online scanner The
full version of our online TCP port scanner allows you to poll open ports with custom parameters that you can easily customize from your cloud account.
Ports for scanning options:
Common TCP ports (top 10, top 100, top 1000
- , top 5000)Port range (
- custom port list (22, 80, 443, 5060) for focused inline port scans.
Find open ports options:
- operating system detection
- Make TraceRoute
- Enable or Disable Check if the host is active before scanning.
detection on or off Enable or disable
The TCP Port Scanner on our cloud platform gives you two options: get closer to your target as an external attacker would, or perform port scans directly against your services, as if the firewall had already been bypassed. The resulting Nmap scan report gives you the opportunity to identify and correct the root causes of the security risks presented by your target.
To get both perspectives and form a complete view of all open ports of that target, use separate workspaces, one without and one with our out-of-the-box VPN agent. Alternatively, whitelisting Pentest-Tools.com to get complete visibility of your target.
Let’s take a look at how our ready-to-use online Nmap scanner works in three stages to achieve your goal:
1. Nmap host discovery
The scanner attempts to verify that the destination host is active before polling open ports. This is essential to optimize the scan duration when running the online IP scanner against a wide range of IP addresses. It would be a waste of time to poll open ports on a “dead” host (for example, there is no server on a given IP).
However, the ‘liveness’ host cannot always be detected correctly. Causes include firewalls that allow access to only a certain port and eliminate everything else. So, you may not find any open ports because of this. In this situation, whitelist our scanners or disable the “Check if host is active before scanning” option to skip the host discovery phase and skip directly to the all ports verification step.
Arabic numeral. Open port detection
To determine whether a TCP port is open, Nmap leverages the three-way handshake mechanism used by TCP to establish a connection between a client and a server.
There are two main methods for discovering open TCP ports:
Connect-Scan (Nmap -sT) Nmap
performs a full
three-way handshake with the destination server, establishing a full TCP connection. The packet sequence for this type of scanning is: SYN, SYN-ACK, ACK, RST.
does not require root/administrator access on the client machine, but it is quite noisy and the server can log attempted connections from other hosts.
SYN-Scan (Nmap -sS)
This is the default scanning method, also enabled on our online open port scanner . Nmap makes a semi-open TCP connection, knowing that the port is open as soon as the server responds with SYN-ACK. The packet sequence in this case is: SYN, SYN-ACK, RST.
This method is stealthier than a Connect-Scan, but requires Nmap to run with root/administrator privileges, as it needs to create low-level raw sockets to send the individual packets, rather than leaving the kernel stack to make the connection
Nmap finds a list of ports, it can do a deeper check to determine the exact type of service running on that port, including its version. This is necessary because common services can run on non-standard ports (for example, a web server running on port 32566). Service discovery is enabled with the -sV parameter.
Nmap performs service discovery by sending a series of predefined probes for various protocols to the destination port and see if it responds accordingly. For example, send
- Client Hello to check for SSL services
- GET request to check the HTTP service;
- SIP OPTIONS to check the SIP/RTSP protocol, and many others.
In addition to accurate and fast port detection, other options on our cloud platform increase the capabilities of this TCP scanner:
- Automatic attack surface mapping that extracts data from multiple
- Scheduled analysis and bulk scanning for continuous attack surface monitoring Real-time notifications
- via webhooks for seamless workflows
- API access for out-of-the-box scan engines
- Automation options such as pentest robots and templates
- Scanning workspace and item sharing for effective collaboration.