This blog has moved to http://ThePowerShellGuy.com
Greetings /\/\o\/\/
working from the C# example id William Stacey in the Newsgroup, (Monitoring Ports on Remote System ), I made this very simple MSH example.
I did remove the Threading (so if you have a lot of ports, Yes it's slow) but I did add some basic Banner Grabbing.
The script looks like this :
# Scan-Ports.msh
#
# Scans computer for a list of ports and tries to get Banners on open ports
#
# /\/\o\/\/ 2006
# http://mow001.blogspot.com
# check needed aliases
if (!(get-command -ea SilentlyContinue new)) {set-alias new New-Object}
# Load Function
Function Scan-Ports {
param ($server = "localhost",[int[]]$ports)
&{
trap{"Server $Server not Found";continue}
$ping = new Net.NetworkInformation.Ping
$script:result = $null
$script:result = $ping.send($server)
}
if ($result) {
foreach ($port in $ports) {
Trap {"$port Not Open";continue}
"Checking $server $port :"
$client = new net.sockets.tcpclient
$client.connect($server,$port)
if ($client.connected) {
"$port is Open, Trying to get banner"
$stream = $client.GetStream()
$chars = @()
sleep -m 1000 # Give server some time to react
while ($stream.DataAvailable) {$chars += [char]$stream.readByte()}
#([System.Text.ASCIIEncoding]::utf8).GetChars([byte[]]$chars)
[string]::concat($chars)
}
}
}
}
You can Use the script like this :
# Usage :
MSH>Scan-Ports mail 110
Checking mail 110 :
110 is Open, Trying to get banner
+OK InterMail POP3 server ready.
# or for more flexibility :
$server = "mail"
$ports = 21,25,23,80,110,8080,4444 + 130..140
#$ports = @(110)
Scan-Ports $server $ports
<snap> ... <snap>
Checking mail 80 :
80 Not Open
Checking mail 110 :
110 is Open, Trying to get banner
+OK InterMail POP3 server ready.
Checking mail 8080 :
8080 Not Open
Checking mail 8080 :
8080 Not Open
Checking mail 4444 :
4444 Not Open
Checking mail 130 :
130 Not Open
Checking mail 131 :
131 Not Open
<snap> ... <snap>
# or make flexible ranges like this :
scan-ports 'mail' @(21,25,23,80,110,8080,4444 + 130..140)
# I had some problems with the MS telnet server :
MSH>Scan-Ports localhost 23
Checking localhost 23 :
23 is Open, Trying to get banner
ÿû☺ÿû♥ÿy'ÿy▼ÿy ÿû
# should be UTF8 I think but all this did not work :
([System.Text.ASCIIEncoding]::utf8).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::ASCII).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::BigEndianUnicode).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::Default).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::Unicode).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::UTF32).GetChars([byte[]]$chars)
([System.Text.ASCIIEncoding]::UTF7).GetChars([byte[]]$chars)
Note, that I first ping the Computer and only if I get a reply I do a portscan, to speed it up a bit, if ICMP is disabled you should remove this.
Also you can get some speed using Karl Prosser's (very Cool ) start backgroundpipeline snapin : http://www.karlprosser.com/coder/?p=39
and as you can see in last example the MS telnet banner is unreadable.
Enjoy,
Greetings /\/\o\/\/
Tags : Monad msh