Here’s PortNinja, a super fast multithreaded ports scanner that scans for open listening ports on the specified target server using any the following methods:
- All ports in existence (1 – 65,535)
- Top 1,000 common ports only (reference)
- User-specified range of ports
- User-specified individual ports
The user can select one of four scan speed profiles for use case-specific executions, ranging from slowest (most accurate) to fastest (may miss ports), as shown below:
|1||Slowest||Most accurate (zero / minimum missed ports)||~3+ hours|
|2||Slower||Very accurate (minimum missed ports)||~2 hours|
|3||Faster||Fairly accurate (missed ports not impossible)||~15+ minutes|
|4||Fastest||Accurate-ish (may miss ports)||A few seconds|
The default profile is option #3, and provides a fairly accurate result while being fast. However, for specific use cases, a slower or faster profile could be required.
Multithreading was implemented in this program to create a dedicated software thread for each socket to connect to a dedicated port of the specified target. All these sockets/threads are briefly created, then connected to their individual dedicated ports concurrently to maximize the scan rate, and then correctly terminated upon completion of execution.
PortNinja does not perform a stealthy scan, that is, it works on the basis of establishing the complete three-way handshake instead of just sending a SYN flagged packet followed by the RST flagged packet (as it would in a SYN scan). PortNinja terminates each connection with its individual port properly by the time that individual port has been scanned; but this in itself does not by any means dictate that the target will not be aware of all these sudden connection attempts through all of its ports that are being “scanned” by PortNinja.