Auto-scan mode is enabled (disable)
Two scans are automatically run on page load,
a WebSocket scan targetting and
a HTTP scan targetting .
This mode exists to speed up debugging using this tool by removing the need to manually click the button each time.
You can also specify a host and port to port-scan by setting host=X.X.X.X and port=YYYY in the URL search parameters.
Note specifying a custom host or port is only available when loading the page from a local source (ie.
the protocol is file:/// or
the origin is localhost or
127.0.0.1),
to prevent misuse when hosting this page online.
The handy button above will run a port-scan of your local network. It works by triggering HTTP GET requests via
a hidden image's src attribute. The port-scan results will never be uploaded to remote servers and will
never leave your computer. You can verify this and fully monitor the scan from the DevTools Network tab,
or check on the list of the local domains scanned below. Alternatively, you can download this page to run locally.
To protect against private network port-scans like these there are several options: the Port Authority browser addon is designed specifically to block private network port-scans (I'm a developer for it and think it's pretty neat!). Alternatively, uBlock Origin users can add the "Block Outsider Intrusion into LAN" filter list.
Links to local resources currently trigger false positives in the Port Authority addon (see Issue #57). These links can be used to check if the issue is fixed:
- Plain link to http://localhost:8080
target="_blank"link to http://localhost:8080rel="noopener"link to http://localhost:8080rel="noreferrer"link to http://localhost:8080referrerpolicy="no-referrer"link to http://localhost:8080