Free Open Ports Scan (Non-Intrusive)

Free tool

Non-intrusive scan across 30+ critical ports (SSH, RDP, MySQL, Postgres, Redis, Mongo) to map your external attack surface in under a minute.

  • Common port scan
  • Non-intrusive
  • Service banner hints
No credit card requiredProduction-safe (100% passive)No setup or code required
Trusted by 4,500+ security & engineering teams
Oracle logoShopify logoGoDaddy logoChubb logoToshiba logoMAPFRE logoBelfius logoGBG logoWEKA logoShift Technology logoCarsome logoGrandstream logoSuzano logoHolcim logo

What you get for free

18 core security checks via this tool, passive scans, step-by-step remediation, security score on every result.

What Essential adds at $39/mo

+17 advanced checks, continuous monitoring, daily security score history, email alerts, GitHub SAST, board-ready PDFs, SOC 2 / ISO 27001 / PCI reports.

Security Risks of Open Ports

Attack Surface Expansion:
  • Increases potential entry points for attackers
  • Exposes services that may have vulnerabilities
  • Provides reconnaissance information to attackers
  • Enables service-specific attack techniques
Common Vulnerabilities:
  • Service identification and version detection
  • Outdated software versions with known exploits
  • Misconfigured services and unnecessary features
  • Unencrypted data transmission and storage
Compliance & Regulatory Issues:
  • Violates security best practices and standards
  • May breach compliance requirements (PCI DSS, HIPAA)
  • Increases audit findings and remediation costs
  • Demonstrates poor security posture to stakeholders

How to reduce exposure

Priority-Based Remediation:
  • Address Critical and High-risk ports first
  • Follow port-specific security recommendations
  • Use risk categorization to prioritize fixes
  • Implement dynamic scoring to track improvements
Network Security Controls:
  • Implement firewall rules to block unnecessary ports
  • Use network segmentation and VLAN isolation
  • Configure load balancers and reverse proxies
  • Implement IP whitelisting and access controls
Service Hardening:
  • Disable unused services and unnecessary features
  • Update software to latest secure versions
  • Configure strong authentication and access controls
  • Implement encryption for data in transit and at rest

What this scan checks

Comprehensive Port Coverage:
  • Web services (80, 443, 8080, 8443)
  • SSH and remote access (22, 3389, 5900)
  • Database services (3306, 5432, 1433, 6379, 1521, 27017, 27018, 5984)
  • Email services (25, 110, 143, 993, 995)
  • File sharing (21, 22, 2049)
  • Modern services (Docker, WinRM, and 30+ critical ports)
Risk Assessment & Categorization:
  • 4-tier risk categorization (Critical, High, Medium, Low)
  • Dynamic scoring with risk-based point deduction
  • Port-specific security recommendations
  • Attack surface mapping with risk prioritization
Network Exposure Analysis:
  • External accessibility testing from external perspective
  • Comprehensive attack surface mapping
  • Service exposure analysis with security recommendations
  • Parallel scanning with proper timeouts for efficiency

Across 1,095 recent network scans, 43.6% have at least one externally-reachable port that should be closed.

Implementation examples

Once you've identified the gap, applying the fix is straightforward. Here are the three configurations developers reach for most often to close an unwanted port.

Linux host firewall (ufw)

# Default-deny inbound, allow only what you need
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Public web traffic
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# SSH only from a trusted admin range
sudo ufw allow from 203.0.113.0/24 to any port 22 proto tcp

# Explicitly close a previously exposed database port
sudo ufw deny 3306/tcp
sudo ufw enable

AWS Security Group (Terraform)

resource "aws_security_group" "web" {
  name        = "web-sg"
  description = "Public web only; admin scoped to office IP"
  vpc_id      = var.vpc_id

  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["203.0.113.10/32"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

GCP firewall rule (gcloud)

# Allow only HTTPS from anywhere
gcloud compute firewall-rules create allow-https \
  --network=default \
  --direction=INGRESS \
  --action=ALLOW \
  --rules=tcp:443 \
  --source-ranges=0.0.0.0/0

# Restrict SSH to a known admin CIDR
gcloud compute firewall-rules create allow-ssh-admin \
  --network=default \
  --direction=INGRESS \
  --action=ALLOW \
  --rules=tcp:22 \
  --source-ranges=203.0.113.0/24

# Deny direct access to the database tier
gcloud compute firewall-rules create deny-db-public \
  --network=default \
  --direction=INGRESS \
  --action=DENY \
  --rules=tcp:3306,tcp:5432,tcp:6379,tcp:27017 \
  --source-ranges=0.0.0.0/0

Tool-specific questions

Is this port scan intrusive or harmful?

No, our port scan is completely non-intrusive and safe. We only perform lightweight connection attempts to common ports and never attempt to exploit vulnerabilities, brute-force credentials, or stress test services. The scan is designed to be respectful of your infrastructure.

Why do some ports appear open intermittently?

Port accessibility can vary due to CDN configurations, WAF rules, autoscaling, load balancing, or network routing changes. This is normal behavior in dynamic cloud environments. Regular monitoring helps track these changes over time.

Which ports are most commonly targeted by attackers?

