overview
A command-line TCP port scanner written in pure Python. No Nmap, no Scapy — just
socket and threading. Built as a real tool, not a demo.
Features
- Multithreaded scanning — configurable thread count, defaults to 100
- Flexible port specification: ranges (
1-1024), lists (22,80,443), or mixed - Banner grabbing — connects to open ports and reads the first response to identify service versions
- 35+ known service names mapped by port number
- Coloured terminal output via
colorama - Optional
--outputflag to save results to a plain-text report - Graceful handling of timeouts, refused connections, and binary protocols
Usage
python scanner.py <target> [--ports 1-1024] [--threads 100] [--output file.txt] [--no-banner] [--timeout 1.0]Examples
# Scan default range (1–1024) on a local host
python scanner.py 192.168.1.1
# Full scan with 200 threads
python scanner.py scanme.nmap.org --ports 1-65535 --threads 200
# Specific ports, save to file
python scanner.py example.com --ports 22,80,443,8080 --output results.txt
# Fast scan, skip banner grabbing
python scanner.py 10.0.0.1 --no-banner --threads 500How it works
Ports are loaded into a Queue. Worker threads pull from the queue, attempt a TCP
connect_ex(), and on success try to grab a banner. Banner grabbing sends a
protocol-appropriate probe (e.g. an HTTP HEAD request for port 80, or just reads the
initial response for SSH/FTP/SMTP which send banners on connect). The result is collapsed to a
clean single line, capped at 200 characters.
A threading.Lock protects the results list. Open ports are printed live as threads
find them — you don't wait until the scan finishes to see output.
Requirements
pip install coloramaEverything else is stdlib.
Responsible use
Only scan hosts you own or have explicit permission to scan. Unauthorised port scanning may be illegal depending on your jurisdiction.