Go Pentester - TCP Scanner

Simple Port Scanner with Golang

Use Go‘s net package: net.Dial(network, address string)

package main

import (

func main() {
	_, err := net.Dial("tcp", "scanme.nmap.org:80")
	if err == nil {
		fmt.Println("Connection successful")



Nonconcurrent Scanning

Scan TCP ports range from 1 to  2014 slowly.

package main

import (

func main() {

	for i := 1; i <=1024; i ++ {
		address := fmt.Sprintf("scame.nmap.org:%d", i)
		conn, err := net.Dial("tcp", address)
		if err != nil {
			// port is closed or filtered.

		fmt.Printf("%d open\n", i)



 Concurrent scanning

Harness the power of goroutines to scan multiple ports concurrently.

package main

import (

func main() {
	for i := 1; i <= 1024; i++ {
		go func(j int) {
			address := fmt.Sprintf("scanme.nmap.org:%d", j)
			conn, err := net.Dial("tcp", address)
			if err != nil {
			fmt.Printf("%d open\n", j)

But it is too fast to wait for the connection to take place, so you may not get accurate results for ports whose packets were still in-flight.

Method 1:

Synchronized Scanning Using WaitGroup

Use WaitGroup from the sync package to control concurrency in a thread-safe way.

package main

import (

func main() {
	var wg sync.WaitGroup
	for i := 1; i <= 1024; i++ {
		go func(j int) {
			defer wg.Done()
			address := fmt.Sprintf("", j)
			conn, err := net.Dial("tcp", address)
			if err != nil {
			fmt.Printf("%d open\n", j)

This program is better, but still incorrect.



 Port Scanning Using a Worker Pool

To avoid inconsistencies, use a pool of goroutines to manage the concurrent work being performed.

package main

import (

func worker(ports chan int, wg *sync.WaitGroup) {
	for p := range ports {

func main() {
	ports := make(chan int, 100)
	var wg sync.WaitGroup
	for i := 0; i < cap(ports); i++ {
		go worker(ports, &wg)
	for i := 1; i <= 1024; i++ {
		ports <- i

The numbers printed to the screen in no particular order.



Method 2: 

Multichannel Communication

Remove the dependency of a WaitGroup

package main

import (

func worker(ports, results chan int) {
	for p:= range ports {
		address := fmt.Sprintf("", p)
		conn, err := net.Dial("tcp", address)
		if err != nil {
			results <-0
		results <- p

func main() {
	ports := make(chan int, 100)
	results := make(chan int)
	var openports []int

	for i := 0; i < cap(ports); i++ {
		go worker(ports, results)

	go func() {
		for i := 1; i <= 1024; i++ {
			ports <- i

	for i := 0; i < 1024; i++ {
		port := <-results
		if port != 0 {
			openports = append(openports, port)

	for _, port := range openports {
		fmt.Printf("%d open\n", port)

A highly efficient port scanner. 


 You can modify the program to allow users to provide the number of workers as an option.

posted @ 2020-02-22 16:32  晨风_Eric  阅读(284)  评论(0编辑  收藏  举报