Port-Stat is a lightweight, cross-platform, real-time port monitoring tool designed for security analysts, developers, and incident responders. It continuously watches for newly opened listening ports and instantly alerts you when any process starts a new network listener. This helps detect suspicious activity, reverse shells, rogue services, or unexpected dev server launches.
- ⚡ Real-time detection of newly opened ports
- 🧠 Process-aware alerts (process name + PID)
- 🎛 Ignore lists for ports & processes
- 🗂 Optional JSON logging (NDJSON format)
- 🔁 Unbuffered, live output (Windows/Linux/macOS)
- 🪶 Requires only one dependency (
psutil)
git clone https://github.com/Alexander-50/Port-Stat.git
cd Port-Stat
pip install -r requirements.txtpython monitor.pypython monitor.py --interval 2python monitor.py --ignore-ports 3000,5000,8000python monitor.py --ignore-procs python,nodepython monitor.py --json-log logs/events.json
Port-Stat/
│── monitor.py
│── requirements.txt
│── README.md
│── .gitignore
│
├── samples/
│ ├── sample_output.txt
│ └── events_sample.json
│
└── logs/ (auto-created when using --json-log)
{"timestamp": "2025-11-20T18:22:25.882104", "port": 8080, "process": "python.exe", "pid": 9214, "type": "new_port"}
{"timestamp": "2025-11-20T18:22:33.441552", "port": 9999, "process": "python.exe", "pid": 10482, "type": "new_port"}
- Debug dev servers (Flask, Node, Django, etc.)
- Catch reverse shells / malware activity
- Monitor real-time system behavior
- Helpful for SOC, IR, Pentesting, DevOps
Pull requests are welcome! Improve features, add monitoring modes, or enhance detection logic.
If you find Port-Stat useful, consider starring ⭐ the repository.
Alexander P.B.
Cybersecurity Researcher & Penetration Tester
Red Team & IoT Security Specialist
📧 Reach out via GitHub for research collaborations.