Online port scanner

How this scan works

The scanner tries to complete a TCP handshake on each of 20 common ports. If the connection succeeds, the port is open. If it is refused or times out, it is reported as closed. Scans run server-side with a 1.5-second timeout per port.

Port reference

• 22 (SSH)— remote admin. Should be restricted to known IP ranges, not open to the entire internet.
• 23 (Telnet)— unencrypted remote login. If this is open, close it.
• 21 (FTP)— transfers data in cleartext. Replace with SFTP or FTPS on any current system.
• 25 (SMTP)— mail server traffic. Should be open on mail servers only.
• 80 / 443 (HTTP / HTTPS)— web traffic. Port 443 should be open on any public site. Port 80 is acceptable if it redirects to HTTPS.
• 3306 (MySQL) / 5432 (PostgreSQL)— databases. Should never be publicly accessible. Bind to localhost or put them behind a private network.
• 3389 (RDP)— Windows Remote Desktop. A constant target for brute-force attacks. Do not expose this to the internet.
• 6379 (Redis) / 27017 (MongoDB)— both have a history of large-scale breaches when accidentally left open. They should not be publicly reachable.
• 445 (SMB)— Windows file sharing. Responsible for the WannaCry outbreak. Never expose to the public internet.

What open ports mean for security

Automated scanners sweep the entire IPv4 address space around the clock looking for open ports with vulnerable services. A database accidentally exposed or an old Telnet service left running can be found and compromised within hours of a server going online. The principle is simple: close every port that does not need to be public.

Authorization

Only scan hosts you own or have written permission to test. Port scanning infrastructure you do not control is illegal under the Computer Fraud and Abuse Act (US), the Computer Misuse Act (UK), and equivalent laws in most countries. Targets on this tool are validated to resolve to public IP addresses; private ranges and cloud metadata addresses are blocked before any scan begins.