Attackers frequently target SSH (22), RDP (3389), MySQL (3306), PostgreSQL (5432), Redis (6379), MongoDB (27017), and Oracle (1521). Our scan covers 30+ critical ports including these high-risk services, with risk categorization to help prioritize your security efforts.

What's the difference between open and filtered ports?

Open ports accept connections and respond to probes, while filtered ports are blocked by firewalls or other security controls. Filtered ports are generally more secure as they prevent external access, but they should still be monitored for configuration changes.

How often should I scan for open ports?

Regular port scanning is essential, especially after infrastructure changes, deployments, or security updates. Use Barrion's continuous monitoring to track port changes over time and receive alerts when new services become accessible externally.

What should I do if I find unexpected open ports?

Investigate immediately to determine if the service is legitimate and necessary. If not needed, close the port or restrict access. If required, ensure it's properly secured with strong authentication, encryption, and access controls. Document all findings and remediation steps.

Can I use this scan for compliance auditing?

Yes, our port scan results can help with compliance auditing by identifying external service exposure. However, supplement with internal scans and comprehensive security assessments for complete compliance coverage. Document all findings for audit purposes.

What's the best way to secure database ports?

Never expose database ports directly to the internet. Use VPN access, bastion hosts, or application-level connections. Implement strong authentication, encryption, network segmentation, and regular security updates. Monitor all database access and implement least privilege principles.

How does the risk categorization system work?

Our scan uses a 4-tier risk categorization system (Critical, High, Medium, Low) to help prioritize security efforts. Critical and High-risk ports require immediate attention, while Medium and Low-risk ports should be addressed based on your security requirements. The dynamic scoring system tracks improvements over time.
Why Barrion

Built for the engineers who already have enough to fix.

Speed

Real-time results

Instant analysis with a detailed report. You see findings as the scan runs, not after.
Coverage

Comprehensive checks

35+ checks per scan covering TLS, headers, CORS, cookies, DNS, email auth, and more, in a single pass.
Action

Step-by-step fixes

Every finding ships with the exact remediation step for your framework. Hand it to the engineer who owns the surface.
FAQ

Frequently asked.

What is Barrion and how does it enhance website security?
Barrion is a security testing and monitoring platform for engineering teams, and it works in three ways. Passive scanning keeps a continuous, read-only watch over your live web apps and APIs. Codebase scanning connects to GitHub and checks your code for hard-coded secrets, insecure patterns and vulnerable dependencies. AI pentesting goes on the offensive, running agent-driven attacks that prove which vulnerabilities are genuinely exploitable. Every finding comes with a step-by-step fix you can ship right away.
How safe is Barrion to use for security testing?
Passive scanning and codebase scanning are completely safe to run, including against production. Passive scans only read your live app, so we never submit forms, brute-force endpoints or touch anything that changes state, and codebase scanning just reads your repository. AI pentesting is more aggressive by design, since its job is to confirm real exploits, so it runs rate-limited and non-destructive, and you agree the scope with us before it starts.
What types of security issues does Barrion identify?
It depends on the surface. On your live apps, Barrion catches misconfigurations across TLS and HTTPS, security headers, cookie flags, CORS policy, DNS records, email authentication (SPF, DKIM, DMARC), network exposure and the usual web hygiene gaps. In your codebase it finds secrets committed to the repo, insecure code patterns and vulnerable dependencies. AI pentesting surfaces the exploitable stuff, like SQL injection, cross-site scripting and broken access control, each one backed by proof it can actually be exploited.
What specific security checks does Barrion perform?
For live apps it checks TLS and HTTPS configuration, HTTP security headers, cookie flags, CORS policy, DNS and email authentication records, network exposure and common web hygiene issues. In your codebase it looks for hard-coded secrets, insecure patterns and vulnerable dependencies. AI pentesting takes it further by actively chaining requests to confirm exploitable flaws. Whatever the source, findings are ranked by severity and come with clear, step-by-step remediation.
What is Barrion's smart crawling?
Smart crawling automatically discovers the pages and endpoints of your app so scans cover the surface that matters, without you manually listing every URL.
How often does Barrion perform security scans?
You can run a scan manually whenever you want. Continuous monitoring of your live apps runs on its own (weekly and up on Essential, daily on Business), codebase scans can fire on every commit or pull request, and we alert you the moment something new shows up.
Is Barrion suitable for security testing of all business sizes?
Yes. Live-app monitoring, codebase scanning through GitHub and AI pentesting all work just as well for a solo developer as for a startup, a scale-up or an enterprise security team, without adding headcount.
How does Barrion handle data security and privacy during security testing?
Live-app and codebase scans are read-only by default, and we never store or expose sensitive data from your application. AI pentests are rate-limited and non-destructive, built to confirm whether something is exploitable without altering your data or affecting availability.
What if I'm not satisfied with Barrion's security testing service?
Paid plans start with a free trial, and you can cancel anytime. If something isn't right, contact us and we'll make it work for your team.
How does Barrion help with SOC 2, ISO 27001, NIS2, and other compliance frameworks?
Barrion produces audit-ready PDF and CSV reports suitable for SOC 2, ISO 27001, PCI DSS and NIS2, ready to share with auditors, customers and your board.

Anything else? Email contact@barrion.io.

Run a full report on your site.

Free first scan covers every check, no signup needed. Sign up to save the report and turn on continuous monitoring.