loading
loading
Network
Scan an IP or CIDR range for open ports and live hosts.
overview
netscan sweeps an IP or CIDR range and reports every host:port that answers a connection probe. Give it a single address like 198.51.100.30 or a block like 198.51.100.0/24, choose the ports and protocol, and it dials each port in turn and logs the ones that are alive and reachable. You get a fast inventory of what is live on a subnet without pulling in a heavier scanner.
The controls stay small on purpose. A ports value takes a range or a comma list (80-443 or 22,80,443), --proto selects tcp or udp and can be set more than once, and --timeout bounds how long each port dial waits so slow links do not stall the sweep. Turn on --debug to watch every probe as it is attempted, not only the ports that respond.
As a Trickest Network node it takes the IP or CIDR input and writes a file and a folder of results, so you can feed the live host:port pairs straight into httpx or a service scanner for classification and testing.
source github.com/jessfraz/netscan
use cases
Point netscan at a CIDR block to list which addresses are in use and which ports answer, building a quick map of an internal range before deeper work.
Pass --ports a range or comma-separated list so the sweep targets the services you care about instead of the default 80,443,8001,9001 web ports.
Set --proto to match the services in scope, and set it more than once to check both, switching to udp when DNS, SNMP, or similar services need testing.
Hand the discovered host:port pairs to httpx or a service scanner so classification only touches ports netscan already confirmed alive and reachable.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| ip-address | STRING | · | CIDR such as 192.168.0.1/24 or a single IP such as 192.168.104.30, given as the final positional argument. |
| ports | STRING | --ports | Ports to scan as a range or list (e.g. 80-443, 80,443,8080, or 1-20,22,80-443). Default 80,443,8001,9001. |
| protocol | STRING | --proto | Protocol to probe with, settable more than once. Default tcp. |
| timeout | STRING | --timeout | Timeout for the dial of each port (e.g. 1s, 500ms). Default 1s. |
| debug | BOOLEAN | --debug | Enable debug logging so every probe is shown, not only the ports that respond. Default false. |
Showing key inputs. netscan exposes 5 inputs in total.
example
# sweep a /24 for SSH and web ports over TCPnetscan --ports 22,80,443,8080 --proto tcp --timeout 2s 198.51.100.0/24time="2026-07-14T10:22:01Z" level=info msg="Scanning on 198.51.100.0/24 using protocols (tcp) over ports 22,80,443,8080"time="2026-07-14T10:22:03Z" level=info msg="tcp://198.51.100.10:22 is alive and reachable"time="2026-07-14T10:22:03Z" level=info msg="tcp://198.51.100.10:80 is alive and reachable"time="2026-07-14T10:22:04Z" level=info msg="tcp://198.51.100.23:443 is alive and reachable"time="2026-07-14T10:22:05Z" level=info msg="tcp://198.51.100.51:80 is alive and reachable"time="2026-07-14T10:22:05Z" level=info msg="tcp://198.51.100.51:8080 is alive and reachable"time="2026-07-14T10:22:07Z" level=info msg="tcp://198.51.100.104:443 is alive and reachable"guidance
Use netscan for a quick sweep of an IP or CIDR to find live hosts and open ports. It is a simple range scanner, so reach for it on internal subnets or small scopes, then pass the results to a prober or service scanner for deeper classification.
Faster Go port scanner with rate control, CDN handling, and JSON output. Prefer it for large or pipeline-heavy scans.
Internet-scale SYN scanner. netscan is simpler and better suited to a single subnet sweep.
Fast scanner that pipes ports into nmap. netscan trades that depth for a smaller, self-contained tool.
faq
related
Quickly map an organization's network ranges using ASN information.
Maximize your resolver count by combining the target's DNS servers with public resolvers.
Expand CIDR ranges into a list of IP addresses easily.
Expand CIDR ranges into a list of IP addresses easily, from a file.
Maintain a list of IPv4 DNS servers verified against baseline servers for accurate responses.
Patched dnsvalidator that keeps only IPv4 resolvers verified against baseline servers.
A CIDR range feeds netscan, which finds live hosts and open ports and hands them to httpx for probing before the results land as a queryable output.
Facts on this page come from the live Trickest tool library.