Skip to main content

Overview

scan4all provides flexible port selection options, from scanning specific ports to using predefined port lists.

Default Behavior

Without any port specification, scan4all scans common HTTP ports: 
scan4all -host 192.168.1.1
Default ports include:
  • 80-99, 443, 888, 1025-1030, 2000, 2001, 2375, 2379
  • 4433, 5000, 5001, 5432, 6379, 6443, 7000-7010
  • 8000-8010, 8080-8100, 8443, 8888, 9000-9010, 9443
  • And many more common web service ports

Specific Ports

Single Port

Scan a single port: 
scan4all -host 192.168.1.1 -p 80

Multiple Ports

Scan specific ports separated by commas: 
scan4all -host 192.168.1.1 -p 80,443,8080

Port Ranges

Scan a range of ports: 
scan4all -host 192.168.1.1 -p 1-1000

Combined Syntax

Mix individual ports and ranges: 
scan4all -host 192.168.1.1 -p 21,22,80,443,3000-4000,8080-8090

Top Ports

scan4all includes several predefined port lists based on Nmap’s research:
Common HTTP and web service ports:
scan4all -host 192.168.1.1 -tp http
Includes approximately 100 common web service ports.

Port Files

Specify ports from a file for complex or reusable configurations: 
scan4all -host 192.168.1.1 -pf ports.txt

Port File Format

Create a file with one port or port range per line:
ports.txt
80
443
8000-8100
3000
3306
5432
You can also use comma-separated values:
ports.txt
21,22,23,25
80,443,8080,8443
3000-4000

Excluding Ports

Exclude Specific Ports

Scan a range but exclude specific ports: 
scan4all -host 192.168.1.1 -p 1-1000 -ep 22,23,80
This scans ports 1-1000 except ports 22, 23, and 80.

Exclude from File

Exclude ports listed in a file: 
scan4all -host 192.168.1.1 -tp 1000 -pf exclude.txt
Port exclusion is useful for:
  • Avoiding honeypots or monitored services
  • Skipping ports you’ve already tested
  • Complying with security policies

All Ports Shorthand

Scan all 65,535 ports using the shorthand - syntax: 
scan4all -host 192.168.1.1 -p -
This is equivalent to: 
scan4all -host 192.168.1.1 -p 1-65535

CDN Port Optimization

When scanning domains that use CDNs, limit port scans to common HTTP ports: 
scan4all -host example.com -ec
With -ec enabled:
  • CDN IPs are detected automatically
  • Only ports 80 and 443 are scanned on CDN hosts
  • Reduces noise and improves scan efficiency

Practical Examples

1

Web Application Assessment

Scan common web ports:
scan4all -host example.com -p 80,443,8080,8443,3000,4000,5000
2

Database Service Discovery

Scan common database ports:
scan4all -host 192.168.1.1 -p 1433,3306,5432,5984,6379,27017
3

Quick Network Survey

Use top 100 ports for fast reconnaissance:
scan4all -host 192.168.1.0/24 -tp 100
4

Comprehensive Port Scan

Full port scan with exclusions:
scan4all -host 192.168.1.1 -tp full -ep 1-1023
This scans all ports except well-known ports (1-1023).

Performance Considerations

Start Narrow

Begin with top 100 or specific ports, then expand if needed

Balance Speed vs Coverage

More ports = longer scan time. Choose based on your objectives

Use Rate Limiting

Adjust -rate for large port ranges to avoid network issues

Consider CDN Detection

Use -ec to optimize scans for CDN-protected targets

Port Selection Cheat Sheet

GoalCommand
Default HTTP portsscan4all -host target
Specific portsscan4all -host target -p 80,443
Port rangescan4all -host target -p 1-1000
Top 100 portsscan4all -host target -tp 100
Top 1000 portsscan4all -host target -tp 1000
All portsscan4all -host target -p -
HTTP ports onlyscan4all -host target -tp http
Exclude portsscan4all -host target -p 1-100 -ep 22,23

Next Steps

Output Formats

Learn how to save scan results

Advanced Options

Explore advanced scanning features

Build docs developers (and LLMs) love

Get started for freeTalk to us