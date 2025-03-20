Open Port Scanning allows Magic Transit and Bring your Own IPs users to efficiently monitor IP ranges for security vulnerabilities. This API enables users to scan their designated IP ranges, detect any open ports, and receive daily notifications regarding newly opened ports.

You can access this feature via the API.

Prerequisites

Cloudforce One Administrator, Administrator and Super Administrator roles.

Account token: Custom API Token > Cloudforce One:Edit.

To create a custom API token:

From the Cloudflare dashboard ↗ , go to My Profile > API Tokens for user tokens. Go to Create Custom Token > Get started. Enter a Token name, for example, Open Port Scanning . In Permissions: Choose Account .

. Select Cloudforce One as the account.

as the account. Choose Edit access. In Client IP Address Filtering: In Operator , select is in .

, select . In Value, enter a valid IP address. Select Continue to summary. Review the token, then select Create Token.

Note The Open Port Scanner will run from a predetermined set of IPs. The Cloudforce One team recommends you to allowlist these IPs in your rules.

Configure Open Port Scanning

To configure Open Port Scanning, follow these steps:

Create a new scan config: IPs : Enter the IP ranges you wish to monitor. Ensure that the ranges are correctly formatted to avoid scanning errors. The API will validate if the IPs requested are onboarded to Cloudflare and associated to the account belonging to the API token used.

: Enter the IP ranges you wish to monitor. Ensure that the ranges are correctly formatted to avoid scanning errors. The API will validate if the IPs requested are onboarded to Cloudflare and associated to the account belonging to the API token used. Frequency : Enter the scan frequency in days.

: Enter the scan frequency in days. Ports : Select the ports to scan. Choose among: All Default (refer to Default ports for a comprehensive list) List of specific ports

: Select the ports to scan. Choose among: Scan IPs: Initiate the scanning process. The system will analyze the specified IP ranges to identify any open ports. Generate list of open ports: Once the scan is complete, the API will generate a list of detected open ports for review and action. Select open ports to list: Choose which open ports you would like to be notified about. You can exclude any ports that do not require immediate attention. View differences from previous scan: The API will highlight any changes in open ports since the last scan, allowing you to quickly assess new vulnerabilities. Stop scanning: If necessary, you can stop the scanning process at any time. Set up alerts: Configure alerts for specific ports of interest. You will be notified immediately via email or webhook if any of these designated ports become newly open.

Beta feature notice Open Port Scanning feature is currently in closed beta. The Cloudforce One team appreciates your feedback as the team works to enhance its functionality and user experience. If you want to subscribe to this feature or participate in the beta program, join our closed beta for Port Scanning ↗.

Default ports

List of default ports 80

631

161

137

123

138

1434

445

135

67

23

53

443

21

139

22

500

68

520

1900

25

4500

514

49152

162

69

5353

111

49154

3389

110

1701

998

996

997

999

3283

49153

445

1812

136

139

143

53

2222

135

3306

2049

32768

5060

8080

1025

1433

3456

80

1723

111

995

993

20031

1026

7

5900

1646

1645

593

1025

518

2048

626

1027

587

177

1719

427

497

8888

4444

1023

65024

199

19

9

49193

1029

1720

49

465

88

1028

17185

1718

49186

548

113

81

6001

2000

10000

31337

