Cybersecurity is not only about advanced hacking tools or complex malware analysis. Many basic security tasks can be learned by building small tools from scratch. One of the best beginner projects is a port scanner.
A port scanner helps identify which network ports are open on a target machine. Open ports can indicate running services such as SSH, HTTP, HTTPS, FTP, or databases. By extending the scanner slightly, we can also create a simple vulnerability checker that gives basic security warnings.
This tutorial is for learning purposes only. Run the code only on systems you own or have permission to test.
What Is a Port?
A port is a communication endpoint used by network services. For example:
Port Service
---- -------
22 SSH
80 HTTP
443 HTTPS
3306 MySQL
5432 PostgreSQLWhen a port is open, it usually means a service is listening for connections.
For example, if port 22 is open, the server may allow SSH login. If port 80 is open, the server may be running a web server.
Project Goal
In this beginner project, we will build a Python tool that can:
- Scan a range of ports.
- Detect open ports.
- Identify common services.
- Display simple security warnings.
- Generate beginner-friendly vulnerability notes.
Basic Port Scanner in Python
Python provides the socket module, which allows us to create network connections.
Here is a simple port scanner:
import socket
target = "127.0.0.1"
for port in range(1, 1025):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(0.5)
result = sock.connect_ex((target, port))
if result == 0:
print(f"[OPEN] Port {port}")
sock.close()The function connect_ex() tries to connect to a port. If the result is 0, the connection is successful, meaning the port is open.
You can test this on your own computer using:
python scanner.pyImproving the Scanner
The first version works, but it is very basic. Let us improve it by adding:
- User input
- Common service detection
- Security warning messages
import socket
COMMON_SERVICES = {
21: "FTP",
22: "SSH",
23: "Telnet",
25: "SMTP",
53: "DNS",
80: "HTTP",
110: "POP3",
139: "NetBIOS",
143: "IMAP",
443: "HTTPS",
445: "SMB",
3306: "MySQL",
3389: "Remote Desktop",
5432: "PostgreSQL"
}
RISKY_PORTS = {
21: "FTP sends data in plain text. Consider using SFTP instead.",
23: "Telnet is insecure because it sends credentials in plain text.",
445: "SMB should not be exposed to the public internet.",
3306: "MySQL should usually be restricted to trusted hosts only.",
3389: "Remote Desktop should be protected with VPN or strong access control."
}
def scan_port(target, port):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(0.5)
result = sock.connect_ex((target, port))
sock.close()
return result == 0
def check_vulnerability(port):
if port in RISKY_PORTS:
return RISKY_PORTS[port]
return "No basic warning available."
def main():
target = input("Enter target IP address: ")
start_port = int(input("Enter start port: "))
end_port = int(input("Enter end port: "))
print(f"\nScanning {target} from port {start_port} to {end_port}...\n")
for port in range(start_port, end_port + 1):
if scan_port(target, port):
service = COMMON_SERVICES.get(port, "Unknown Service")
warning = check_vulnerability(port)
print(f"[OPEN] Port {port} ({service})")
print(f" Security note: {warning}")
if __name__ == "__main__":
main()Example Output
If several ports are open, the output may look like this:
Scanning 127.0.0.1 from port 1 to 1000...
[OPEN] Port 22 (SSH)
Security note: No basic warning available.
[OPEN] Port 80 (HTTP)
Security note: No basic warning available.
[OPEN] Port 3306 (MySQL)
Security note: MySQL should usually be restricted to trusted hosts only.This output helps beginners understand which services are exposed and which ones may require security review.
Adding Banner Grabbing
Some services send a text response when a connection is made. This is called a banner. A banner may reveal the software name or version.
For example, an FTP server may show something like:
220 FTP Server ReadyHere is a simple banner grabbing function:
def grab_banner(target, port):
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(1)
sock.connect((target, port))
banner = sock.recv(1024).decode(errors="ignore").strip()
sock.close()
return banner
except:
return NoneThen we can modify the open port section:
banner = grab_banner(target, port)
if banner:
print(f" Banner: {banner}")
else:
print(" Banner: Not available")Banner grabbing is useful because exposed software version information can help administrators identify outdated services. However, this beginner tool does not exploit anything. It only reports what is visible.
Complete Version
import socket
COMMON_SERVICES = {
21: "FTP",
22: "SSH",
23: "Telnet",
25: "SMTP",
53: "DNS",
80: "HTTP",
110: "POP3",
139: "NetBIOS",
143: "IMAP",
443: "HTTPS",
445: "SMB",
3306: "MySQL",
3389: "Remote Desktop",
5432: "PostgreSQL"
}
RISKY_PORTS = {
21: "FTP sends data in plain text. Consider using SFTP instead.",
23: "Telnet is insecure because it sends credentials in plain text.",
445: "SMB should not be exposed to the public internet.",
3306: "MySQL should usually be restricted to trusted hosts only.",
3389: "Remote Desktop should be protected with VPN or strong access control."
}
def scan_port(target, port):
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(0.5)
result = sock.connect_ex((target, port))
sock.close()
return result == 0
except socket.error:
return False
def grab_banner(target, port):
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(1)
sock.connect((target, port))
banner = sock.recv(1024).decode(errors="ignore").strip()
sock.close()
return banner
except:
return None
def check_vulnerability(port):
if port in RISKY_PORTS:
return RISKY_PORTS[port]
return "No basic warning available."
def main():
target = input("Enter target IP address: ")
start_port = int(input("Enter start port: "))
end_port = int(input("Enter end port: "))
print(f"\nScanning {target} from port {start_port} to {end_port}...\n")
open_ports = []
for port in range(start_port, end_port + 1):
if scan_port(target, port):
open_ports.append(port)
service = COMMON_SERVICES.get(port, "Unknown Service")
warning = check_vulnerability(port)
banner = grab_banner(target, port)
print(f"[OPEN] Port {port} ({service})")
print(f" Security note: {warning}")
if banner:
print(f" Banner: {banner}")
else:
print(" Banner: Not available")
print()
print("Scan completed.")
print(f"Total open ports found: {len(open_ports)}")
if __name__ == "__main__":
main()How This Tool Can Be Improved
This beginner project can be expanded in several ways:
- Add multithreading This will make scanning faster.
- Save results to a file The scanner can export results to TXT, CSV, or JSON.
- Add HTTP checking The tool can inspect HTTP response headers.
- Add CVE lookup Service versions can be compared with known vulnerability databases.
- Create a simple dashboard Results can be displayed using Flask or Streamlit.
Security Reminder
Port scanning is a normal activity in cybersecurity learning, but it must be done responsibly. Only scan:
- Your own computer
- Your own virtual machines
- Your own lab network
- Systems where you have written permission
- Never scan public systems without authorization.
Conclusion
In this tutorial, we created a simple cybersecurity tool using Python. The tool can scan ports, identify common services, grab banners, and display basic security warnings.
This project is a good starting point for beginners because it introduces several important cybersecurity concepts:
- Network ports
- Open services
- Service exposure
- Basic vulnerability checking
- Defensive security awareness
By building tools like this from scratch, beginners can better understand how cybersecurity tools work behind the scenes.