Request a Demo Contact Us

Angry IP Scanner

Angry IP scanner is a freely available IP address and port scanner known for its ease of use, simplicity, and speed. Angry IP scanners can scan IP addresses in any range and their ports. It was designed to be cross-platform and very lightweight. Angry IP scanners can be freely copied and used anywhere – you can download Angry IP scanner here. The complete source code is available. 

Operating Angry IP is simple but comprehensive. Angry IP scanner pings each IP address to check the status and then optionally resolves its hostname, determines the MAC address, scans ports, and more. Furthermore, the amount of gathered data about each host can be extended with additional functionality through plugins.

Angry IP scanner has additional features to include NetBIOS information (computer name, workgroup name, and Windows user currently logged in), specified IP address ranges, web server detection, customizable openers, and more.

Angry IP scanning saves results in many file formats, including CSV, TXT, XML, or IP-Port list files. Through the extended functionality of available plugins, Angry IP Scanner can gather a wide variety of information about scanned IP addresses. Basic Java coding skills are required to write plugins and extend the functionality of Angry IP Scanner.

Because performance is essential for any scanner, the Angry IP scanner utilizes a multithreaded approach, creating a separate scanning thread for each scanned IP address. 

While theoretically, threat actors can use the Angry IP Scanner, it was created for legitimate and responsible use only. It has not been written, nor is it intended for, illegal hacking of any kind.

Scanning History

Computer network scanning is an essential requirement for network administrators. Threat actors will often use computer network scanning for illegitimate purposes. Network administrators need to scan their networks to:

  • Check the status of computers and various network devices;
  • Find spare or open addresses in statically-addressed networks;
  • Monitor the usage of server-type or P2P applications;
  • Make an inventory of available hardware and software; and,
  • Check for recently discovered holes to patch them.

Angry IP Scanner is open-source and developed through the collaboration of many people. The review by many developers, users, and hackers helps make these open-source tools safe. 

Network Scanning Technology

IP is the abbreviation for Internet Protocol. TCP/IP is the most widely spread network protocol and the protocol most networks use. An IP address is the identifier for a specific network interface in the network. 

Computer networks can all use different physical (and data link) methods for communication, with PPP over dial-up, IEEE 802.3 (Ethernet), and 802.11 (Wi-Fi) being the most widely used.

The OSI model defines seven layers of networking protocols. Layers 3 and 4 are the most interesting to scanners and exist in any (IP-based) network regardless of the physical medium and other higher-level services. Other layers of the OSI model, such as the 1st and the 2nd layers, are also helpful for scans. This scanning is done to bypass higher-level filtering. Network scanners must reach Higher-level protocols to detect the actual running services that use scanned network and transport endpoints (addresses and ports).

Network Scanning Functionality

There are generally two types of network scanners: port scanners and IP scanners. Port scanners scan TCP ports in a host by methodically and sequentially probing each one to determine status. IP scanners scan many hosts and then collect further information about those that appear available.

The user generally provides a list of the targeted IP addresses to the Angry IP scanner to sequentially probe all of them and then collect information about each address and overall statistics. Collected information may include, but not be limited to:

  • Host status which could be alive, responding, or down;
  • Measurement of the average roundtrip time;
  • TTL (time to live) field value from the IP packet header to determine the number of routers the packet has traversed;
  • DNS lookup to determine host and domain name;
  • Determine the detailed identification and revision of specific software services running on the host; and,
  • Open TCP and UDP port numbers.

The list of addresses for scanning is generally provided as a range or as a network. Angry IP Scanner has several different modules for generating IP addresses called feeders some of which can be added via plugins.

Feeders. Users can select a feeder prior to scanning. Built-in Angry IP scanner feeders include:

  • IP Range – iterates IP addresses beginning and ending with the two provided addresses;
  • Random – generates the requested number of random IP addresses according to the provided bit mask;
  • IP List File – extracts IP addresses from any text file provided by the user; and,
  • Advanced – provides the ability to specify more complex rules for generation in textual form.

Fetchers. User selects several fetchers prior to scanning. Fetchers generally define the type and amount of information collected about each scanned IP address. Fetchers within Angry IP scanner include:

  • IP address;
  • Ping;
  • TTL;
  • MAC address;
  • Ports;
  • Filtered ports; and,
  • Version detection.

Pingers are used internally by Ping and TTL fetchers. The following internal pingers are implemented within Angry IP scanner:

  • ICMP echo – the standard pinging method used by the ping program;
  • Windows ICMP.DLL – a Windows-specific implementation for ICMP echo pinging;
  • UDP – sends UDP packets to a port that is likely to be closed;
  • TCP – makes a connection attempt to port 80 on the host; and,
  • ARP – pending implementation in Angry IP scanner – refer to their website to see what is available..

Exporters are used after to export the results of a scan outside of Angry IP Scanner into a standard format:

  • TXT;
  • CSV;
  • XML; and,
  • IP:Port list which provides outputs IP:port line for each open port of each alive host. 

Openers generally execute external programs in order to connect or send something to particular hosts. This might include opening a Web browser or sending a shutdown message.


Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.

Get started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.