The Best Port Scanning Software & Tools for Windows, Linux and Online

I have always been thrilled by security and the concept of hacking (legally) into a computer or network. Perhaps it has to do with all those movies I watched growing up. I digress. A big part of hacking has to do with vulnerability assessment – finding vulnerabilities (both digital and non-digital) that you can use to gain access to a computer/network. In this article, we will be discussing some port scanning tools that can help check for open ports on a device and possibly probe for the services running on those ports.

One of the things you will normally do while carrying out a vulnerability assessment is finding open ports on a device and what services are running on those ports. By doing this, you may find a vulnerability that you can exploit in one of the services running on that device.

Here is our list of the best port-scanning software and tools for Windows, Linux, and online:

1. SolarWinds Open Port Scanner with ET – EDITOR'S CHOICE Part of the Engineer’s Toolset, which is a package of more than 60 network administration tools. The scanner will perform device discovery and then scan each device in a given range to check on port statuses. Runs on Windows Server. Start a 14-day free trial of Engineer's Toolset.
2. ManageEngine OpUtils – FREE TRIAL Package of network address monitoring and administration tools that includes a port scanner. Runs on Windows Server and Linux. Start a 30-day free trial.
3. ManageEngine Vulnerability Manager Plus – FREE TRIAL Provides a vulnerability scanner and a patch manager and its security checks include port scanning. Runs on Windows Server. Start a 30-day free trial.
4. Nmap Well-respected free utility to identify daemons running on a device by port number. This tool is a command line utility but it can be used with Zenmap to get a graphical user interface.
5. Angry IP Scanner Free tool that provides a range of network detection tools including a port scanner. Installs on Windows, macOS, and Linux.
6. Netcat Old command-line network tool with a free port scanner. This tool has been forked into versions for Windows, macOS, and Linux.
7. Online IP Scanning tools Range of websites that are able to scan the ports on a network gateway from a remote location.

Why would you want to check for open ports/services?

One of the major reasons why you would want to check for open ports and services is while performing a Vulnerability Assessment. This could be done as an external consultant for an organization or in the capacity of the administrator of a network. The goal is to stay one step ahead of attackers because whether you like it or not, they will come for you.

Another closely-related reason is when performing a Security Audit of your device/network. For example, a router that isn’t managed over the web or terminating VPN connections should not be listening on ports 80 or 443. By performing a port/service scan, you can discover open ports and turn off unnecessary services.

You can also scan the open ports on a computer/server. Some malware (e.g. rootkits) open ports on systems that give attackers access to that system. I remember an organization I consulted for where we found that someone has gained access to a server and was sending a huge amount of data somewhere, eating up all the organization’s bandwidth.

Before we go into the tools that can be used for checking open ports and services, let me sound a note of warning: port scanning can be deemed illegal and so you should never perform a port scan without authorization (preferably written) from the owner of the computer/network. This is because port scanning can reveal sensitive information about a computer/network that can be misused by an untrusted party.

Here's the Top Port Scanners:

We will now discuss some port scanning tools that can be used for checking for open ports and services. Most of the tools mentioned here have other uses but we will focus on their port scanning ability.

1. SolarWinds Open Port Scanner – FREE TRIAL

The Open Port Scanner from SolarWinds – which is part of the Engineer's Toolset – is a handy utility for discovering IP addresses in use as well as a port scanner. You launch a scan by specifying a range of IP addresses to look for – make that range impossibly wide and you will get all of the IP addresses on your network tested.

Key Features:

• Robust Toolset for Administrators: Offers a comprehensive toolset for network administrators, providing automated and manual scanning capabilities along with detailed port status information.
• Automated and Manual Scanning: Users can perform both automated and manual scans, allowing flexibility in scanning options and ensuring comprehensive coverage of network devices and ports.
• Detailed Port Status Information: Provides detailed information on port status, including open, closed, and filtered ports, along with TCP or UDP operation, enabling users to identify potential security vulnerabilities and optimize network configurations.

Why do we recommend it?

The Open Port Scanner from SolarWinds, part of the Engineer's Toolset, offers network administrators a robust utility for discovering IP addresses and scanning ports efficiently. Our recommendation is based on its comprehensive toolset, which includes both automated and manual scanning options, along with detailed port status information. With its user-friendly interface and integration within the Engineer's Toolset, the Open Port Scanner simplifies network scanning tasks and enhances network security measures.

When the tool encounters an IP address that is in use, the service creates a record in the Open Port Scanner screen. This will show the open, closed, and filtered ports on each encountered device. The service will also show whether the port is operating TCP or UDP and you can filter results by that attribute.

