A comprehensive port scanning tool with vulnerability assessment, CVE lookup, and advanced reporting features - designed to go beyond nmap's capabilities with specialized security features.
- β Multi-threaded port scanning - Fast scanning with configurable thread count (up to 100+ threads)
- β Service identification - Automatic detection of 20+ common services (SSH, HTTP, MySQL, etc.)
- β Banner grabbing - Extract service version information and HTTP headers
- β URL support - Works with full URLs (http://example.com, https://example.com:8080)
- β
Flexible port specification - Support for individual ports and ranges (e.g.,
80,443,1000-2000)
- Maps detected services to known vulnerabilities
- Service-specific vulnerability database
- Provides remediation recommendations
- Examples:
- FTP β Brute Force, Default Credentials, Clear Text Auth
- MongoDB β No Authentication, Data Exposure
- MySQL β SQL Injection, Remote Root Access
- SSH β Weak Key Exchange, Version Enumeration
- Lookup known CVEs for detected services
- Links to CVSS severity ratings
- Covers major databases like:
- Apache (CVE-2021-41773, CVE-2021-42013)
- Nginx (CVE-2021-23017)
- OpenSSH (CVE-2021-28041)
- MySQL, PostgreSQL, MongoDB, FTP, Tomcat, IIS
- Extract certificate details (Subject, Issuer, Validity)
- Check certificate expiration
- Warn about expired or soon-to-expire certificates
- Detect SSL/TLS weaknesses
- Send custom payloads to detected services
- Test common vulnerabilities:
- Path traversal attacks
- SQL injection patterns
- XSS payloads
- Command injection
- Banner grabbing for service fingerprinting
JSON Reports:
- Machine-readable format for CI/CD integration
- Includes all scan metadata
- Perfect for automation
HTML Reports:
- Beautiful, professional formatting
- Color-coded severity levels
- Interactive tables
- Print-friendly design
- Includes recommendations
- π΄ CRITICAL: FTP, TELNET, MongoDB, Redis, SNMP
- π΄ HIGH: MySQL, PostgreSQL, MSSQL, RDP, HTTP
- π‘ MEDIUM: SSH, SMTP, LDAP
- π΅ LOW: Other services
- Python 3.6+
- Standard library only (optional
requestsfor enhanced CVE lookup)
pip install requests# Scan top 1000 ports
python Advanced_Port_Scanner.py -H example.com
# Scan specific ports
python Advanced_Port_Scanner.py -H example.com -p 80,443,22
# Scan port range
python Advanced_Port_Scanner.py -H example.com -p 1-1000# Scan single port
-p 80
# Multiple ports
-p 80,443,22,3306
# Port range
-p 1000-2000
# Combined
-p 80,443,1000-2000,3306,5432# With more threads (faster)
python Advanced_Port_Scanner.py -H example.com -p 1-10000 -t 100
# Custom timeout
python Advanced_Port_Scanner.py -H example.com -p 80,443 --timeout 5
# From URL
python Advanced_Port_Scanner.py -H https://example.com -p 1-1000# Enable CVE lookup
python Advanced_Port_Scanner.py -H example.com -p 80,443 --cve
# Analyze SSL/TLS
python Advanced_Port_Scanner.py -H example.com -p 443 --ssl# Generate JSON report
python Advanced_Port_Scanner.py -H example.com -p 1-1000 --json report.json
# Generate HTML report
python Advanced_Port_Scanner.py -H example.com -p 1-1000 --html report.html
# Both reports
python Advanced_Port_Scanner.py -H example.com --html scan.html --json scan.json --cve# Test for XSS vulnerability on port 80
python Advanced_Port_Scanner.py -H example.com -p 80 --payload "80:<script>alert('XSS')</script>"
# Test for path traversal
python Advanced_Port_Scanner.py -H example.com -p 80 --payload "80:../../etc/passwd"
# Custom HTTP request
python Advanced_Port_Scanner.py -H example.com -p 80 --payload "80:GET /admin HTTP/1.1"# Full security assessment with all features
python Advanced_Port_Scanner.py \
-H example.com \
-p 1-10000 \
-t 100 \
