Cyber Security

Test-Port: Use PowerShell as a Port Scanner

Long time ago I’ve created a small function that acts like a port scanner. It’s  not a replacement for enterprise scanners such as nmap, but it’s quite useful for quick tests when nmap is not at hand. The command Test-Port calls Test-NetConnection and enables you to specify more than one port number. It’s nothing special, but it’s worth sharing.

Quick glance at the TCP-Handshake

When a computer sends SYN to another computer, the remote computer will usually answer with SYN + ACK or RST. By this fact, we can test if a port is open or not.




To test whether a port is open or not, different port scanners can be used. Or Test-NetConnection or a self-made script. Remember Test-NetConnection:


Seems that Port 80 of is open (SYN + ACK).


Well, as announced, my modest little script which enables you to test multiple ports. This will only work with PowerShell 4.0 and above. (Thanks to the community who brought it to my attention)

Copy the following code to PowerShell or PowerShell ISE. Run it. The command Test-Port then becomes avaliable.

function Test-Port
{$computer=Read-Host "Computername | IP Address?"
 $port=Read-Host "Port Numbers? Separate them by comma"
 $port.split(',') | Foreach-Object -Process {If (($a=Test-NetConnection $computer -Port $_ -WarningAction SilentlyContinue).tcpTestSucceeded -eq $true) {Write-Host $a.Computername $a.RemotePort -ForegroundColor Green -Separator " ==> "} else {Write-Host $a.Computername $a.RemotePort -Separator " ==> " -ForegroundColor Red}}


You will be asked to provide a destination and a port. It should look like the screenshot below. Open Ports are marked green, closed Ports red.


Does anything seem strange to you? How can you read this article when the correspondending port (https ==> 443) of is closed? Don’t worry it’s neither a faked screenshot nor a bug or something magic. My Active Directory domain name is In this screen my internal domain was tested. 😉

If you want to make Test-Port permanent for all user of all PowerShell Sessions save it as a Module. More about here:

PowerShell Functions: How to create your first PowerShell Module Command

4 replies »

  1. Thank you for the above script. How can I change it to check a range of IP addresses and once it has done this, give me a numerical value please? E.g. Scans – and tells me X number of designated ports are open?

    I have:

    1..254 | % { $a = $_;” Write-Hosts “——“; Write-Host “192.168.13.$a”; 443 | % {echo ((New-Object Net.Sockets.TcpClient).Connect(“192.168.13.$a”,$_)) “Port $_ is open!”} 2>$null}

    It gives me the answer, but it doesn’t give me a total, I still have to scroll back and count them manually. Alternately, instead of changing your script, what can I add to the above to have it give me a total value please?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.