The Open Port Scanner is a useful but small utility. It is one of the many types of tools that you probably use to run your network but waste time looking for. The Open Port Scanner is part of a package of tools, called the Engineer’s Toolset. This bundle includes more than 60 useful tools and they are all accessible from the Engineer’s Toolset’s menu. This makes the port scanner easy to find.

Who is it recommended for?

The SolarWinds Open Port Scanner is recommended for network technicians, small businesses, and home users seeking a user-friendly tool for IP address discovery and port scanning. Whether performing routine network scans or troubleshooting connectivity issues, the Open Port Scanner provides simple outputs and easy access to essential features, making it suitable for both novice and experienced users alike.

The Open Port scanner and all of the Engineer’s Toolset run on Windows Server and you can get the package on a 14-day free trial.

2. ManageEngine OpUtils – FREE TRIAL

ManageEngine OpUtils is a combination of an IP address manager, a switch port mapper, and network utilities. “Port” in IT has two meanings – one is a socket on a switch that network cable plugs into and the other is an addressing system in the Transmission Control Protocol, which assigns a code number to each of the listeners that can be running on a computer, waiting for data coming in from the network. OpUtils operates with both of these two types of ports.

Key Features:

• Suite of Port Scanning Tools and Monitors: Offers a suite of tools for port scanning, IP address management, and switch port mapping, providing comprehensive solutions for network administrators.
• Intuitive Interface: Simplifies network management tasks and enhances user experience, ensuring ease of use for both novice and experienced users.
• Supports Both Linux and Windows: Compatible with both operating systems, offering versatility and flexibility in network management across different environments.

Why do we recommend it?

ManageEngine OpUtils offers a comprehensive suite of port scanning tools and monitors, making it an essential utility for network administrators. Our recommendation is based on its intuitive interface, support for both Linux and Windows operating systems, and versatility in managing both switch ports and TCP/UDP ports. With its array of tools, OpUtils simplifies network management tasks and enhances network security measures, making it a valuable asset for organizations of all sizes.

The OpUtils console includes a dazzling array of tools. Don’t be drawn to the Switch Port Mapper option on the top menu of the interface – that’s the other type of port. For a check on the statuses on TCP and UDP ports, go to the Toolset menu option and then select Port Scanner from the submenu that appears.

The service lets you scan all of the ports on one device by entering its IP address. It is also possible to check the ports on a number of devices in one run be entering a range of IP addresses. The scan launch screen also allows the user to enter a range of port numbers to look through.

Who is it recommended for?

ManageEngine OpUtils is recommended for network administrators and organizations seeking efficient tools for IP address management, switch port mapping, and port scanning. Whether managing small or large deployments, OpUtils caters to diverse needs, offering intuitive interfaces and comprehensive features for network monitoring and troubleshooting. Additionally, organizations utilizing both Linux and Windows operating systems will find OpUtils invaluable for streamlining network management tasks across different environments.

OpUtils installs on Windows Server and Linux. ManageEngine offers the system on a 30-day free trial.

ManageEngine OpUtils Start a 30-day FREE trial

3. ManageEngine Vulnerability Manager Plus – FREE TRIAL

ManageEngine Vulnerability Manager Plus provides preventative security scanning for endpoints and network devices. The system looks at software versions and configurations for operating systems, firmware, and software packages. Extra scanning services in the package include a port scanner.

Key Features:

• Scans Endpoints Running Windows, macOS, and Linux: Supports endpoint scanning across multiple operating systems, ensuring comprehensive coverage of vulnerabilities across diverse environments.
• Includes a Patch Manager: Includes a patch manager, allowing organizations to automate patch management processes and remediate vulnerabilities efficiently.
• Identifies Zero-Day Vulnerabilities: Enables organizations to proactively address emerging threats and mitigate risks effectively.

Why do we recommend it?

ManageEngine Vulnerability Manager Plus offers comprehensive security scanning for endpoints and network devices, making it an essential tool for proactive vulnerability management. Our recommendation is based on its ability to scan endpoints running Windows, macOS, and Linux, its inclusion of a patch manager, and its identification of zero-day vulnerabilities. With its automated remediation capabilities, port scanning features, and web server hardening functionalities, it enhances security posture and mitigates risks effectively, making it a valuable asset for organizations seeking robust vulnerability management solutions.

Although the package is able to scan computers running macOS, its port auditing function isn’t available for that operating system. The tool will scan ports on computers running Windows or Linux. The Linux distros that this package is able to check are Ubuntu, Debian, SUSE, RHEL, Pardus, Oracle Linux, and CentOS. The port scanner produces a report on which ports are open. Other results from security scanning include advice on how to fix configuration errors and an automated patch manager that updates outdated software.

