-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathPort-Scan.ps1
94 lines (77 loc) · 2.82 KB
/
Port-Scan.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
function Port-Scan{
<#
.PARAMETER Ports
Ports That should be scanned, default values are: 21,22,23,53,69,71,80,98,110,139,111,
389,443,445,1080,1433,2001,2049,3001,3128,5222,6667,6868,7777,7878,8080,1521,3306,3389,
5801,5900,5555,5901
.PARAMETER TimeOut
Time (in MilliSeconds) before TimeOut, Default set to 100
.EXAMPLE
PS > Port-Scan -SIP 192.168.0.1 -EIP 192.168.0.254
.EXAMPLE
PS > Port-Scan -SIP 192.168.0.1 -EIP 192.168.0.254
.EXAMPLE
PS > Port-Scan -SIP 192.168.0.1 -EIP 192.168.0.254
Use above to do a port scan on default ports.
.EXAMPLE
PS > Port-Scan -SIP 192.168.0.1 -EIP 192.168.0.254 -TimeOut 500
.EXAMPLE
PS > Port-Scan -SIP 192.168.0.1 -EIP 192.168.10.254 -Port 80
.LINK
http://www.truesec.com
http://blogs.technet.com/b/heyscriptingguy/archive/2012/07/02/use-powershell-for-network-host-and-port-discovery-sweeps.aspx
https://github.com/samratashok/nishang
.NOTES
Goude 2012, TrueSec
#>
[CmdletBinding()] Param(
[parameter(Mandatory = $true, Position = 0)]
[ValidatePattern("\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b")]
[string]
$SIP,
[parameter(Mandatory = $true, Position = 1)]
[ValidatePattern("\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b")]
[string]
$EIP,
[int[]]
$Ports = @(21,22,23,53,69,71,80,98,110,139,111,389,443,445,1080,1433,2001,2049,3001,3128,5222,6667,6868,7777,7878,8080,1521,3306,3389,5801,5900,5555,5901),
[int]
$TimeOut = 100
)
Begin {
$ping = New-Object System.Net.Networkinformation.Ping
}
Process {
foreach($a in ($SIP.Split(".")[0]..$EIP.Split(".")[0])) {
foreach($b in ($SIP.Split(".")[1]..$EIP.Split(".")[1])) {
foreach($c in ($SIP.Split(".")[2]..$EIP.Split(".")[2])) {
foreach($d in ($SIP.Split(".")[3]..$EIP.Split(".")[3])) {
$pingStatus = $ping.Send("$a.$b.$c.$d",$TimeOut)
if($pingStatus.Status -eq "Success") {
$openPorts = @()
for($i = 1; $i -le $ports.Count;$i++) {
$port = $Ports[($i-1)]
$client = New-Object System.Net.Sockets.TcpClient
$beginConnect = $client.BeginConnect($pingStatus.Address,$port,$null,$null)
if($client.Connected) {
$openPorts += $port
} else {
# Wait
Start-Sleep -Milli $TimeOut
if($client.Connected) {
$openPorts += $port
}
}
$client.Close()
}
# Return Object
"$a.$b.$c.$d" + " : " + $openPorts
}
}
}
}
}
}
End {
}
}