/\/\o\/\/ PowerShelled

This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$AtomFeed = ("Atom.xml")
$PreviousItems = (" Large AD queries in Monad "," Sharepoint provider for Monad "," access ADSI WinNT provider from Monad Part 2 "," MSH Community Workspace, TFSC provider and videos "," more Monad scripts, and a bit more CSV "," working with CSV files in MSH (part two) "," working with CSV files in MSH (part one) "," and another source for MSH scripts is born "," VBscript hosting in MSH, Inputbox in Monad part 2 "," Some Monad Com hacks "," ")

Tuesday, April 18, 2006

 


Simple port scanning using Monad



working from the C# example id William Stacey in the Newsgroup, (Monitoring Ports on Remote System ), I made this very simple MSH example.

I did remove the Threading (so if you have a lot of ports, Yes it's slow) but I did add some basic Banner Grabbing.

The script looks like this :



# Scan-Ports.msh  

# Scans computer for a list of ports and tries to get Banners on open ports
#  
# /\/\o\/\/ 2006  
# http://mow001.blogspot.com 

# check needed aliases

if (!(get-command -ea SilentlyContinue new)) {set-alias new New-Object}

# Load Function

Function Scan-Ports {
  param ($server = "localhost",[int[]]$ports)
  &{
    trap{"Server $Server not Found";continue}
    $ping = new Net.NetworkInformation.Ping
    $script:result = $null
    $script:result = $ping.send($server)
  }
  if ($result) {
    foreach ($port in $ports) {
      Trap {"$port Not Open";continue}
      "Checking $server $port :"
      $client = new net.sockets.tcpclient
      $client.connect($server,$port)
      if ($client.connected) {
        "$port is Open, Trying to get banner"
        $stream = $client.GetStream()
        $chars = @()
        sleep -m 1000 # Give server some time to react 
        while ($stream.DataAvailable) {$chars += [char]$stream.readByte()}
        #([System.Text.ASCIIEncoding]::utf8).GetChars([byte[]]$chars)
        [string]::concat($chars)
      }
    }
  }
}


You can Use the script like this :

# Usage :

MSH>Scan-Ports mail 110

Checking mail 110 :
110 is Open, Trying to get banner
+OK InterMail POP3 server ready.

# or for more flexibility :

$server = "mail"
$ports = 21,25,23,80,110,8080,4444 + 130..140
#$ports = @(110)

Scan-Ports $server $ports
<snap> ... <snap>
Checking mail 80 :
80 Not Open
Checking mail 110 :
110 is Open, Trying to get banner
+OK InterMail POP3 server ready.


Checking mail 8080 :
8080 Not Open
Checking mail 8080 :
8080 Not Open
Checking mail 4444 :
4444 Not Open
Checking mail 130 :
130 Not Open
Checking mail 131 :
131 Not Open

<snap> ... <snap>


# or make flexible ranges like this :

scan-ports 'mail' @(21,25,23,80,110,8080,4444 + 130..140)

# I had some problems with the MS telnet server :

MSH>Scan-Ports localhost 23
Checking localhost 23 :
23 is Open, Trying to get banner
ÿû☺ÿû♥ÿy'ÿy▼ÿy ÿû

# should be UTF8 I think but all this did not work :

      ([System.Text.ASCIIEncoding]::utf8).GetChars([byte[]]$chars)
      ([System.Text.ASCIIEncoding]::ASCII).GetChars([byte[]]$chars)
      ([System.Text.ASCIIEncoding]::BigEndianUnicode).GetChars([byte[]]$chars)
      ([System.Text.ASCIIEncoding]::Default).GetChars([byte[]]$chars)
      ([System.Text.ASCIIEncoding]::Unicode).GetChars([byte[]]$chars)
      ([System.Text.ASCIIEncoding]::UTF32).GetChars([byte[]]$chars)
      ([System.Text.ASCIIEncoding]::UTF7).GetChars([byte[]]$chars)


Note, that I first ping the Computer and only if I get a reply I do a portscan, to speed it up a bit, if ICMP is disabled you should remove this.
Also you can get some speed using Karl Prosser's (very Cool ) start backgroundpipeline snapin : http://www.karlprosser.com/coder/?p=39

and as you can see in last example the MS telnet banner is unreadable.

Enjoy,

Greetings /\/\o\/\/


Tags :


Comments:
Anonymous Anonymous
Hey MoW,

Telnet is not quite like any other port, since there are many different terminal types that may connect (vt220, vt100, 3270 etc) so the first phase of the connection involves something called telnet "option negotiation." as described in RFC 854. A good overview is at http://www.freesoft.org/CIE/Topics/110.htm

So, to summarise, you ain't doing anything wrong!

- Oisin
http://www.nivot.org/
msh sharepoint provider
 
Post a Comment



<< Home

Archives

October 2005   November 2005   December 2005   January 2006   February 2006   March 2006   April 2006   May 2006   June 2006   July 2006   August 2006   September 2006   October 2006   November 2006   December 2006  

$Links = ("PowerShell RC1 Docs"," PowerShell RC1 X86"," PowerShell RC1 X64"," Monad GettingStarted guide"," Monad Progamming Guide"," Monad SDK"," Monad videos on Channel 9"," MSH Community Workspace"," scripts.readify.net "," MonadSource"," www.reskit.net"," PowerShell Blog"," Under The Stairs"," computerperformance powershell Home"," proudlyserving"," MSH on wikipedia"," MSHWiki Channel 9"," Keith Hill's Blog"," Precision Computing"," PowerShell for fun"," MSH Memo (Japanese)"," monadblog")

find-blog -about "PowerShell","Monad" | out-Technorati.
find-blog -contains "","" | out-Technorati.
Google
 
Web mow001.blogspot.com

This page is powered by Blogger. Isn't yours?