Port Scanning for Bug Bounties

1. Introduction

Port scanning is one of the most fundamental techniques used in bug bounty hunting and penetration testing. It involves probing a target system to identify open ports, which can then be analyzed for vulnerabilities. Understanding how to perform effective port scans is crucial for any aspiring bug bounty hunter.

In this guide, we’ll delve into the various methods of port scanning, the tools you can use, and how to interpret the results to find potential security weaknesses.

2. Understanding Port Scanning

Port scanning is the process of sending packets to specific ports on a networked device to determine which ports are open, closed, or filtered. Each port on a system corresponds to a particular service, and identifying which ports are open can reveal valuable information about the target’s attack surface.

Ports are categorized as:

• Well-Known Ports (0–1023): Common services like HTTP (80), HTTPS (443), FTP (21), etc.
• Registered Ports (1024–49151): Services registered with IANA, like MySQL (3306), etc.
• Dynamic or Private Ports (49152–65535): Typically used for client-side communication.