OpenSSL 本身并不直接提供端口扫描功能，它主要用于加密通信和生成证书等任务。但是，你可以结合 OpenSSL 和其他命令行工具（如 nc 或 nmap）来实现端口扫描。

以下是使用 OpenSSL 和 nc（netcat）进行端口扫描的一种方法：

1. 打开终端或命令提示符。
2. 输入以下命令，将 替换为你想要扫描的目标 IP 地址，将 替换为你想要扫描的端口号范围（例如：1-100）：

for /L %i in () do openssl s_client -connect :%i /dev/null | find "SSL_connect"

如果你使用的是 macOS 或 Linux，可以使用以下命令：

for i in $(seq ); do openssl s_client -connect :$i /dev/null | grep "SSL_connect"; done

这些命令会尝试连接到目标 IP 地址的指定端口范围，并通过查找 “SSL_connect” 字符串来判断端口是否开放。如果端口开放，你将看到类似的输出：

CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=0 CN = example.com
verify return:1
---
Certificate chain
 0 s:CN = example.com
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 1 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=CN = example.com
issuer=C = US, O = Internet Security Research Group, CN = ISRG Root X1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3548 bytes and written 430 bytes
Verification error: self signed certificate in certificate chain
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
...

请注意，这种方法可能不是最高效的端口扫描方法，而且可能会受到目标服务器防火墙或其他安全措施的影响。对于更高级的端口扫描，你可以考虑使用专门的网络扫描工具，如 nmap。