What Is This Resource?
Port Scanning is one of the initial steps that a Penetration Tester (‘Ethical Hacker’) will take to determine how secure a network or web application is from black hat hackers.
Port Scanning Software, of which there is plenty, is a ‘must-learn’ if you are serious about becoming a Cybersecurity Professional. We’ve tried to list as many useful and ‘user-friendly’ Port Scanning Tools that we have used in the past.
Here are our recommended Port Scanners!
We chose these scanners based mostly on our own experience, but also through some research into the subject matter.
What is Nmap?
Nmap is an abbreviation for ‘Network Mapper’ – ‘Network’ in an IT sense of the word. You can consider Nmap as being one of the best-known, and in fact, one of the most useful hacking tools out there. Period. If you are serious about pentesting, ethical hacking and IT Security in general, then learning Nmap is essential.
Is Nmap Free?
You betcha! In fact, a lot of other tools out there, Metasploit for example, pulls in Nmap for network discovery and security auditing. Many system admins will use Nmap along with other such tools as Wireshark (and perhaps even ‘Network Miner’) for a wide variety of port and network scanning. If you’re completely new to port and network scanning then we’d suggest this article here.
How does Nmap Work?
Nmap tool works by inspecting raw IP packets in creative ways to understand what hosts (servers) are available on the network, what services (application name and version) those hosts are using, what operating systems (including Operating System versions and possible patches) and what type and version of packet filters/ firewalls are being used by the target. In summary you’ve got to learn Nmap and if want to work in Cyber Security as a practioner.
Does Nmap Work on all Operating Systems?
Yes, Nmap works on all major computer operating systems, and official binary packages are available for Linux, Windows, Mac OS X,
IRIX, and AmigaOS. Of course, there’s a much easier way to install Nmap – just use Kali Linux or use BackBox since it ships with Nmap and you’ll be able to update the progam with ease. We have a lot of information on Linux Pentesting ‘Ethical Hacking’ Distributions here.
Brief word about ‘Zenmap’
Zenmap is the GUI version of Nmap. Here’s our advice: learn how to use Nmap, but when you’re out in the field performing a penetration test etc., then fire-up Zenmap. The awesome thing about Zenmap is that it pre-loads all the command lines in one go so you don’t have to start tapping ‘nmap’ into the command terminal to load the command help prompts.
What is Angry IP Scanner?
Angry IP Scanner is a cross-platform and an open source network scanner created to be speedy and easy to use. It is commonly used by network administrators including large and small businesses, banks and government agencies. Features of this tool includes IP Range, Random or file in any format, scans local networks as well as the internet, exports results in many formats and provides command-line interface.
Is Angry IP Scanner Free?
Yes! ipscan is free to use.
Does Angry IP Scanner Work on all Operating Systems?
It runs on Linux, Windows and MAC OS X operating systems.
What are the Typical Uses for Angry IP Scanner?
One of the uses of this tool is to scan IP addresses and ports.
What is NetScanTools?
NetScanTools is really a collection of different pentesting tools that a system admin would find particularly useful. The range of network toolkits are designed for those who work in network engineering, network security, network administration, network training, or law enforcement internet crimes investigation. Like many other pentesting tools in our series, the developers offer a free and commercial grade of their products.
Is NetScanTools Free?
NetScanTools has a free and commercial product available.
Does NetScanTools Work on all Operating Systems?
It is designed for Microsoft Windows operating systems.
What are the Typical Uses for NetScanTools?
NetScanTool was created to help people in internet information gathering and network troubleshooting. With this tool, you can automatically research IPv4 and IPv6 addresses, domain names, hostnames, email address and URLs. Tools that are automated are started by the user and it means that several tools are being used to do the research and then the results will be presented in the users’ web browser.
What is Unicornscan?
Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was created to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL license.
Is Unicornscan Free?
Yes. Using this tool is free.
Does Unicornscan Work on all Operating Systems?
Unicornscan currently works on Linux operating systems.
What are the Typical Uses for Unicornscan?
Unicornscan is intended to give researchers a superior interface for introducing a stimulus and measuring a response from a TCP/IP enabled network or device. Features of Unicornscan includes an Asynchronous stateless TCP banner grabbing, asynchronous stateless TCP scanning with all variations of TCP Flags, asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response), PCAP file logging and filtering, relational database output, active and Passive remote OS, application, and component identification by analyzing responses, custom module support and customized data-set views.
[continued from top of page]
What is Network Scanning?
This concept refers to, somewhat obviously, scanning the network! ‘Ports’ on a network can be considered as being the entry points to a machine, or computer (box) that is connected to the Internet. An application or service that listens on a port functions by receiving data (bytes) from a client application, processing that data and then sending it back. If a network is hacked into, or compromosed, then a malicious client can be programmed to exploit vulnerabilities in the server code with the purpose of being able to gain access to sensitive data or execute malicious code remotely. The communication and commands would be administered through the implementation of a Remote Access Tool (RAT).
What is Port Scanning?
Network scanning and port scanning are often used interchangeably. Port scanners (of which there are several, such as Angry IP Scanner, NetScanTools, Unicornscan and NetworkMiner) are used by system and network administrators to verify security profiles of networks to prevent hackers from being able to identify services running on a host that have exploitable vulnerabilities. Of course, if a network admin (or any other IT professional) performing a scan discovers a vulnerability then there priority is to patch the hole without delay. Port scanning is a task performed in the initial phase of a penetration test (‘pentest’) in order to establish all network entry points into the target system.
Why are there so many ‘Network and Port Scanning’ tools?
At first it might seem that there are a ton of ‘similar’ tools. However, most of them service a particular need, or said in a more technical way, the tools have an expertize with regards to certain protocol scanning, for example, some are better at TCP ports scanning rather than UDP ports scanning and vica versa.