SecPoint.com Port scanner
Version 4.0
http://www.secpoint.com/Multi-Threaded-TCP-Port-Scanner.html

portscanner is a multithreaded TCP Port scanner with possibility to scan any 
range of TCP ports on any IP address. It has both Connect and Syn scan features.


History: 
--------
## 4.0	- Added mixed port specification for parameter -p, that makes 
		possible to specify port lists and ranges together
		- Added support for Mac os x (thanks to Gary Sims)

## 3.0	Added a number of new features:
	- Added host name resolution
	- Added option -o <filename> for output to file in plain text format
	- Added option -oh <filename> for output to file in html format
	- Added option -ox <filename> for output to file in xml format
	- Reversed the meaning of -r : by default shows port names, with -r does
	  not show them
	- Skipping duplicated open ports: Due to the low delay between two 
	  sends, the pcap library may call the receive function multiple times 
	  for the same port. Increasing the delay time, this problem can be 
	  bypassed, but it will slow down processing. With this solution, it's 
	  possible to keep a low delay and avoid duplicates at once.
	- Changed name to "portscanner"
	- Added target host name to output, if given
	- Removed printing of options -w and -n for Connect scan
	- Help message changed according to the new options
	- Fixed mistyped word "Receovery"
	- Renamed net.h into pscan.h to collect general program definitions
	- Moved version number to macro PSCAN_VERSION
	- unified output by using fprintf(stdout), fprintf(stderr) or 
	  fprintf(file)
	- Improved indentation of code
	- Removed commented lines of code
	- Removed useless function print_status()
	- Removed useless return statements
	- Renamed macro OPENED to OPEN
	- Moved generic output functions to output.c

## 2.0	Added option -s for Syn scan. 
		- Scanning made faster thanks to Syn scan
		- Added even more default ports
		- Improved error handler for Syn scan
		- Improved text output
		- Fixed minor bugs: 
			- changed pathname to oui.txt and port-numbers.txt files
			- added missing call to cleanup function WSACleanup
		A new branch of the program was created to support Syn scan.
		Syn scan was necessary because under some circumstances of heavy 
		load, the Connect scan can hang routers. Syn scan is multi-
		threaded and uses the standard library pcap on Unix/Linux 
		operating systems. Please be aware that Syn scan requires a 
		higher level of authorization, if compared to connect sockets: 
		in Unix/Linux portscanner requires root privilege. 
		In some operating systems, Syn scan is performed using 
		connectionless "raw" sockets, therefore the usage of portscanner
		is subject to possible restriction to the usage of raw sockets in 
		such operating systems. With Syn scan, option -w is not used
		because the program does not use connected sockets, so it 
		doesn't have to loop reading a socket until the timeout is 
		reached. The receive function doesn't have to poll over a number 
		of sockets, but simply reads the packets passing through the 
		network card, for all ports, and displays the message of "open 
		port" when the packet coming from the remote IP contains the 
		information that the remote port is open. For the same reason, 
		options -a and -n are not used. The first one because packets 
		sent to closed ports are simply not being replied to, so they 
		cannot be counted; the second one because the function that 
		reads packets is one, and performs this by reading packets from 
		the network card, not from multiple sockets.
## 1.3	added more default ports.
## 1.2	default port list is now not 1-1024, but is a list of frequently 
		used ports; duplicates check
## 1.1	you could use not only port range, but single ports and port lists 
		(check -p option)
## 1.0	initial release
--------------------------------------------------------------------------------

Description:
------------
This tool could be used to scan ports of certain IP.
It also could describe each port with standard name (well-known and registered
ports). 

To make simple start run it as
./portscanner IP or ./portsacanner hostname
and you will get a list of the most frequently used ports of IP scanned.

But you could choose some options for scan. 
./portscanner hostname [options]


Options:
--------

-p <ports>
Could be used like:
  -p start-end  (-p 130-445)
  -p port	(-p 137)
  -p list	(-p 135,137-145,445,1000-1024,8080)
By default (without -p switch) the tool will make best assumptions and scan 
frequently used ports. Those include ports 1-2000 and our special selection to 
make scan more efficient and quick at the same time. 

-s
Performs a Syn scan. Default is Connect scan. With Syn scan, -n -w and -a are
not used

-n <inst>	default:  -n 10
number of simultaneous instances of scan. More instances - higher the speed,
but higher system resources. Only for Connect scan.

-w <time>	default: -w 1000
Max waiting time for each port in milliseconds. Only for Connect scan.

-a
Report all ports (OPEN, CLOSED and TIMEDOUT). By default you will see 
only OPEN ports reported. Only for Connect scan.

-r
Does not resolve ports to known services. There is a file port-numbers.txt, it 
will be used by default to print name of well-known and registered ports. This 
file should be in CURRENT directory!

-M
MAC lookup of remote IP. Arp system tool used to check for MAC. 

-h
Hide on-fly port displaying (display report at the end)

-o <filename>
Output is redirected to filename in txt format.

-oh <filename>
Output is redirected to filename in html format

-ox <filename>
Output is redirected to filename in xml format

You also could add    > log.txt  or  >> log.txt   to the command to get output
in the file:
./portscanner <IP> [...] > log.txt        this will create or re-create log.txt
./portscanner <IP> [...] >> log.txt       this will append to log.txt


---------------------
www.SecPoint.com Team

Check for more free security scan tools at http://www.secpoint.com
Try port scanner http://www.secpoint.com/free-port-scan.html
and free vulnerability scan at http://www.secpoint.com/free-vulnerability-scan.html
Free windows shares scan tool also available at http://www.secpoint.com
The Portable Penetrator - http://www.secpoint.com/portable-penetrator.html
The Cloud Vulnerability Scanner http://www.secpoint.com/cloud-penetrator-web-vulnerability-scanner.html