Advanced Port Scanner with Banner Extraction

A professional-grade port scanner with comprehensive banner grabbing capabilities, multi-threading support, and detailed service detection. Perfect for cybersecurity professionals, penetration testers, and network administrators.

🚀 Features

Core Scanning Capabilities

• TCP Port Scanning: Comprehensive port range scanning
• Banner Extraction: Advanced banner grabbing with service-specific requests
• Service Detection: Automatic service identification
• Multi-threading: Configurable thread pool for optimal performance
• Progress Tracking: Real-time scan progress monitoring

Advanced Banner Grabbing

• Service-Specific Requests: Custom requests for different services
• HTTP/HTTPS Detection: Web server identification
• Database Services: MySQL, PostgreSQL, MongoDB, Redis detection
• Mail Services: SMTP, POP3, IMAP banner extraction
• Custom Protocols: FTP, SSH, Telnet, RDP support

Professional Features

• Command-line Interface: Full CLI with comprehensive options
• Multiple Output Formats: JSON and CSV export
• Verbose Mode: Detailed logging and debugging
• Configurable Timeouts: Adjustable connection timeouts
• Error Handling: Robust error management
• Performance Optimization: Efficient threading and resource management

📋 Requirements

• Python 3.6+
• No external dependencies (uses only standard library)

🛠️ Installation

1. Clone or download the script:

   wget https://raw.githubusercontent.com/Sergios9494/port-scanner-tool/main/port_scanner.py

2. Make it executable:

   chmod +x port_scanner.py

3. Run the scanner:

   python3 port_scanner.py --help

🎯 Usage

Basic Usage

# Scan common ports on a target
python3 port_scanner.py 192.168.1.1

# Scan specific port range
python3 port_scanner.py 192.168.1.1 --ports 1-1000

# Scan specific ports
python3 port_scanner.py example.com --ports 80,443,8080,8443

Advanced Usage

# Verbose scan with custom threads
python3 port_scanner.py 10.0.0.1 --ports 1-65535 --threads 200 --verbose

# Save results to file
python3 port_scanner.py target.com --ports 1-1000 --output scan_results --format json

# CSV output with custom timeout
python3 port_scanner.py 192.168.1.100 --ports 1-1000 --format csv --timeout 5

Command-line Options

• target: Target host (IP address or hostname) [Required]
• --ports, -p: Port range (e.g., 1-1000, 80,443,8080) [Default: 1-1000]
• --threads, -t: Maximum threads [Default: 100]
• --timeout: Connection timeout in seconds [Default: 3]
• --verbose, -v: Enable verbose output
• --output, -o: Output filename (without extension)
• --format: Output format (json/csv) [Default: json]

📊 Output Examples

Console Output

[12:34:56] [INFO] Starting port scan on 192.168.1.1
[12:34:56] [INFO] Scanning 1000 ports with 100 threads
Progress: 1000/1000 ports scanned
[12:34:58] [INFO] Scan completed in 2.15 seconds
[12:34:58] [INFO] Found 3 open ports

========================================================================================================================
PORT SCAN RESULTS
========================================================================================================================
Port     Service              Status     Banner
------------------------------------------------------------------------------------------------------------------------
22       SSH                  Open       SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
80       HTTP                 Open       HTTP/1.1 200 OK
443      HTTPS                Open       HTTP/1.1 200 OK
========================================================================================================================
Total open ports: 3
Scan duration: 2.15 seconds

JSON Output

[
  {
    "port": 22,
    "service": "SSH",
    "banner": "SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2",
    "status": "Open",
    "protocol": "TCP",
    "timestamp": "2024-01-15T12:34:56.789"
  },
  {
    "port": 80,
    "service": "HTTP",
    "banner": "HTTP/1.1 200 OK\nServer: nginx/1.18.0",
    "status": "Open",
    "protocol": "TCP",
    "timestamp": "2024-01-15T12:34:56.890"
  }
]

🔧 Supported Services

Web Services

• HTTP/HTTPS: Web servers (Apache, Nginx, IIS)
• HTTP-Alt: Alternative HTTP ports (8080, 8000, 3000, 5000)
• HTTPS-Alt: Alternative HTTPS ports (8443)

Database Services

• MySQL: Port 3306
• PostgreSQL: Port 5432
• MongoDB: Port 27017
• Redis: Port 6379
• Elasticsearch: Port 9200
• Kibana: Port 5601

Mail Services

• SMTP: Port 25
• POP3: Port 110
• IMAP: Port 143
• POP3S: Port 995
• IMAPS: Port 993

System Services

• SSH: Port 22
• FTP: Port 21
• Telnet: Port 23
• RDP: Port 3389
• DNS: Port 53
• RPC: Port 135
• NetBIOS: Port 139

⚡ Performance Features

Threading Optimization

• Configurable Thread Pool: Adjust based on target and network
• Efficient Resource Management: Proper socket cleanup
• Progress Tracking: Real-time scan progress
• Concurrent Processing: Multiple ports scanned simultaneously

Banner Extraction

• Service-Specific Requests: Custom requests for better banner extraction
• Timeout Management: Configurable timeouts for different services
• Error Handling: Graceful handling of connection issues
• Banner Cleaning: Automatic banner formatting and truncation

🛡️ Security Considerations

Ethical Use

• Authorized Testing Only: Use only on networks you own or have permission to test
• Legal Compliance: Ensure compliance with local laws and regulations
• Responsible Disclosure: Report vulnerabilities through proper channels

Detection Avoidance

• Stealth Scanning: Uses standard TCP connections
• Rate Limiting: Configurable thread limits to avoid overwhelming targets
• Timeout Management: Reasonable timeouts to avoid detection

🔍 Use Cases

Penetration Testing

• Network Reconnaissance: Identify open ports and services
• Service Enumeration: Detailed service identification
• Vulnerability Assessment: Banner analysis for version detection

Network Administration

• Network Inventory: Document network services
• Security Auditing: Identify unauthorized services
• Compliance Checking: Verify service configurations

Bug Bounty Hunting

• Target Reconnaissance: Initial target assessment
• Service Discovery: Find interesting services
• Banner Analysis: Identify vulnerable versions

📈 Performance Tips

Optimization

• Thread Count: Start with 100 threads, adjust based on target
• Timeout Settings: Use 3-5 seconds for most scans
• Port Ranges: Focus on common ports for faster scans
• Verbose Mode: Use only when debugging

Best Practices

• Start Small: Begin with common ports (1-1000)
• Monitor Performance: Watch for network congestion
• Save Results: Always save important scan results
• Document Findings: Keep detailed records

🐛 Troubleshooting

Common Issues

• Connection Refused: Target may be down or filtering connections
• Timeout Errors: Increase timeout value or reduce thread count
• Permission Denied: Ensure you have network access
• No Banners: Some services don't send banners

Debug Mode

# Enable verbose output for debugging
python3 port_scanner.py target.com --ports 80,443 --verbose

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

⚠️ Disclaimer

This tool is for educational and authorized testing purposes only. Users are responsible for ensuring they have proper authorization before scanning any network or system. The authors are not responsible for any misuse of this tool.

📞 Support

For support, questions, or feature requests, please open an issue on GitHub.

---

Happy Scanning! 🚀