--ssl \
--cve \
--html security_report.html \
--json vulnerabilities.json[+] Resolved example.com to 93.184.216.34
=== ADVANCED PORT SCANNER ===
Target: example.com
Ports: 3
Threads: 50
[+] Port 80: OPEN - HTTP - Banner: HTTP/1.1 200 OK
[+] Port 443: OPEN - HTTPS - Banner: HTTP/1.1 301 Moved Permanently
[+] Port 22: CLOSED/FILTERED
=== VULNERABILITY ASSESSMENT ===
[!] Service: HTTP (Port 80)
Severity: HIGH
Known Vulnerabilities:
- XSS
- SQL Injection
- CSRF
- Missing HTTPS
- Summary statistics with open/closed port counts
- Detailed service information
- Vulnerability mapping
- CVE references
- Professional styling with color-coded severity
{
"scan_info": {
"target": "example.com",
"start_time": "2026-05-30T10:30:00",
"end_time": "2026-05-30T10:30:15",
"duration_seconds": 15
},
"open_ports": [
{
"port": 80,
"service": "HTTP",
"banner": "Apache/2.4.41",
"vulnerabilities": ["XSS", "SQL Injection", "CSRF"]
}
],
"statistics": {
"total_scanned": 1000,
"open_ports": 2,
"closed_filtered": 998
}
}| Feature | nmap | Advanced Scanner |
|---|---|---|
| Port Scanning | β | β |
| Service Detection | β | β |
| Banner Grabbing | β | β |
| SSL Analysis | β (with --sC) | β Built-in |
| Vulnerability Assessment | β | β |
| CVE Lookup | β | β |
| Severity Scoring | β | β |
| HTML Reports | β | β |
| Custom Payloads | β | β |
| Easy to Use | β |
- Only scan networks/systems you own or have explicit permission to scan
- Unauthorized port scanning may be illegal in your jurisdiction
- Use for legitimate security testing and vulnerability assessment only
- Increase
--threadsfor faster scanning (default 50) - Reduce
--timeoutfor faster scanning (default 2 seconds) - Scan specific ports instead of large ranges when possible
- Always get written permission before scanning
- Start with small port ranges for testing
- Review HTML reports carefully
- Compare results with other tools
- Document all findings
- Keep reports for compliance records
# Check if hostname is valid
# Try with IP address instead
python Advanced_Port_Scanner.py -H 93.184.216.34 -p 80,443# Increase thread count and reduce timeout
python Advanced_Port_Scanner.py -H example.com -p 1-10000 -t 200 --timeout 1# Might be firewall blocking - try common ports
python Advanced_Port_Scanner.py -H example.com -p 80,443,22,25,3306- On some systems, might need elevated privileges for low-numbered ports
- Try running as administrator if needed
Main scanning class with multi-threading support
scanner = PortScanner(host, ports, timeout=2, threads=50)
scanner.resolve_host()
scanner.scan()
scanner.assess_vulnerabilities()
scanner.generate_report('report.json')CVE database integration
cve_lookup = CVELookup()
cves = cve_lookup.lookup_cves('Apache')Custom payload testing
sender = PayloadSender(host, port, timeout=3)
response = sender.send_payload('GET / HTTP/1.1')Professional report generation
HTMLReportGenerator.generate_html_report(scanner, 'report.html', cve_lookup)python Advanced_Port_Scanner.py -H example.com -p 80,443,8080,8443 \
--ssl --cve --html web_scan.html \
--payload "80:../../../etc/passwd"python Advanced_Port_Scanner.py -H example.com -p 1-65535 \
-t 200 --ssl --cve \
--html full_assessment.html --json findings.jsonpython Advanced_Port_Scanner.py -H db.example.com \
-p 3306,5432,27017,6379 --cve --html db_audit.htmlFeel free to extend this scanner with:
- More vulnerability signatures
- Additional report formats
- Enhanced banner grabbing
- WAF detection
- Custom scanning modules
This tool is provided as-is for security testing purposes. Always use responsibly and legally.
Created: May 2026
Language: Python 3.6+
Dependencies: Standard library + optional requests module