PortaGo v2 — Professional Network Port Scanner

Created by: Amin Damon

PortaGo is a high-performance, concurrent TCP/UDP port scanner written in Go. It features a beautiful interactive CLI, intelligent banner grabbing, OS fingerprinting, risk classification, and multi-format export — all designed for professional security auditing and network analysis.

---

Features

Core Scanning

• 🚀 Concurrency: High-performance worker pool — scan 65 535 ports in seconds.
• 🔀 TCP + UDP: Choose TCP-only, UDP-only, or simultaneous dual-protocol scanning.
• 🔁 Retry logic: Configurable per-port retry to reduce false negatives on flaky networks.
• ⚡ Context-aware: Ctrl+C gracefully stops the scan and outputs partial results.

Intelligence

• 🔍 Banner Grabbing: Reads raw service banners plus HTTP HEAD fallback for web servers.
• 🏷️ Service Detection: Identifies 30+ well-known services from port number and banner content.
• 🖥️ OS Fingerprinting: Heuristic OS guessing based on the combination of open ports (Windows, Linux, macOS, Network gear, Printers).
• ⚠️ Risk Classification: Every open port is automatically rated HIGH, MEDIUM, or LOW risk with a color-coded summary table.
• 🌐 DNS Resolution: Automatically resolves hostnames to IP addresses before scanning.

Output & Reporting

• 📊 Rich Terminal Table: Color-coded results with service name, latency, risk badge, and truncated banner.
• 📄 JSON Export: Structured, pretty-printed JSON report including metadata, OS guess, and risk summary.
• 📋 CSV Export: Flat CSV for direct import into Excel, Splunk, or other tools.
• 💾 Full Scan Report: Optionally save a complete JSON report alongside any primary output format.

UX

• 🖥️ Interactive CLI: Guided menus powered by survey — zero flags required.
• 📈 Live Progress Bar: Real-time progress with ETA and elapsed time.
• 🔇 Verbose Mode: Toggle display of closed ports for full-visibility auditing.
• 🎨 ANSI Colors: Risk badges, banners, and summaries beautifully colorized in terminal.

---

Installation

Prerequisites

• Go 1.21 or higher

Build from Source

git clone https://github.com/aminDamon/PortaGo.git
cd PortaGo
go build -o portago .

Dependencies

go get github.com/AlecAivazis/survey/v2
go get github.com/schollz/progressbar/v3

---

Usage

Run the binary to launch the fully interactive configuration wizard:

./portago

Step-by-Step Workflow

1. Target — Enter an IP address or hostname (e.g. 192.168.1.1 or example.com).
2. Scan Profile — Choose from:
   • Fast (1-1024) — Common ports, done in seconds.
   • Full (1-65535) — Complete port sweep.
   • Top 100 — Same as Fast; focuses the common range.
   • Custom Range — Enter any start/end port.
3. Protocol — TCP only, UDP only, or TCP + UDP.
4. Concurrency — Default 200. Increase for speed, decrease for stealth.
5. Banner/Service Probing — Grab service banners for richer detection.
6. OS Fingerprinting — Heuristic OS detection from port combination.
7. Verbose Mode — Show closed ports alongside open ones.
8. Output Format — Terminal table, JSON file, or CSV file.
9. Save Full Report — Optionally dump a complete JSON audit report.

---

Output Formats

Terminal Table (default)

──────────────────────────────────────────────────────────────────────────────────────────
  SCAN REPORT — Target: 192.168.1.1  (192.168.1.1)
──────────────────────────────────────────────────────────────────────────────────────────
  PORT     PROTO     SERVICE           RISK    LATENCY  BANNER
──────────────────────────────────────────────────────────────────────────────────────────
[!!!] 22      TCP       SSH               HIGH    3ms     SSH-2.0-OpenSSH_8.9
[!]   80      TCP       HTTP              MEDIUM  2ms     HTTP/1.1 200 OK Server: nginx
[i]   443     TCP       HTTPS             LOW     4ms
──────────────────────────────────────────────────────────────────────────────────────────
  Open ports: 3   |   Total scanned: 1024   |   Duration: 4.231s

