Port Scan API

What It Does

You give it a host and a port. It tries to connect. It tells you if the port is open or not. That’s it. No fancy NMAP wizardry, no stealth scanning, no packet crafting. Just a simple TCP connection attempt with a yes or no answer.

Think of it as knocking on a door and seeing if anyone answers. Except the door is a port, and “anyone” is whatever service is listening there.

Parameters

Response Fields

Example Request

curl

curl "https://whatismyip.technology/api/port-scan?host=example.com&port=443"

Python

import requests

response = requests.get("https://whatismyip.technology/api/port-scan", params={
    "host": "example.com",
    "port": 443
})

data = response.json()
print(f"Port 443 is {'open' if data['open'] else 'closed'}")

JavaScript

const response = await fetch(
  "https://whatismyip.technology/api/port-scan?host=example.com&port=443"
);
const data = await response.json();

console.log(`Port 443 is ${data.open ? "open" : "closed"}`);

Example Responses

Port is open:

{
  "open": true
}

Port is closed or filtered:

{
  "open": false
}

Host is in a private range (nice try):

{
  "open": false,
  "blocked": true
}

Security: Blocked Ranges

The API will not let you scan internal or private networks. If you try to scan any of these, you’ll get { "open": false, "blocked": true } and a quiet shake of the head:

• 127.0.0.1 and all of 127.* (localhost)
• 10.* (private class A)
• 192.168.* (your home network, probably)
• 172.16.0.0 through 172.31.255.255 (private class B)
• 0.0.0.0 (the “nowhere” address)
• ::1 (IPv6 localhost)

This isn’t optional. You can’t bypass it with clever DNS tricks either. If the resolved IP falls in a private range, it gets blocked.

Error Handling

The API returns 400 Bad Request when things go wrong on your end:

• Missing host parameter: You forgot to tell us what to scan. Bold move.
• Missing port parameter: A port scan without a port. Very zen.
• Invalid port number: Ports are 1 through 65535. Zero is not a port. 70000 is not a port. “banana” is definitely not a port.

Caching

There is none. Every request performs a fresh TCP connection attempt. The response header is Cache-Control: no-store. Port states can change any second, so caching would just lie to you.

Connection Timeout

The API waits 2.5 seconds for a connection. If the port doesn’t respond in that time, it’s reported as closed. This means truly firewalled ports (where packets just vanish into the void) take the full 2.5 seconds to return. Open and actively refused ports come back much faster.

Runtime

This endpoint runs on Node.js. It makes a raw TCP socket connection to the target host and port, waits for the result, and reports back.

Good Things to Know

Port is closed vs. filtered: This API can’t tell the difference. A port that actively refuses connections and a port that silently drops packets both come back as open: false. The only difference is speed. Refused ports respond instantly. Filtered ones take the full timeout.

Rate limiting: Be reasonable. Don’t try to scan all 65535 ports on someone else’s server in a loop. That’s not what this is for. Check a few specific ports you care about.

What this is good for: Checking if your web server is reachable on port 80/443, verifying that SSH is open on port 22, making sure your database port isn’t accidentally exposed to the internet. The practical stuff.

What this is not: A replacement for nmap. If you need service detection, OS fingerprinting, or stealth scanning, use proper tools. This is a quick “is this port open?” check and nothing more.