This system is offered in three editions. These are the Professional edition for LANs, the Enterprise edition for WANs, and the Free edition, which has all of the features of the professional edition but is limited to scanning 20 workstations and five servers.

Who is it recommended for?

ManageEngine Vulnerability Manager Plus is recommended for organizations of all sizes seeking preventative security scanning and vulnerability management solutions for their endpoints and network devices. Whether managing LANs or WANs, Vulnerability Manager Plus caters to diverse needs, offering scalable editions and comprehensive features for security scanning and remediation. Additionally, organizations prioritizing security and seeking automated patch management and web server hardening will find Vulnerability Manager Plus indispensable for safeguarding their infrastructure against potential threats.

You can examine ManageEngine Vulnerability Manager Plus by accessing a 30-day free trial.

ManageEngine Vulnerability Manager Plus Start a 30-day FREE trial

4. Nmap

Anyone who has been in the Networking or Security industry for a while will have heard about Nmap. Nmap which is short for “Network Mapper” can be used for a lot of things like network discovery, vulnerability assessment, network inventory, and so on. What’s more is that Nmap is free and open source. In fact, a lot of network management tools include Nmap is one form or the other.

Key Features:

• Thoroughly Documented: Provides extensive resources and guidelines for users to understand its functionalities and utilize its features effectively.
• Simple Syntax: Offers ease of use and accessibility for users, ensuring straightforward usage and efficient execution of network scanning tasks.
• Offers a GUI Through Sister Tool Zenmap: In addition to its command-line interface, Nmap offers a GUI through Zenmap, providing users with a graphical interface for performing network scans and visualizing scan results.

Why do we recommend it?

Nmap provides the tools for network discovery, vulnerability assessment, and network inventory. Our recommendation is rooted in its thorough documentation, simple syntax, and the availability of a GUI through its sister tool, Zenmap. With its comprehensive features and open-source nature, Nmap serves as a valuable asset for network administrators and security professionals, offering robust functionality for identifying hosts, services, and potential security vulnerabilities.

Relevant to our discussion is using Nmap to check for open ports and services running on a device. Nmap handles this effortlessly. Not only will Nmap tell us the hosts that are available on the network (i.e. network discovery), it will tell us what services are running on those hosts (with a lot of information), and if you want, it can go as far as attempting to identify the operating system of the host.

While most people will use Nmap from a terminal window or command prompt, learning how to use Nmap with all its various switches and options can be a daunting task for a new user. Therefore, a new user may want to use Zenmap which is a GUI for Nmap to perform scans and view results, as seen in the screenshots above and below.

Zenmap provides in-built “profiles” that can be used to perform popular scans (e.g. Ping scan, Quick Scan, Intense Scan) without having to know which options to use.

To see how Nmap works, I will scan my home wireless network which is on the 192.168.8.0/24 subnet. There are a couple of devices on this network, from my Macbook to Windows PCs, and also phones.

To start off, I will run a basic Ping Scan to check what hosts are available on that network using the command: nmap -sn 192.168.8.0/24

Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-03 23:47 WAT

Nmap scan report for homerouter.cpe (192.168.8.1)

Host is up (0.0030s latency).

Nmap scan report for 192.168.8.100

Host is up (0.0012s latency).

Nmap scan report for 192.168.8.101

Host is up (0.0066s latency).

Nmap done: 256 IP addresses (3 hosts up) scanned in 15.60 seconds

As you can see, it discovered that there are 3 hosts available on the network. This does not mean there are no other hosts (because there are); it just means these are the ones that responded to ping.

I have noticed that by running the ping scan with elevated privileges (e.g. sudo), I can get more information:

$ sudo nmap -sn 192.168.8.0/24

 

Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-03 23:49 WAT

Nmap scan report for homerouter.cpe (192.168.8.1)

Host is up (0.0023s latency).

MAC Address: 80:13:82:61:41:6B (Huawei Technologies)

Nmap scan report for 192.168.8.101

Host is up (0.074s latency).

MAC Address: 48:45:20:65:C1:D8 (Intel Corporate)

Nmap scan report for 192.168.8.103

Host is up (0.074s latency).

MAC Address: 60:6C:66:8A:76:86 (Intel Corporate)

Nmap scan report for 192.168.8.100

Host is up.

