Long time ago I’ve created a small function that acts like a port scanner. It’s not a replacement for enterprise scanners such as nmap, but it’s quite useful for quick tests when nmap is not at hand. The command Test-Port calls Test-NetConnection and enables you to specify more than one port number. It’s nothing special, but it’s worth sharing.
Quick glance at the TCP-Handshake
When a computer sends SYN to another computer, the remote computer will usually answer with SYN + ACK or RST. By this fact, we can test if a port is open or not.
Test-NetConnection
To test whether a port is open or not, different port scanners can be used. Or Test-NetConnection or a self-made script. Remember Test-NetConnection:
Seems that Port 80 of cnn.com is open (SYN + ACK).
Test-Port
Well, as announced, my modest little script which enables you to test multiple ports. This will only work with PowerShell 4.0 and above. (Thanks to the community who brought it to my attention)
Copy the following code to PowerShell or PowerShell ISE. Run it. The command Test-Port then becomes avaliable.
function Test-Port {$computer=Read-Host "Computername | IP Address?" $port=Read-Host "Port Numbers? Separate them by comma" $port.split(',') | Foreach-Object -Process {If (($a=Test-NetConnection $computer -Port $_ -WarningAction SilentlyContinue).tcpTestSucceeded -eq $true) {Write-Host $a.Computername $a.RemotePort -ForegroundColor Green -Separator " ==> "} else {Write-Host $a.Computername $a.RemotePort -Separator " ==> " -ForegroundColor Red}} }
You will be asked to provide a destination and a port. It should look like the screenshot below. Open Ports are marked green, closed Ports red.
Does anything seem strange to you? How can you read this article when the correspondending port (https ==> 443) of sid-500.com is closed? Don’t worry it’s neither a faked screenshot nor a bug or something magic. My Active Directory domain name is sid-500.com. In this screen my internal domain was tested. 😉
If you want to make Test-Port permanent for all user of all PowerShell Sessions save it as a Module. More about here:
PowerShell Functions: How to create your first PowerShell Module Command
Categories: Cyber Security, PowerShell
Thank you for the above script. How can I change it to check a range of IP addresses and once it has done this, give me a numerical value please? E.g. Scans 192.168.13.1 – 192.168.13.254 and tells me X number of designated ports are open?
I have:
1..254 | % { $a = $_;” Write-Hosts “——“; Write-Host “192.168.13.$a”; 443 | % {echo ((New-Object Net.Sockets.TcpClient).Connect(“192.168.13.$a”,$_)) “Port $_ is open!”} 2>$null}
It gives me the answer, but it doesn’t give me a total, I still have to scroll back and count them manually. Alternately, instead of changing your script, what can I add to the above to have it give me a total value please?
LikeLike
Or Just
Test-NetConnection HOSTNAME -Port ###
LikeLike
Good innovation.
LikeLike
I hope you enjoy it! Regards, P
LikeLiked by 1 person