  RISK SUMMARY
  HIGH   Ports: 22
  MEDIUM Ports: 80
  LOW    Ports: 443

JSON Report (portago_result.json)

{
  "target": "192.168.1.1",
  "resolved_ip": "192.168.1.1",
  "started_at": "2025-06-01T14:00:00Z",
  "completed_at": "2025-06-01T14:00:04Z",
  "duration": "4.231s",
  "port_range": "1-1024",
  "total_ports": 1024,
  "open_count": 3,
  "os_guess": "Linux/Unix (likely web server)",
  "risk_summary": {
    "high_risk_ports": [22],
    "medium_risk_ports": [80],
    "low_risk_ports": [443]
  },
  "results": [
    {
      "port": 22,
      "protocol": "tcp",
      "state": "Open",
      "service": "SSH",
      "banner": "SSH-2.0-OpenSSH_8.9",
      "risk": "HIGH",
      "latency": "3ms"
    }
  ]
}

CSV (portago_result.csv)

Port,Protocol,State,Service,Risk,Latency,Banner
22,tcp,Open,SSH,HIGH,3ms,SSH-2.0-OpenSSH_8.9
80,tcp,Open,HTTP,MEDIUM,2ms,HTTP/1.1 200 OK

---

Risk Classification

PortaGo automatically classifies every open port into one of three risk tiers:

Risk	Ports	Indicator
HIGH	21, 23, 135, 139, 445, 1433, 1521, 3389, 5900, 27017	[!!!]
MEDIUM	22, 25, 53, 110, 143, 3306, 5432, 6379, 9200	[!]
LOW	All other open ports	[i]

---

OS Fingerprinting

PortaGo uses a heuristic engine to guess the target OS from the combination of detected open ports:

Detected Ports	OS Guess
3389 + 445 + 135	Windows (Server / Desktop)
22 + 80 (no 445)	Linux/Unix (web server)
548 or 5000	macOS / Apple device
23	Network device / Embedded Linux
9100	Printer / Network peripheral

---

Supported Services

PortaGo recognizes 35+ well-known services out of the box:

FTP, SSH, Telnet, SMTP, DNS, HTTP, POP3, IMAP, HTTPS, SMB, RDP, MySQL, PostgreSQL, MSSQL, Oracle, MongoDB, Redis, Elasticsearch, VNC, NFS, RPC, IRC, K8s-API, Jupyter, HTTP-Alt, HTTPS-Alt, SOCKS, and more.

---

Graceful Interruption

Press Ctrl+C at any time during a scan. PortaGo will:

1. Stop feeding new ports to workers.
2. Allow in-flight scans to complete.
3. Output all results collected so far.

---

Architecture

main()
  └─ interactivePrompt()          # Guided CLI wizard
  └─ resolveTarget()              # DNS resolution
  └─ runScan()                    # Orchestrator
        ├─ tcpWorker() × N        # TCP worker pool
        ├─ udpWorker() × N        # UDP worker pool (when enabled)
        ├─ scanTCP()              # Dial + banner grab
        ├─ scanUDP()              # UDP probe
        └─ results channel        # Collects ScanResult structs
  └─ renderSummaryTable()         # Terminal output
  └─ writeJSONOutput()            # JSON export
  └─ writeCSVOutput()             # CSV export
  └─ buildReport()                # Full audit report

---

Disclaimer

⚠️ LEGAL DISCLAIMER: FOR AUTHORIZED USE ONLY

This tool is intended solely for authorized security auditing, penetration testing, and educational purposes. You must have explicit written permission from the system owner before scanning any network or device you do not own.

The author (Amin Damon) and contributors are not responsible for any misuse, damage, or illegal activities performed with this tool. Scanning targets without authorization violates computer fraud laws in most jurisdictions. Use responsibly and ethically.