Nmap done: 256 IP addresses (4 hosts up) scanned in 28.29 seconds

Now that we have discovered the hosts on the network, we can go ahead to probe them further. Let’s take the device with an IP address of 192.168.8.101 as an example. We will run a scan that will perform OS detection, determine open ports, and also probe the open ports for the services running on them. A simple command that will achieve all these is: nmap -A 192.168.8.101

Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-04 00:13 WAT

Nmap scan report for 192.168.8.101

Host is up (0.010s latency).

Not shown: 997 closed ports

PORT    STATE SERVICE      VERSION

135/tcp open  msrpc        Microsoft Windows RPC

139/tcp open  netbios-ssn  Microsoft Windows netbios-ssn

445/tcp open  microsoft-ds Windows 10 Pro 15063 microsoft-ds (workgroup: <!scrubbed>)

Service Info: Host: MOSCLPI0064; OS: Windows; CPE: cpe:/o:microsoft:windows

 

Host script results:

|_nbstat: NetBIOS name: MOSCLPI0064, NetBIOS user: <unknown>, NetBIOS MAC: 48:45:20:65:c1:d8 (Intel Corporate)

| smb-os-discovery:

|   OS: Windows 10 Pro 15063 (Windows 10 Pro 6.3)

|   OS CPE: cpe:/o:microsoft:windows_10::-

|   Computer name: MOSCLPI0064

|   NetBIOS computer name: MOSCLPI0064\x00

|   Domain name: <!scrubbed>

|   Forest name: <!scrubbed>

|   FQDN: MOSCLPI0064.<!scrubbed>

|_  System time: 2018-02-04T00:13:37+01:00

| smb-security-mode:

|   account_used: guest

|   authentication_level: user

|   challenge_response: supported

|_  message_signing: disabled (dangerous, but default)

| smb2-security-mode:

|   2.02:

|_    Message signing enabled but not required

| smb2-time:

|   date: 2018-02-04 00:13:37

|_  start_date: 2018-01-26 12:15:31

 

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 29.50 seconds

 

Note: I had to scrub the data to protect sensitive information. Also, the result would have been more detailed if I had run it with elevated privileges.

Who is it recommended for?

Nmap is recommended for network administrators, security professionals, and individuals involved in network management and security operations. Whether performing network discovery, vulnerability assessment, or troubleshooting tasks, Nmap caters to diverse needs and provides valuable insights into network infrastructure and security posture. Additionally, organizations seeking a free and open-source solution for network scanning and security auditing will find Nmap indispensable for enhancing their security measures and maintaining network integrity.

As you can see, Nmap is an awesome tool and we have barely scratched the surface. You can perform different TCP/UDP scans, and even try to bypass firewalls that block port scanning attempts. Nmap is available on most operating systems including Windows, macOS, and Linux.

Download Nmap/ZenMap from their official site: https://nmap.org/download.html

5. Angry IP Scanner

The next tool on the list is Angry IP Scanner. Even though this tool is quite simple, its speed is mind-blowing because it uses multithreading i.e. multiple threads to scan a network.

Key Features:

• Easy-to-Use Interface: Intuitive interface, ensuring ease of use and accessibility for users, particularly those new to network scanning tools.
• Fast Port Scanning and Device Discovery: Leveraging multithreading, Angry IP Scanner achieves remarkable speed in port scanning and device discovery, providing quick results for network reconnaissance tasks.
• Supports macOS, Linux, and Windows: Compatible with multiple operating systems, offering flexibility and versatility for users across different environments.

Why do we recommend it?

Angry IP Scanner stands out for its simplicity and remarkable speed, making it an efficient tool for network scanning and device discovery. Our recommendation is based on its easy-to-use interface, fast port scanning capabilities, and support for multiple operating systems including MacOS, Linux, and Windows. While lacking some advanced features found in other tools, Angry IP Scanner excels in providing quick and reliable network scanning, particularly for smaller networks and one-off scans.

Angry IP Scanner is a GUI-based tool that can detect open and filtered ports, resolve MAC addresses to vendors, provide NetBIOS information, and so on. Unlike Nmap and SolarWinds Port Scanner, it cannot do OS detection, nor does it probe open ports for the services running on those ports.

From the test I ran on my home network, it seems to have more false positives than Nmap because it found open ports that were not really open. However, it correctly listed all the truly open ports on all devices.

Who is it recommended for?

Angry IP Scanner is recommended for individuals and organizations seeking a lightweight and user-friendly tool for network scanning and device discovery. Ideal for mobile toolkits and one-off scans of small networks, Angry IP Scanner offers simplicity and efficiency in network reconnaissance tasks. Additionally, users looking for a cross-platform solution compatible with MacOS, Linux, and Windows operating systems will find Angry IP Scanner suitable for their needs.

