Download KPort Scan Zip
TCPView is a Windows program that will show you detailed listings of allTCP and UDP endpoints on your system, including the local and remoteaddresses and state of TCP connections. On Windows Server 2008, Vista,and XP, TCPView also reports the name of the process that owns theendpoint. TCPView provides a more informative and conveniently presentedsubset of the Netstat program that ships with Windows. The TCPViewdownload includes Tcpvcon, a command-line version with the samefunctionality.
Download KPort Scan zip
Nmap only supports ethernet interfaces (including most802.11 wireless cards and many VPN clients) for raw packet scans.Unless you use the -sT -Pn options, RAS connections(such as PPP dialups) and certain VPN clients are not supported. Thissupport was dropped when Microsoft removed raw TCP/IP socket supportin Windows XP SP2. Now Nmap must send lower-level ethernet framesinstead.
When using Nmap without Npcap, you cannotgenerally scan your own machine from itself (using aloopback IP such as 127.0.0.1 or any of itsregistered IP addresses). This is a Windows limitation that wehave worked around in Npcap, which is included in the Windows self-installer.Users stuck without a Npcap installation can use a TCPconnect scan without pinging (-sT -Pn) as that usesthe high level socket API rather than sending rawpackets.
Scan speeds on Windows are generally comparable to those onUnix, though the latter often has a slight performance edge. Oneexception to this is connect scan (-sT), which isoften much slower on Windows because of deficiencies in the Windowsnetworking API. This is a shame, since that is the one TCP scan thatworks over all networking types (not just ethernet, like the raw packet scans).Connect scan performance can beimproved substantially by applying the Registry changes in thenmap_performance.reg file included with Nmap. By default these changes are applied for you by the Nmap executable installer. This registry fileis in the nmap-directory of the Windows binary zip file, andnmap-/mswin32in the source tarball (where is theversion number of the specific release). These changes increasethe number of ephemeral ports reserved for user applications (such asNmap) and reduce the time delay before a closed connection canbe reused. Most people simply check the box to apply these changes in the executable Nmap installer, but you can also apply them by double-clicking onnmap_performance.reg, or by running the commandregedt32 nmap_performance.reg. To make the changes by hand, add these three Registry DWORD values toHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters:
Every stable Nmap release comes with Windowscommand-line binaries and associated files in a Zip archive. Nographical interface is included, so you need to runnmap.exe from a DOS/command window. Or you candownload and install a superior command shell such as those includedwith the freeCygwinsystem available from Here are the step-by-step instructions for installing and executing the Nmap .zip binaries.
Uncompress the source code file you just downloaded. Thesource code directory and the nmap-mswin32-aux mustbe in the same parent directory.Recent releases of the free Cygwin distribution can handle both the .tar.bz2 and .tgz formats. Use the command tar xvjf nmap-version.tar.bz2 or tar xvzf nmap-version.tgz, respectively. Alternatively, the common WinZip application can decompress these files.
Get the latest Nmap for your system:WindowsmacOSLinux (RPM)Any other OS (source code)Older versions (and sometimes newer testreleases) are available from the Nmap release archive(and really old ones are in dist-old).For the moresecurity-paranoid (smart) users, GPG detached signatures and SHA-1hashes for each release are available in the sigsdirectory (verification instructions). Before downloading, be sure to read the relevant sections for your platform from the Nmap Install Guide. The mostimportant changes (features, bugfixes, etc) in each Nmap version aredescribed in the Changelog. Using Nmap is covered in the Reference Guide, and don't forget to readthe other available documentation, particularly the official book Nmap Network Scanning!Nmap users are encouraged to subscribe to the Nmap-hackersmailing list. It is a low volume (7 posts in 2015), moderated listfor the most important announcements about Nmap, Insecure.org, andrelated projects. You can join the 128,953 current subscribers (as ofSeptember 2017) by submitting your email address here:(or subscribe with custom options from the Nmap-hackers list info page)
You can scan ports on fast machines in a few seconds and can perform scan on predefined port ranges. This tool uses TCP packets to determine available hosts and open ports, service associated with port and other important characteristics. The tool is designed with a user-friendly interface and is easy to use.
DEB and RPM packages will install appropriate 'desktop' files, so Angry IP Scanner will appear in Applications menu, under either Internet or Networking. Alternatively, you can just type ipscan to launch the application.
