Automated Port Scanning POSH + NMAP

Welcome Forums General PowerShell Q&A Automated Port Scanning POSH + NMAP

This topic contains 1 reply, has 2 voices, and was last updated by

 
Participant
6 months, 1 week ago.

  • Author
    Posts
  • #100369

    Participant
    Points: 1
    Rank: Member

    Hello everyone!

    My issue is below – thanks in advance for your advice!

    So I wrote a script recently to scan many targets for the complete TCP/UDP ranges. I found that the TCP scans complete without any issue, however the UDP scans start, but never really finish. Additionally, regarding my UDP port scan woes....POSH shell shows something like "Error: 0 targets defined" when I have all of the targets defined inside c:\target_list.txt

    My script:

    Get-Content c:\target_list.txt | Foreach-Object { write-output "Running TCP port scan using this command: nmap -sS -p 1-65535. It will run TCP scan of all possible TCP ports" `n| Out-File c:\"$_.csv" }
    Get-Content c:\target_list.txt | Foreach-Object { nmap -sS -p 1-65535 $_ | Out-File c:\"$_.csv" -Append}
    Get-Content c:\target_list.txt | Foreach-Object { write-output `n | Out-File c:\"$_.csv" -Append}
    Get-Content c:\target_list.txt | Foreach-Object { write-output "Running UDP port scan using this command: nmap -sU -p 1-65535. It will run UDP scan of all possible UDP ports" `n| Out-File c:\"$_.csv" -Append }
    Get-Content c:\target_list.txt | Foreach-Object { nmap -sU -p 1-65535 $_ | Out-File c:\"$_.csv" -Append}

    My target list (example):

    somehost1.somedomain.com
    somehost2.somedomain.com
    somehost3.somedomain.com
    somehost4.somedomain.com
    somehost5.somedomain.com
    somehost6.somedomain.com
    somehost7.somedomain.com
    somehost8.somedomain.com

  • #100384

    Participant
    Points: 208
    Helping Hand
    Rank: Participant

    I use NMAP and others in given scenarios, but if PoSH has it, why not use it.

    Well, there are times when purpose built tools are just more direct and faster to use.

    However, remember PoSh, depending on what OS and version you are running has a cmdlet for this called 'TNC, shown below, and you can really cull down your script to just this. Well, not taking the whole Out-File thing into consideration.

    $Hostnames = $env:COMPUTERNAME
    Foreach ($Hostname in $Hostnames)
    {1..65535 | ForEach{Test-NetConnection -ComputerName $Hostname -Port $_}}
    

    ... but this does not have a UDP switch.

    If you are on an OS / PoSH version that does nto have this cmdlet, you can take
    the .Net approach.

    New-Object System.Net.Sockets.TcpClient($Hostname,$_)
    New-Object System.Net.Sockets.UdpClient($Hostname,$_)
    

    There are instructions here on how to use the above

    > 'geekeefy.wordpress.com/2016/01/07/powershell-telnet-tcpudp-ports-on-multiple-machines'
    > 'learn-powershell.net/2011/02/21/querying-udp-ports-with-powershell'
    > 'learn-powershell.net/2011/10/23/querying-udp-ports-with-powershell-part-2'

    There are pre-built port tester / scanner via the MS PowerShellGallery site.

    > 'gallery.technet.microsoft.com/scriptcenter/97119ed6-6fb2-446d-98d8-32d823867131'

    Example: Test-Port -comp dc1 -port 17 -udp -UDPtimeout 10000

    As far as your post, try this approach and see what resutls you get

    $Protocols = 'TCP','UDP'
    $Hostnames = Get-Content 'c:\target_list.txt'
    
    ForEach($Protocol in $Protocols)
    {
        If($Protocol -EQ 'TCP')
        {
            "Testing for $Protocol"
            $Message = "Running TCP port scan using this command: nmap -sS -p 1-65535. 
            It will run TCP scan of all possible TCP ports`n"
    
            $Hostnames | Foreach-Object { 
                                            "Testing hostname $_"
                                            write-output $Message | Out-File c:\$($_.csv) 
                                            nmap -sS -p 1-65535 $_ | Out-File c:\$($_.csv) -Append
                                        }
        }
        Else
        {
            "Testing for $Protocol"
            $Message = "Running UDP port scan using this command: nmap -sU -p 1-65535. 
            It will run UDP scan of all possible UDP ports`n"
    
            $Hostnames | Foreach-Object { 
                                            "Testing hostname $_"
                                            write-output  $Message | Out-File c:\$($_.csv) -Append 
                                        }
    
            $Hostnames | Foreach-Object { 
                                            "Testing hostname $_"
                                             nmap -sU -p 1-65535 $_ | Out-File c:\$($_.csv) -Append
                                        }    
        }
    }
    
    

The topic ‘Automated Port Scanning POSH + NMAP’ is closed to new replies.