Angry IP Scanner can be installed on Windows, Mac, and Linux operating systems. However, it requires Java to run. Download from their official site here: http://angryip.org/download/

6. Netcat

The last tool we will discuss is Netcat, which is an old tool (dating back to 1995!), and is popularly called the “Swiss army knife” utility of a network/security engineer. The main purpose of Netcat is to “read and write data across network connections”; however, it also has an inbuilt port scanner. Even though the port scanning feature is not anything fancy, it gets the job done.

Key Features:

• Lightweight and Efficient: Offers fast and reliable performance for network communication and port scanning tasks.
• Robust CLI Commands: Provides robust command-line interface (CLI) commands, allowing users to execute various network operations with ease and precision.
• Support for Various Operating Systems: Compatible with multiple operating systems, including Windows, Linux, and Unix, ensuring flexibility and accessibility for users across different platforms.

Why do we recommend it?

Netcat offers versatile capabilities for reading and writing data across network connections, including an inbuilt port scanning feature. Our recommendation is based on its lightweight nature, robust CLI commands, and support for various operating systems. While primarily known for its data transfer functionalities, Netcat's port scanning feature provides a simple yet effective solution for network reconnaissance tasks.

Let’s scan the 192.168.8.101 host using netcat. The following command tells netcat to scan TCP ports 1 to 500 on host 192.168.8.101 without sending any data (-z) and timing out after 1 second (-w1): nc -v -z -w1 192.168.8.101 1-500. The -v option enables verbose mode.

MOSCLPI0064 [192.168.8.101] 465 (?) open

MOSCLPI0064 [192.168.8.101] 445 (microsoft-ds) open

MOSCLPI0064 [192.168.8.101] 143 (imap) open

MOSCLPI0064 [192.168.8.101] 139 (netbios-ssn) open

MOSCLPI0064 [192.168.8.101] 135 (epmap) open

MOSCLPI0064 [192.168.8.101] 119 (nntp) open

MOSCLPI0064 [192.168.8.101] 110 (pop3) open

MOSCLPI0064 [192.168.8.101] 25 (smtp) open

Note: The open ports on netcat and Angry IP Scanner seem to match.

Who is it recommended for?

Netcat is recommended for network and security engineers, as well as individuals seeking a versatile tool for network communication and reconnaissance. With its lightweight and cross-platform compatibility, Netcat is suitable for users across different operating systems, including Windows, Linux, and Unix. Additionally, users looking for a straightforward yet powerful port scanning tool will find Netcat invaluable for their network analysis needs.

The original version of Netcat is not maintained anymore. However, there are several variants and implementations available and you should be able to get one for Linux, Mac, and Windows operating systems with a good Google search.

Your can find the original download of Netcat at Sourceforge: http://netcat.sourceforge.net

7. Online Tools

While the tools we have discussed so far need to be installed (or executed) on a PC, there are IP and network scanning tools available online for checking ports and services. Of course, these tools will not be able to scan your internal network but they can be used to scan publicly available devices. For example, if you are hosting your own server (e.g. Digitalocean droplet, AWS instance), you can use these tools to audit them.

Note: All the tools we have mentioned above can also be used to scan external hosts.

Key Features:

• Doesn’t require installation
• Easy to use
• Can scan networks from the outside

Some online IP scanning tools include TCP Port Scan with Nmap from Pentest-Tools.com, MxToolBox’s Port Scan, IPFingerPrint’s Open Port Checker & Scanner, etc.

Here is a snapshot of the open ports on one of my servers using TCP Port Scan with Nmap from Pentest-Tools.com:

Conclusion

In this article, we have looked at various IP and port scanning tools for checking open ports and services. If you are looking for a very fast tool that provides basic port checking, then go for SolarWinds' offering. The SolarWinds Port Scanner is also a good tool with a nice GUI and is easy to use and works without any faults or issues whatsoever. The interface and GUI is updated and the tool seems to be updated quite often.

If you are a power-user and like to get your hands dirty, then Nmap might be the solution for you due to its array of options, although there may be a bit of learning curve to it. The tool is not nearly as easy to run scans using Nmap (even the GUI) as it is with Angry Ip Scanner and SolarWinds scanner.

Finally, keep in mind that the results you will get when performing a port scan from an internal network will be different from your results when coming from the outside. This is because of the various filtering devices that will block access from the outside.

Also, before using a port scanner on a network, make sure you get the proper permissions from the network administrator or engineer, as some of these scanners can throw off some flags in IDS or on their Firewalls!

Port Scanning Software & Tools for Windows, Linux & Online FAQs