Cyber Security

Test-Port: Use PowerShell as a Port Scanner

By on ( 4 Comments )

Long time ago I’ve created a small function that acts like a port scanner. It’s  not a replacement for enterprise scanners such as nmap, but it’s quite useful for quick tests when nmap is not at hand. The command Test-Port calls Test-NetConnection and enables you to specify more than one port number. It’s nothing special, but it’s worth sharing.

Quick glance at the TCP-Handshake

When a computer sends SYN to another computer, the remote computer will usually answer with SYN + ACK or RST. By this fact, we can test if a port is open or not.

Unbenannt.PNG

Unbenannt.PNG

Test-NetConnection

To test whether a port is open or not, different port scanners can be used. Or Test-NetConnection or a self-made script. Remember Test-NetConnection:

1.PNG

Seems that Port 80 of cnn.com is open (SYN + ACK).

Test-Port

Well, as announced, my modest little script which enables you to test multiple ports. This will only work with PowerShell 4.0 and above. (Thanks to the community who brought it to my attention)

Copy the following code to PowerShell or PowerShell ISE. Run it. The command Test-Port then becomes avaliable.

function Test-Port
{$computer=Read-Host "Computername | IP Address?"
 $port=Read-Host "Port Numbers? Separate them by comma"
 $port.split(',') | Foreach-Object -Process {If (($a=Test-NetConnection $computer -Port $_ -WarningAction SilentlyContinue).tcpTestSucceeded -eq $true) {Write-Host $a.Computername $a.RemotePort -ForegroundColor Green -Separator " ==> "} else {Write-Host $a.Computername $a.RemotePort -Separator " ==> " -ForegroundColor Red}}
 }

1.PNG

You will be asked to provide a destination and a port. It should look like the screenshot below. Open Ports are marked green, closed Ports red.

Unbenannt.PNG

Does anything seem strange to you? How can you read this article when the correspondending port (https ==> 443) of sid-500.com is closed? Don’t worry it’s neither a faked screenshot nor a bug or something magic. My Active Directory domain name is sid-500.com. In this screen my internal domain was tested. 😉

If you want to make Test-Port permanent for all user of all PowerShell Sessions save it as a Module. More about here:

PowerShell Functions: How to create your first PowerShell Module Command

Categories: Cyber Security, PowerShell

Tagged as: , ,

Published by Patrick Gruenauer

Microsoft MVP on PowerShell [2018-2023], IT-Trainer, IT-Consultant, MCSE: Cloud Platform and Infrastructure, Cisco Certified Academy Instructor.

4 replies »

  1. Thank you for the above script. How can I change it to check a range of IP addresses and once it has done this, give me a numerical value please? E.g. Scans 192.168.13.1 – 192.168.13.254 and tells me X number of designated ports are open?

    I have:

    1..254 | % { $a = $_;” Write-Hosts “——“; Write-Host “192.168.13.$a”; 443 | % {echo ((New-Object Net.Sockets.TcpClient).Connect(“192.168.13.$a”,$_)) “Port $_ is open!”} 2>$null}

    It gives me the answer, but it doesn’t give me a total, I still have to scroll back and count them manually. Alternately, instead of changing your script, what can I add to the above to have it give me a total value please?

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.