As the headline says, it’s all about port scanning today. When a computer sends SYN to another computer, the remote computer will usually answer with SYN + ACK or RST. By this fact, we can test if a port is open or not.
Different port scanners can be used to test whether a port is open or not. Or Test-NetConnection or a self-created script. Remember Test NetConnection:
But if you try to test multiple computers and multiple ports you are faced with an error message.
The following function addresses this issue. Test-OpenPort allows testing multiple computers and multiple ports at once.
Test-OpenPort
Before we get to the function itself, I would like to show my function in action. The function has two parameters: Target and Port.
Test-OpenPort -Target 192.168.0.1 -Port 80
These parameters are not named, so therefore you can omit the parameter names.
Test-OpenPort 192.168.0.1 80
You can also omit the Target. The default value for this parameter is localhost.
Test-OpenPort -Port 80,443
Running on multiple computers and ports requires the use of a comma.
Test-OpenPort 192.168.0.1,sid-500.com -Port 80,443
The screen’s output is an object. Therefore you are able to customize this object with Select-Object or the Format-Commands (Format-Table …)
Test-OpenPort 192.168.0.1,sid-500.com -Port 80,443,53 | Sort-Object Status
For a more sweeter view:
Test-OpenPort 192.168.0.1,sid-500.com -Port 80,443,53 | Sort-Object Status | Out-GridView
The Function
Copy this function into your PowerShell ISE session and press the green start button.
function Test-OpenPort {
<#
.SYNOPSIS
Test-OpenPort is an advanced Powershell function. Test-OpenPort acts like a port scanner.
.DESCRIPTION
Uses Test-NetConnection. Define multiple targets and multiple ports.
.PARAMETER
Target
Define the target by hostname or IP-Address. Separate them by comma. Default: localhost
.PARAMETER
Port
Mandatory. Define the TCP port. Separate them by comma.
.EXAMPLE
Test-OpenPort -Target sid-500.com,cnn.com,10.0.0.1 -Port 80,443
.NOTES
Author: Patrick Gruenauer
Web:
https://sid-500.com
.LINK
None.
.INPUTS
None.
.OUTPUTS
None.
#>
[CmdletBinding()]
param
(
[Parameter(Position=0)]
$Target='localhost',
[Parameter(Mandatory=$true, Position=1, Helpmessage = 'Enter Port Numbers. Separate them by comma.')]
$Port
)
$result=@()
foreach ($t in $Target)
{
foreach ($p in $Port)
{
$a=Test-NetConnection -ComputerName $t -Port $p -WarningAction SilentlyContinue
$result+=New-Object -TypeName PSObject -Property ([ordered]@{
'Target'=$a.ComputerName;
'RemoteAddress'=$a.RemoteAddress;
'Port'=$a.RemotePort;
'Status'=$a.tcpTestSucceeded
})
}
}
Write-Output $result
}
Make it permanent
If you like my approach open PowerShell ISE. Copy the function into your ISE session. Create a folder in C:\Program Files\Windows PowerShell\Modules and save the code as psm1 file. Make sure that your file name and folder name match.
Close PowerShell. Open PowerShell again. The command is now available for all users. Have fun with Test-OpenPort!
Categories: Cyber Security, PowerShell
My name is Patrick Gruenauer. Awarded the Microsoft MVP for PowerShell [2018-2021].
Hi Patrick, This was a great function & helped me with testing multiple servers, Thank you, However, is there a way that I can put the IPs into a variable & then run it? i have 753 Ips that i have to run a port test against, is there a way to make it simpler instead of just ip1,ip2,ip3?
LikeLike
You should be able to run it against your variable or text file (Get-Content)
LikeLike
I mean port on target is open.
LikeLike
Thank you for taking the time to create and share this script!! When this reports that a port is “True” does that mean that communication between the source and target can use the port in both directions (e.g. of port 139 is reporting true source server can send information to the target on port 139 and also the target server can send information back to the source server on the same port. Also can this be used for UDP ports? THANK YOU AGAIN!!!!
LikeLike
That only means that the port is open. No UDP Scan.
LikeLike