Required Ports Reference
This reference lists the network ports AlloyScan uses for agentless scan and audit between an Audit Service host and its targets, plus the outbound port required by Audit Agents.
Audit Service to targets
| Target |
Protocol |
Port |
Purpose |
| Windows computer |
TCP |
5985 |
WinRM (primary). |
| Windows computer |
TCP |
135 |
Fallback. |
| Windows computer |
TCP |
139 |
NetBIOS over TCP/IP. |
| Windows computer |
TCP |
445 |
SMB. |
| Windows computer |
TCP |
88 |
Kerberos (Active Directory authentication). |
| Windows computer |
TCP |
389 |
LDAP (Active Directory). |
| Linux / macOS computer |
TCP |
22 |
SSH. |
| VMware ESXi hypervisor |
TCP |
80 |
HTTP. |
| VMware ESXi hypervisor |
TCP |
443 |
HTTPS. |
| VMware ESXi hypervisor |
TCP |
902 |
ESXi management. |
| SNMP device |
UDP |
161 |
SNMP v1 / v2c / v3. |
| NAS device |
TCP |
139 |
NetBIOS / SMB. |
Network discovery (broadcast)
| Direction |
Protocol |
Port |
Purpose |
| Outbound |
UDP |
53 |
DNS resolution during scan. |
| Outbound |
UDP |
137 |
NetBIOS Name Service. |
| Outbound |
UDP |
138 |
NetBIOS Datagram Service. |
| Outbound |
ICMPv4 |
— |
Ping; recommended for reachability checks. |
Audit Agent to AlloyScan
| Direction |
Protocol |
Port |
Purpose |
| Outbound |
TCP |
443 |
HTTPS — only port required by an Audit Agent. |
Constraints
- Windows targets must be in the same Active Directory domain as the Audit Service host for agentless scan and audit. Cross-domain or workgroup Windows targets must be audited via an Audit Agent.
- An Audit Agent requires only outbound HTTPS/443. No inbound ports are required at the endpoint.
- An Audit Service requires outbound HTTPS/443 to the AlloyScan instance for registration and heartbeat.