During a pen-testing assignment, not all clients would be comfortable enough to allow you to connect your armored laptop to their network. At such times, you would need to write your own port scanner to discover atleast the open ports. It is very easy using Powershell:
1) To scan from Port 1 to Port 1024 on a single system:
1..1024 | % {echo ((new-object Net.Sockets.TcpClient).Connect("10.10.10.1",$_)) "Port $_ is open!"} 2>$null
Understanding the input:
1..1024 - Creates a range of variables between 1..1024
| - The pipe operator passes objects into the loop
% - The % operator in PowerShell is an alias for foreach-object, and is used to start a loop. The loop executes the content between {} in sequence
echo - Print the following output to the screen
new-object Net.Sockets.TcpClient - Instantiates an instance of the .Net TcpClient class, allowing us to make socket connections to TCP ports
Connect("10.0.0.100",$_)) - Call the Connect function on the TcpClient class with arguments 10.0.0.100 and port $_. $_ is a variable that means current object. The current object relates to number (1..1024) that the loop is currently on.
"Port $_ is open!") - This prints Port # is open! when the program finds an open port.
2>$null - This tells PowerShell not to display any errors encountered
2) To scan for a single port on a range of systems
foreach ($ip in 1..20) {Test-NetConnection -Port 80 -InformationLevel "Detailed" 10.0.0.$ip}
Understanding the input
foreach ($ip in 1..20) {} - Loop through numbers 1 to 20
Test-NetConnection - Test-NetConnection is a utility for testing different types of network connectivity.
Port 80 - Check the availability of port 80
InformationLevel "Detailed" - Provide detailed output information
192.168.1.$ip - Attempt to connect to port 80 against the listed IP address. The $ip variable loops from 1-20 in this example.
3) To scan for all ports on a range of systems
1..20 | % { $a = $_; 1..1024 | % {echo ((new-object Net.Sockets.TcpClient).Connect("10.0.0.$a",$_)) "Port $_ is open!"} 2>$null}
4) To test open ports to evaluate egress traffic controls
1..1024 | % {echo ((new-object Net.Sockets.TcpClient).Connect("allports.exposed",$_)) "Port $_ is open!" } 2>$null
1) To scan from Port 1 to Port 1024 on a single system:
1..1024 | % {echo ((new-object Net.Sockets.TcpClient).Connect("10.10.10.1",$_)) "Port $_ is open!"} 2>$null
Understanding the input:
1..1024 - Creates a range of variables between 1..1024
| - The pipe operator passes objects into the loop
% - The % operator in PowerShell is an alias for foreach-object, and is used to start a loop. The loop executes the content between {} in sequence
echo - Print the following output to the screen
new-object Net.Sockets.TcpClient - Instantiates an instance of the .Net TcpClient class, allowing us to make socket connections to TCP ports
Connect("10.0.0.100",$_)) - Call the Connect function on the TcpClient class with arguments 10.0.0.100 and port $_. $_ is a variable that means current object. The current object relates to number (1..1024) that the loop is currently on.
"Port $_ is open!") - This prints Port # is open! when the program finds an open port.
2>$null - This tells PowerShell not to display any errors encountered
2) To scan for a single port on a range of systems
foreach ($ip in 1..20) {Test-NetConnection -Port 80 -InformationLevel "Detailed" 10.0.0.$ip}
Understanding the input
foreach ($ip in 1..20) {} - Loop through numbers 1 to 20
Test-NetConnection - Test-NetConnection is a utility for testing different types of network connectivity.
Port 80 - Check the availability of port 80
InformationLevel "Detailed" - Provide detailed output information
192.168.1.$ip - Attempt to connect to port 80 against the listed IP address. The $ip variable loops from 1-20 in this example.
3) To scan for all ports on a range of systems
1..20 | % { $a = $_; 1..1024 | % {echo ((new-object Net.Sockets.TcpClient).Connect("10.0.0.$a",$_)) "Port $_ is open!"} 2>$null}
4) To test open ports to evaluate egress traffic controls
1..1024 | % {echo ((new-object Net.Sockets.TcpClient).Connect("allports.exposed",$_)) "Port $_ is open!" } 2>$null
No comments:
Post a Comment