Nmap
Nmap Nmap is the gold-standard port scanner with SYN, UDP, and version detection modes, scripting NSE for vuln hints during recon sweeps across networks. Tune timings with -T for stealth or speed, outputting XML for piped tools in your discovery chain. Open-source from Gordon Lyon, it's the port pioneer for pentesters mapping open doors with unmatched flexibility.
Explore →Masscan
Masscan Masscan is the ultra-fast banner grabber that scans the entire internet for ports at 10M packets/sec, emulating Nmap's output for seamless recon pipelines. Configure rates with --rate, targeting ranges for open host lists without full connects. Open-source from robertdavidgraham, it's the speed demon for analysts blasting through global perimeters.
Explore →RustScan
RustScan RustScan is the blazing port finder that auto-pipes discoveries to Nmap for service enum, blending Rust efficiency with full-scan coverage in seconds. Install via cargo, run with -- -sV for versions, customizing adapters for targeted probes. Open-source from RustScan, it's the turbo tracker for pentesters accelerating port recon without manual hops.
Explore →Naabu
Naabu Naabu is the host-aware port scanner with SYN probes and service hints, resolving IPs for efficient discovery in OSINT workflows. Run its Go CLI on CIDRs with -top-ports, filtering outputs for alive hosts. Open-source from projectdiscovery, it's the port pathfinder for recon rangers templating quick viability checks.
Explore →ZMap
ZMap ZMap is the single-packet scanner for IPv4 port discovery, probing billions of hosts with modular outputs for census or blackhole mapping in global recon. Compile its C code, run on /0 with -p for ports, chaining to ZGrab for details. Open-source from zmap-io, it's the census cartographer for researchers plotting exposed ports worldwide.
Explore →Unicornscan
Unicornscan Unicornscan asynchronously scans TCP/UDP ports with statistical analysis, grabbing banners for service hints in large-scale discovery. Target subnets via its C binary with /tcp flags, parsing stats for anomaly trends. Open-source from Rapid7, it's the async analyst for pentesters crunching port data with probabilistic insights.
Explore →hping3
hping3 hping3 crafts custom packets for port scans with SYN floods or ICMP pings, evading filters with fragmentation for stealthy recon on firewalls. Compile from TCL/C, run --scan on ranges for alive checks. Open-source from antirez, it's the packet provocateur for pentesters prodding ports creatively.
Explore →netcat (nc)
netcat (nc) netcat's connect scan mode probes ports with -z for zero I/O, scripting loops for basic discovery on remote hosts without advanced features. Use variants like ncat for scripting with delays, piping responses for validation. Open-source staple from Hobbit, it's the raw connector for pentesters handshaking ports directly.
Explore →Angry IP Scanner
Angry IP Scanner Angry IP Scanner is the Java GUI for ping and port sweeps, discovering hosts with NetBIOS resolution for quick LAN inventories in visual recon. Set ranges in its app, select ports, and export CSV for follow-ups. Open-source from angryip, it's the GUI gazer for beginners scanning ports with user-friendly flair.
Explore →Zenmap