Security for everyone

FTP Bounce Checker

FTP bounce attack is a vulnerability type where an attacker who cannot access a server in the internal network by using targeted FTP server as a proxy to transfer files and scans ports. If this explanation sounds complex, don’t worry. You can check whether your server is impacted by this vulnerability by using our tool.


Short Info




Single Scan

Can be used by

Asset Owner

Estimated Time

5 sec

Scan only one

Domain, Ipv4

Parent Category

FTP Bounce Checker Detail

FTP Bounce Checker

What is FTP ?

FTP (File Transfer Protocol) is a TCP-based protocol that enables file transfer between the server and the client. There are numerous FTP commands. Some of these are PUT, STOR, GET(RETR) and PORT commands. You can view the complete list by clicking the link here.

You can connect to the FTP server by using FTP clients with graphical interface (ex. Filezilla, CuteFTP, Cyberduck), by using the command line (ex. bash, iterm, powershell) or by using your browser.

If you are using a command-line interface (or a script) to connect to FTP, you can send any command you want to the target server. People with malicious intent might use PORT command which is an FTP command for your FTP server to send the request to other systems. With this method, they can transfer files or scan ports in other systems by using your FTP server.

What is FTP Bounce Attack ?

In FTP protocol, PORT command indicates an IP address and port which FTP server should connect. To learn more about PORT command, read this. People with malicious intent changes the parameters of this command and use the FTP server to open connections to different addresses.

This vulnerability enables the attacker to connect to another system via an FTP server and do unauthorised operations. For example, directory listing, port scanning, file downloading etc.

How To Check FTP Bounce Attack ?

You can check FTP Bounce vulnerability within seconds with our free and online FTP Bounce Vulnerability Control tool. To do this, you can start by typing your domain name in the form on top of the page and start scanning.

Or you can check with nmap tool and nmap -v -P0 -b username:password@ftp-server:port Target_Host or nmap -sV --script ftp-bounce Target_Host command which can be installed to all operating systems.

Also, you can use ftpbounce auxiliary module of “Metasploit Framework” to check the vulnerability.

Lastly, you can check manually. If your FTP server is impacted from this vulnerability, you will have a result similar to the following:

	331 Username okay, awaiting password
	230 User logged in, proceed
	PORT 172,19,0,100,0,1234
	200 The requested action has been successfully completed 
	150 File status okay; about to open data connection // We understood port 1234 is open
	226 Closing data connection 
	PORT 172,19,0,100,0,4444
	200 The requested action has been successfully completed 
	425 No connection established // We understood port 4444 is closed

For example, an attacker using this vulnerability can scan ports in the internal network systems by using the following command:
nmap -v -p 21,22,445,80,443 -b username:[email protected]

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture