses with ease and simplicity. This tool offers a user-friendly interface that allows users to initiate scans through a few straightforward clicks. Notably, IP Fingerprints is entirely free, providing an accessible option for users seeking basic port scanning functionality. One of its notable features is the ability to customize scans by selecting specific ports or port ranges. Additionally, the Advanced tab offers more in-depth scanning options, allowing users to choose from various scan types such as SYN stealth, NULL stealth, FIN stealth, XMAS, ACK, and Window scans. The tool also provides flexibility in ping types, including TCP, ICMP, or both, along with options for OS detection and the use of fragmented packets to evade firewall detection.
For instance, you can choose between scan-type methods, and sort through SYN stealth, NULL stealth, FIN stealth, XMAS, ACK, and Window scans. If you want to use ping instead you can choose between TCP, ICMP, or both for your ping type. There are a few general options that can be turned on for more details, such as OS detection and the ability to use fragmented packets to avoid firewall detection.
While this tool can take a long time depending on how large your port range is, it’s an excellent online alternative for port scanning with plenty of customization options that are usually only reserved for tools like Nmap or Unicornscan.
Below are the results from a port scan I ran checking ports 80-5000. It took roughly 10 minutes to complete.
Host is up (0.095s latency). Not shown: 911 closed ports PORT STATE SERVICE 80/tcp open http 111/tcp filtered rpcbind 135/tcp filtered msrpc 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 513/tcp filtered login 520/tcp filtered efs
Who is it recommended for?
IP Fingerprints is recommended for users who prioritize simplicity and customization in an online port scanning tool. This tool is suitable for individuals looking for a free and accessible solution for scanning remote IP addresses. While the scanning process may take time depending on the port range, IP Fingerprints serves as an excellent online alternative, offering customization options typically found in more advanced tools like Nmap or Unicornscan. Whether users are new to port scanning or seek a straightforward online tool with customization capabilities, IP Fingerprints is a valuable choice.
Which port scanner tool is right for you?
While we’ve narrowed it down to the best port scanner tools, you may be wondering which one is best for you. SolarWinds Port Scanner is going to provide the best general overall port scanning for most sysadmins and general technicians. Its ease of use and quick installation secure its place at number one.
For those who want to dive deep into port scanning for cybersecurity research and penetration testing, Nmap is a tried-and-true professional port scanning tool that has been in use since the early 1990s. For those who are looking for an alternative to Nmap, I’d highly recommend Unicornscan for similar functionality with more unique scanning features.
Do you have a favorite port scanner? If so, let us know about it in the comments below.