Free Download

Sherlock Forensics Port Scanner Network Security Assessment Tool

Free TCP port scanner with service detection and attack surface mapping. Built by CISSP, ISSAP and ISSMP certified security professionals. SHA256 verified.

Sherlock Forensics Port Scanner is a free Windows desktop application for TCP port scanning and service detection. It identifies open ports, grabs service banners and maps the attack surface of target hosts. Designed for penetration testers, compliance auditors and system administrators who need a lightweight GUI scanner without command-line complexity.

Overview

What Sherlock Forensics Port Scanner Does

Sherlock Forensics Port Scanner performs TCP connect scans against target hosts to identify open ports and running services. It operates without WinPcap or Npcap dependencies and requires no elevated privileges. The tool scans individual hosts or CIDR ranges and exports results to CSV for integration with vulnerability management workflows.

Every scan produces a timestamped record of open ports with service identification derived from banner grabbing. This data feeds directly into penetration test documentation, compliance audit reports and network inventory assessments.

Core Features

TCP Connect Scanning: Full TCP handshake scanning on any port range from 1 to 65535. No raw socket requirements. Works without admin privileges on standard Windows installations.
Service Banner Grabbing: Identifies software and version strings on open ports. Detects web servers, SSH daemons, FTP services, database listeners and other common network services.
Custom Port Ranges: Scan the top 1000 ports by default or specify custom ranges. Target individual ports, comma-separated lists or continuous ranges for focused assessments.
CIDR Range Support: Scan entire subnets using CIDR notation. Useful for network inventory and identifying unauthorized services across a network segment.
CSV Export: Export scan results with timestamp, target host, port number, protocol, state and service identification. Import directly into spreadsheets or reporting tools.
SHA256 Verification: Published SHA256 hash for download integrity verification. Confirm the installer has not been tampered with before execution.

Use Cases

Who Uses Sherlock Forensics Port Scanner

Penetration Test Recon

Security consultants use Sherlock Forensics Port Scanner during the reconnaissance phase of penetration testing engagements. Identify open ports and running services before launching targeted vulnerability assessments. Export results for inclusion in forensic investigation documentation.

Compliance Audits

Verify that only authorized services are exposed on production networks. Document open ports for PCI-DSS, HIPAA and SOC 2 compliance audits. CSV exports provide timestamped evidence for audit trails and regulatory submissions.

Sysadmin Troubleshooting

Diagnose connectivity issues by confirming whether services are listening on expected ports. Identify rogue services or misconfigured firewalls. Scan after patching to verify that unnecessary services have been properly disabled.

Compare

Sherlock Forensics Port Scanner vs Nmap

Feature	Sherlock Forensics Port Scanner	Nmap
Interface	Native Windows GUI	Command line (Zenmap GUI separate)
Installation	Single .exe, no dependencies	Requires Npcap/WinPcap driver
Admin privileges	Not required	Required for SYN scans
TCP connect scan	Yes	Yes
SYN/stealth scan	No	Yes
Service detection	Banner grabbing	Advanced probes
NSE scripting	No	Yes
OS fingerprinting	No	Yes
CSV export	Yes	XML/grep output
Learning curve	Minimal	Significant
Price	Free	Free (open source)

Different Tools for Different Needs

Nmap is the industry standard for network reconnaissance with unmatched depth in scripting and OS fingerprinting. Sherlock Forensics Port Scanner is not a replacement for Nmap. It fills a different role: a lightweight GUI scanner for quick assessments when you need results without command-line syntax, driver installations or admin privileges. Use Nmap for advanced engagements. Use Sherlock Forensics Port Scanner for fast visual scans during triage, compliance checks and troubleshooting.

Download

Get Sherlock Forensics Port Scanner

Version 0.1.4 for Windows 10/11 (64-bit). Single executable, no installation dependencies.

File: sherlock-port-scanner.exe
SHA256: 0a7dee2ea06e90b4939f76a56462ddc6dbe81e1ed5c59a18c491f6bde12c726a
Version: 0.1.4
Platform: Windows 10/11 (64-bit)

Questions

Port Scanner FAQ

Is Sherlock Forensics Port Scanner free?

Yes. Sherlock Forensics Port Scanner is completely free with no trial period, no feature restrictions and no expiry. Download, install and scan with no limitations.

How does Sherlock Forensics Port Scanner compare to Nmap?

Nmap is the industry standard command-line scanner with extensive scripting capabilities. Sherlock Forensics Port Scanner provides a lightweight GUI alternative that requires no installation complexity, no command-line knowledge and no WinPcap/Npcap dependencies. It is designed for quick assessments rather than advanced scripting.

Is port scanning legal?

Port scanning systems you own or have written authorization to test is legal in most jurisdictions. Scanning systems without authorization may violate computer fraud laws including the CFAA in the United States and the Criminal Code in Canada. Always obtain written permission before scanning any network you do not own.

What ports does Sherlock Forensics Port Scanner check?

By default Sherlock Forensics Port Scanner checks the top 1000 TCP ports as defined by service frequency data. You can also specify custom port ranges or scan all 65535 TCP ports for a comprehensive assessment.

Does it detect running services?

Yes. Sherlock Forensics Port Scanner performs service banner grabbing on open ports to identify the software and version running on each port. This includes web servers, SSH, FTP, database servers and other common network services.

Can I export scan results?

Yes. Scan results can be exported to CSV format for import into spreadsheets, vulnerability management tools or forensic reports. Each export includes timestamp, target host, port number, protocol, state and service identification.

Does it require admin privileges?

No. Sherlock Forensics Port Scanner uses standard TCP connect scanning which does not require elevated privileges, WinPcap or Npcap. It runs as a normal user application on Windows 10 and Windows 11.

Get Started

Download Sherlock Forensics Port Scanner

Free network security scanner built by CISSP, ISSAP and ISSMP certified forensic professionals. Need a full penetration test or security assessment? Contact our team.

Since 2006CISSP, ISSAP, ISSMP certified604.229.1994

Sherlock Forensics Port Scanner is provided for lawful use only. Unauthorized scanning of networks you do not own may violate applicable laws. Terms of Service