Bash Port Scanner

Tiny TCP port scanner written in pure Bash — no nmap, no netcat, just /dev/tcp.

It walks every port from 1 to 65535 on a target host, attempts a TCP connection, and appends each open port to results.txt.

Usage

chmod +x bash.sh
./bash.sh

Edit the variables at the top of bash.sh to change the target:

target_ip="127.0.0.1"
start_port=1
end_port=65535

Open ports are written one per line to results.txt in the current directory.

How it works

(echo >/dev/tcp/$target_ip/$port) >/dev/null 2>&1 && echo "Port $port açık" >> results.txt

Bash's /dev/tcp/HOST/PORT virtual path opens a TCP socket. If the connection succeeds (exit 0), the port is open; if it fails, the redirect closes silently.

Notes & limitations

• Slow. This is a sequential scan over 65,535 ports — expect minutes, not seconds. For real scanning use nmap.
• Bash-only. /dev/tcp is a Bash builtin, not POSIX. It will not work in dash, ash, or sh on Alpine/Debian's default /bin/sh.
• Disabled in some builds. Bash compiled with --disable-net-redirections (some hardened distros) won't have /dev/tcp.
• TCP only. No UDP, no service detection, no banner grabbing.

Why this exists

Learning project — exploring what Bash can do without external tools. Useful as a one-liner-ish fallback when you've SSH'd into a stripped-down box that only has Bash.

⚠️ Only scan hosts you own or have explicit permission to test.