Port Scanner
Scan common HTTP(S), mail, FTP, VPN, and admin ports on your current public IP. Timeout-safe: partial results are still returned.
What This Port Scanner Checks
This tool runs a curated exposure audit against your current public IP and checks common internet-facing service ports across web, mail, FTP, VPN, and admin categories. It probes both TCP and UDP where relevant to catch realistic external reachability, then groups findings by service type so you can triage quickly.
How to Read Port Statuses
- open: a service accepted the probe and is reachable from the internet.
- closed: host responded that no service is listening on that port.
- filtered: firewall or network controls likely blocked the probe path.
- timeout: no result within probe timeout; treated as non-fatal.
- open_or_filtered (UDP): no UDP response; can be open or filtered.
Why Open Ports Matter
Every reachable service increases attack surface. Exposed ports can be scanned continuously by bots looking for weak credentials, outdated software, default configs, or known CVEs. Even if a service is legitimate, restricting who can reach it significantly reduces risk.
How to Reduce Port Exposure
- Close unnecessary services and disable auto-start daemons you do not use.
- Use host firewall rules to allow-list trusted source IPs for admin ports.
- Never expose management interfaces directly without strong authentication.
- Patch internet-facing services quickly and rotate credentials regularly.
- Place reverse proxies/WAF in front of public web services where appropriate.
Scan Limits and Accuracy
This scanner is optimized for speed and reliability with strict timeouts and partial-result fallback. It is a practical first-pass audit, not a full vulnerability assessment. For deep validation, combine these findings with host-level logs and service-specific security checks.
Related Tools & Guides
- IP Lookup - verify geolocation, ASN, and connection risk context for your IP.
- HTTP Headers Inspector - check what browser/network metadata your requests expose.
- DNS Leak Test - validate DNS privacy when using VPN or custom DNS.
- Full Privacy Scan - run the complete multi-phase network and fingerprint audit.
Frequently Asked Questions
Can this tool scan any host on the internet?
No. This endpoint scans only your current public IP for abuse protection. It is designed as a self-audit tool, not a remote scanner.
What does UDP "open_or_filtered" mean?
UDP often provides no response even when a service is open. "open_or_filtered" means no reply was received before timeout, so the port may be open or filtered by a firewall.
Why do I see partial scan results?
The scanner enforces hard per-port and global timeouts to stay fast and resilient. If time limits are reached, partial findings are returned instead of failing.
If a port is open, am I automatically vulnerable?
Not always. An open port only means a service is reachable. Risk depends on service configuration, authentication, patch level, and firewall policy.
How often should I run a port scan?
Run after router changes, VPN changes, firewall edits, opening new services, or deploying a self-hosted app. Weekly spot checks are a good baseline.