AcuityScan

Port Scanner

Check which ports are open on a server. Scans 40 common ports including HTTP, HTTPS, SSH, SMTP, FTP, databases (MySQL, Postgres, MongoDB, Redis, Elasticsearch), RDP, Docker API, and more. Flags risky open ports that shouldn't be publicly accessible. Add up to 10 custom ports to extend the scan.

40 common ports+ custom portsSecurity warningsReal TCP probeService identification

Ports we scan

We check the 20 most common ports that reveal how a server is configured and whether risky services are exposed.

21FTP

File transfer — should not be public

22SSH

Secure shell access

25SMTP

Email sending

53DNS

Domain name resolution

80HTTP

Web traffic (unencrypted)

443HTTPS

Web traffic (encrypted)

587SMTP Submit

Email submission

3306MySQL

Database — never expose publicly

5432PostgreSQL

Database — never expose publicly

3389RDP

Remote desktop — major attack target

6379Redis

Cache — often misconfigured open

27017MongoDB

Database — frequent breach source

What open ports mean for security

Expected open: 80, 443

Web servers should have HTTP (80) and HTTPS (443) open. This is normal. If only 80 is open without 443, there's no HTTPS — that's a problem.

Expected open: 25, 587

If the server handles email, SMTP ports should be open. If they're not a mail server and these are open, it might be an open relay.

Risky open: 3306, 5432, 27017, 6379

Database and cache ports should NEVER be publicly accessible. If these are open, anyone on the internet can attempt to connect to your database.

Risky open: 3389 (RDP)

Remote Desktop Protocol is the #1 target for ransomware attacks. If this is open, you're exposed to brute-force attacks. Use a VPN instead.

Common questions

What does 'filtered' mean?
Filtered means a firewall is blocking the port — our probe didn't get a response (timeout) or was actively rejected. This is usually good — it means the port is protected even if a service is running behind it.
Is port scanning legal?
Scanning your own servers is always legal. Scanning other people's servers without permission exists in a legal gray area in many jurisdictions. We recommend only scanning domains you own or have authorization to test.
Why are my database ports open?
This is a critical security issue. Your database should only accept connections from your application server, not from the public internet. Configure your firewall to restrict these ports to specific IPs or use a VPN.
How does this compare to Nmap?
Nmap is far more powerful — it does OS detection, version scanning, and scripting. Our tool is a quick web-based check of the 20 most common ports. For a thorough security audit, use Nmap directly.

Related tools

Threat Check Ping Is My Site Down? DNS Lookup

Want the full picture?

The checks 350+ things across email, DNS, SSL, performance, SEO, accessibility, privacy, and mobile.

Run