Author Posts

May 8, 2018 at 7:36 pm

Hello everyone!

My issue is below – thanks in advance for your advice!

So I wrote a script recently to scan many targets for the complete TCP/UDP ranges. I found that the TCP scans complete without any issue, however the UDP scans start, but never really finish. Additionally, regarding my UDP port scan woes....POSH shell shows something like "Error: 0 targets defined" when I have all of the targets defined inside c:\target_list.txt

My script:

Get-Content c:\target_list.txt | Foreach-Object { write-output "Running TCP port scan using this command: nmap -sS -p 1-65535. It will run TCP scan of all possible TCP ports" `n| Out-File c:\"$_.csv" }
Get-Content c:\target_list.txt | Foreach-Object { nmap -sS -p 1-65535 $_ | Out-File c:\"$_.csv" -Append}
Get-Content c:\target_list.txt | Foreach-Object { write-output `n | Out-File c:\"$_.csv" -Append}
Get-Content c:\target_list.txt | Foreach-Object { write-output "Running UDP port scan using this command: nmap -sU -p 1-65535. It will run UDP scan of all possible UDP ports" `n| Out-File c:\"$_.csv" -Append }
Get-Content c:\target_list.txt | Foreach-Object { nmap -sU -p 1-65535 $_ | Out-File c:\"$_.csv" -Append}

My target list (example):

somehost1.somedomain.com
somehost2.somedomain.com
somehost3.somedomain.com
somehost4.somedomain.com
somehost5.somedomain.com
somehost6.somedomain.com
somehost7.somedomain.com
somehost8.somedomain.com

May 9, 2018 at 6:04 am

I use NMAP and others in given scenarios, but if PoSH has it, why not use it.

Well, there are times when purpose built tools are just more direct and faster to use.

However, remember PoSh, depending on what OS and version you are running has a cmdlet for this called 'TNC, shown below, and you can really cull down your script to just this. Well, not taking the whole Out-File thing into consideration.

$Hostnames = $env:COMPUTERNAME
Foreach ($Hostname in $Hostnames)
{1..65535 | ForEach{Test-NetConnection -ComputerName $Hostname -Port $_}}

... but this does not have a UDP switch.

If you are on an OS / PoSH version that does nto have this cmdlet, you can take
the .Net approach.

New-Object System.Net.Sockets.TcpClient($Hostname,$_)
New-Object System.Net.Sockets.UdpClient($Hostname,$_)

There are instructions here on how to use the above

> 'geekeefy.wordpress.com/2016/01/07/powershell-telnet-tcpudp-ports-on-multiple-machines'
> 'learn-powershell.net/2011/02/21/querying-udp-ports-with-powershell'
> 'learn-powershell.net/2011/10/23/querying-udp-ports-with-powershell-part-2'

There are pre-built port tester / scanner via the MS PowerShellGallery site.

> 'gallery.technet.microsoft.com/scriptcenter/97119ed6-6fb2-446d-98d8-32d823867131'

Example: Test-Port -comp dc1 -port 17 -udp -UDPtimeout 10000

As far as your post, try this approach and see what resutls you get

$Protocols = 'TCP','UDP'
$Hostnames = Get-Content 'c:\target_list.txt'

ForEach($Protocol in $Protocols)
{
    If($Protocol -EQ 'TCP')
    {
        "Testing for $Protocol"
        $Message = "Running TCP port scan using this command: nmap -sS -p 1-65535. 
        It will run TCP scan of all possible TCP ports`n"

        $Hostnames | Foreach-Object { 
                                        "Testing hostname $_"
                                        write-output $Message | Out-File c:\$($_.csv) 
                                        nmap -sS -p 1-65535 $_ | Out-File c:\$($_.csv) -Append
                                    }
    }
    Else
    {
        "Testing for $Protocol"
        $Message = "Running UDP port scan using this command: nmap -sU -p 1-65535. 
        It will run UDP scan of all possible UDP ports`n"

        $Hostnames | Foreach-Object { 
                                        "Testing hostname $_"
                                        write-output  $Message | Out-File c:\$($_.csv) -Append 
                                    }

        $Hostnames | Foreach-Object { 
                                        "Testing hostname $_"
                                         nmap -sU -p 1-65535 $_ | Out-File c:\$($_.csv) -Append
                                    }    
    }
}