Reliable and free network scanner to analyze LAN. The program shows all network devices, gives you access to shared folders, provides remote control of computers (via RDP and Radmin), and can even remotely switch computers off. It is easy to use and runs as a portable edition. It should be the first choice for every network admin.
GoScan is a network scanner with an interactive interface that automates some Nmap enumeration functions. It has clever tab auto-completion and an SQLite database on the back end to keep connections and data stable even in unreliable circumstances.
The EyeWitness function, which takes screenshots of webpages and VNC servers, is included in the eyewitness scan. The only constraint is that EyeWitness must be installed in the system PATH for it to function. The domain scan can also be used to enumerate domain information such as users, hosts, and servers.
SCTPscan is a tool to scan SCTP enabled machines. Typically, these are Telecom oriented machines carrying SS7 and SIGTRAN over IP. Using SCTPscan, you can find entry points to Telecom networks. This is especially useful when doing pentests on Telecom Core Network infrastructures. SCTP is also used in high-performance networks (internet2).
For example, agents and relays must be able to download software updates from files.trendmicro.com on port 80 or 443. You have allowed that TCP/IP connection on your firewall. However, the connection contains the HTTP or HTTPS protocol, which web proxies and web filters can block -- not only firewalls. So you must configure them, too, to allow or and all sub-URLs.
A recently minted list, this Free to download list uses methodology that combines some of the other top 1 million site lists mentioned above. By using a combination of lists they believe they have a more accurate list and have even written a paper to explain it.
This is a command-line tool that scans for open NETBIOS nameservers on alocal or remote TCP/IP network, and this is a first step in finding ofopen shares. It is based on the functionality of the standard Windowstool nbtstat, but it operates on a range of addresses insteadof just one. I wrote this tool because the existing tools either didn'tdo what I wanted or ran only on the Windows platforms: mine runs on justabout everything.
Windows - The Win32 version of the tool, which works well on Windows 9x,NT and 2000, is available below as nbtscan.exe.It's written in portable C and is less than 40 kbytes, requires nospecial libraries or DLLs, and is run in an MS-DOS command window. Ipromise that the tools have no viruses, backdoors, or any other kind ofovert bad behavior. I don't promise that there are no bugs.
Our tool has taken this approach. Not only does it scan rangesof addresses -- instead of just one machine -- but it can fully decodemost of the resource record types and can summarize the interestingdata on a one-line display.
We try very hard to make it easy to describe the list of machinesthat are to be scanned, and our "add_target" library function is usedby most of our scanning tools. Accordingly, this explanatory text will beshared as well.
To scan an entire range of address, it's much easier to specifythe netmask in /nbits notation rather than list dozens orhundreds of hosts. The number after the slash gives the number ofbits (out of 32) are the "network" part, the reset being "host". Forinstance, 192.168.7.0/24 is a full class C from 192.168.7.0 to192.168.7.255. Traditionally, the slash notation has requird that the"base" address be at the start of the given range, but our tooldetermines this automatically, so any address will do.
This is a summary of all /nbits notations for 16-30. The values/31 or /32 don't specify valid netmasks, and /1 to /15cover so much ground that we don't recommend scanning them. Pleasesee Netmask Reference.
When scanning a remote network with the slash notation, the toolexcludes the first and last address of the range that would otherwise beimplied by the netmask. This is because the first and last addresses areusually reserved for broadcast to the local network segment. For instance,when considering 10.1.1.0/24, the addresses 10.1.1.0 and10.1.1.255 are not included.
However, this is only useful if the netmask chosen matches the netmaskused by the other end. If it doesn't match, the two excluded addressescould very match an address being checked. For instance, trying to scan10.1.1.32/29 would run from 10.1.1.33 to 10.1.1.38, which correspondsto the /29 network of 8 address (less two used by broadcast). But ifthe remote network is not a /29 but is (say), a /24, then the dot-32address could very well be a valid one and would be ignored.
Note that some older Windows clients will respond to port 137 even ifthe source port is something else, and these will be blocked at thefirewall. If you're running nbtscan on a Windows machine, theprogram will never bind to this port anyway, so it's just as well thatthe firewall blocks it. 041b061a72