/\/\o\/\/ PowerShelled
This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$PreviousItems = (" Large AD queries in Monad "," Sharepoint provider for Monad "," access ADSI WinNT provider from Monad Part 2 "," MSH Community Workspace, TFSC provider and videos "," more Monad scripts, and a bit more CSV "," working with CSV files in MSH (part two) "," working with CSV files in MSH (part one) "," and another source for MSH scripts is born "," VBscript hosting in MSH, Inputbox in Monad part 2 "," Some Monad Com hacks "," ")
Tuesday, April 18, 2006
Simple port scanning using Monad
working from the C# example id William Stacey in the Newsgroup, (Monitoring Ports on Remote System ), I made this very simple MSH example.
I did remove the Threading (so if you have a lot of ports, Yes it's slow) but I did add some basic Banner Grabbing.
The script looks like this :
# Scan-Ports.msh
#
# Scans computer for a list of ports and tries to get Banners on open ports
#
# /\/\o\/\/ 2006
# http://mow001.blogspot.com
# check needed aliases
if (!(get-command -ea SilentlyContinue new)) {set-alias new New-Object}
# Load Function
Function Scan-Ports {
param ($server = "localhost",[int[]]$ports)
&{
trap{"Server $Server not Found";continue}
$ping = new Net.NetworkInformation.Ping
$script:result = $null
$script:result = $ping.send($server)
}
if ($result) {
foreach ($port in $ports) {
Trap {"$port Not Open";continue}
"Checking $server $port :"
$client = new net.sockets.tcpclient
$client.connect($server,$port)
if ($client.connected) {
"$port is Open, Trying to get banner"
$stream = $client.GetStream()
$chars = @()
sleep -m 1000 # Give server some time to react
while ($stream.DataAvailable) {$chars += [char]$stream.readByte()}
#([System.Text.ASCIIEncoding]::utf8).GetChars([byte[]]$chars)
[string]::concat($chars)
}
}
}
}
#
# Scans computer for a list of ports and tries to get Banners on open ports
#
# /\/\o\/\/ 2006
# http://mow001.blogspot.com
# check needed aliases
if (!(get-command -ea SilentlyContinue new)) {set-alias new New-Object}
# Load Function
Function Scan-Ports {
param ($server = "localhost",[int[]]$ports)
&{
trap{"Server $Server not Found";continue}
$ping = new Net.NetworkInformation.Ping
$script:result = $null
$script:result = $ping.send($server)
}
if ($result) {
foreach ($port in $ports) {
Trap {"$port Not Open";continue}
"Checking $server $port :"
$client = new net.sockets.tcpclient
$client.connect($server,$port)
if ($client.connected) {
"$port is Open, Trying to get banner"
$stream = $client.GetStream()
$chars = @()
sleep -m 1000 # Give server some time to react
while ($stream.DataAvailable) {$chars += [char]$stream.readByte()}
#([System.Text.ASCIIEncoding]::utf8).GetChars([byte[]]$chars)
[string]::concat($chars)
}
}
}
}
You can Use the script like this :
# Usage :
MSH>Scan-Ports mail 110
Checking mail 110 :
110 is Open, Trying to get banner
+OK InterMail POP3 server ready.
# or for more flexibility :
$server = "mail"
$ports = 21,25,23,80,110,8080,4444 + 130..140
#$ports = @(110)
Scan-Ports $server $ports
<snap> ... <snap>
Checking mail 80 :
80 Not Open
Checking mail 110 :
110 is Open, Trying to get banner
+OK InterMail POP3 server ready.
Checking mail 8080 :
8080 Not Open
Checking mail 8080 :
8080 Not Open
Checking mail 4444 :
4444 Not Open
Checking mail 130 :
130 Not Open
Checking mail 131 :
131 Not Open
<snap> ... <snap>
# or make flexible ranges like this :
scan-ports 'mail' @(21,25,23,80,110,8080,4444 + 130..140)
# I had some problems with the MS telnet server :
MSH>Scan-Ports localhost 23
Checking localhost 23 :
23 is Open, Trying to get banner
ÿû☺ÿû♥ÿy'ÿy▼ÿy ÿû
# should be UTF8 I think but all this did not work :
([System.Text.ASCIIEncoding]::utf8).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::ASCII).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::BigEndianUnicode).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::Default).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::Unicode).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::UTF32).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::UTF7).GetChars([byte[]]$chars)
MSH>Scan-Ports mail 110
Checking mail 110 :
110 is Open, Trying to get banner
+OK InterMail POP3 server ready.
# or for more flexibility :
$server = "mail"
$ports = 21,25,23,80,110,8080,4444 + 130..140
#$ports = @(110)
Scan-Ports $server $ports
<snap> ... <snap>
Checking mail 80 :
80 Not Open
Checking mail 110 :
110 is Open, Trying to get banner
+OK InterMail POP3 server ready.
Checking mail 8080 :
8080 Not Open
Checking mail 8080 :
8080 Not Open
Checking mail 4444 :
4444 Not Open
Checking mail 130 :
130 Not Open
Checking mail 131 :
131 Not Open
<snap> ... <snap>
# or make flexible ranges like this :
scan-ports 'mail' @(21,25,23,80,110,8080,4444 + 130..140)
# I had some problems with the MS telnet server :
MSH>Scan-Ports localhost 23
Checking localhost 23 :
23 is Open, Trying to get banner
ÿû☺ÿû♥ÿy'ÿy▼ÿy ÿû
# should be UTF8 I think but all this did not work :
([System.Text.ASCIIEncoding]::utf8).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::ASCII).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::BigEndianUnicode).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::Default).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::Unicode).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::UTF32).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::UTF7).GetChars([byte[]]$chars)
Note, that I first ping the Computer and only if I get a reply I do a portscan, to speed it up a bit, if ICMP is disabled you should remove this.
Also you can get some speed using Karl Prosser's (very Cool ) start backgroundpipeline snapin : http://www.karlprosser.com/coder/?p=39
and as you can see in last example the MS telnet banner is unreadable.
Enjoy,
Greetings /\/\o\/\/
Tags : Monad msh
