View previous topic :: View next topic |
Author |
Message |
Giro New Member
Joined: 25 Mar 2004 Posts: 22 Location: England
|
Posted: Wed Feb 05, 2003 11:15 pm Post subject: Port scanner |
|
|
Thought i would write a port scanner in php, Here is the code are there any services im missing??
Code: |
<?php
//Get the users ip address.
$ip = $_SERVER['REMOTE_ADDR'];
//Set timeout.
$timeout = 20;
//TCP Function for scanning the ports.
function test($ip, $port, $timeout, $service)
{
$sock = fsockopen($ip, $port, &$errno, &$errstr, $timeout);
if (!$sock)
{
echo ("I tryed port $port - $errstr - Port $port is used by $service<br>");
}
else
{
echo ("Connected to port $port - Running service: $service<br>");
}
}
//Quick check on SMB+uPnP using TCP.
echo ("Checked if common windows services are running..<br>");
test($ip, 445, $timeout, "SMB via TCP");
test($ip, 139, $timeout, "SMB via TCP");
test($ip, 5000, $timeout, "uPnP<br>");
//Quick check on common server ports using TCP.
echo ("Checked if daemons are running..<br>");
test($ip, 21, $timeout, "FTPd");
test($ip, 23, $timeout, "Telnet");
test($ip, 25, $timeout, "SMTP");
test($ip, 79, $timeout, "Finger");
test($ip, 80, $timeout, "HTTP Server");
test($ip, 110, $timeout, "POP3");
test($ip, 113, $timeout, "IDENT");
test($ip, 143, $timeout, "IMAP");
test($ip, 443, $timeout, "HTTPS Server");
echo ("<br>");
echo ("Test finished..");
?> |
It a simple script just wanted to know if im missing anything eg. ports. Thanx.
|
|
Back to top |
|
|
flw Forum Fanatic
Joined: 27 May 2002 Posts: 16777215 Location: U.S.A.
|
Posted: Thu Feb 06, 2003 12:11 am Post subject: |
|
|
You could keep coding till youdie in your chair trying to get them all but you would want the common for servers and PC's so I'd add 53 for dns, 114 for news, 22 for ssh, 139 for ms shares and what ever SAMBA uses. If you really wanted to go nuts try the various dynamic ports for IM :>
|
|
Back to top |
|
|
Jason Forum Fanatic
Joined: 19 Sep 2002 Posts: 16777215
|
Posted: Thu Feb 06, 2003 5:34 pm Post subject: |
|
|
Ports 5900,5901,5800,5801 for VNC.
How about some of the Trojan ports? Backorifice, netbus etc?
|
|
Back to top |
|
|
Jason Forum Fanatic
Joined: 19 Sep 2002 Posts: 16777215
|
Posted: Thu Feb 06, 2003 5:49 pm Post subject: |
|
|
Could you write a loop in the script, so you have the option of doing all 65000 ports?
|
|
Back to top |
|
|
Giro New Member
Joined: 25 Mar 2004 Posts: 22 Location: England
|
Posted: Thu Feb 06, 2003 8:05 pm Post subject: |
|
|
jasonlambert wrote: |
Could you write a loop in the script, so you have the option of doing all 65000 ports? |
Yeh but it would take to long.
Code: |
if ($mode == 'all')
{
//Set port to 0
$port = 0;
//Loop till port is 65000
while ($ports < 65000)
{
$ports = $port++;
$ip = $_SERVER['REMOTE_ADDR'];
$timeout = 20;
$sock = fsockopen($ip, $ports, &$errno, &$errstr, $timeout);
if (!$sock)
{
}
else
{
echo ("Connected to port $ports - OK..<br>");
}
}
} |
I have added VNC and Proxy/Socks ports. I might add some trojan ports as another scan.
|
|
Back to top |
|
|
flw Forum Fanatic
Joined: 27 May 2002 Posts: 16777215 Location: U.S.A.
|
|
Back to top |
|
|
ThePsyko SF Mod
Joined: 17 Oct 2002 Posts: 16777178 Location: California
|
Posted: Fri Feb 07, 2003 4:00 am Post subject: |
|
|
heh.. at 20 seconds per port, might as well hit the pub for a few brews while waiting for it to finish I actually use a similar script on my site to check for common proxy ports:
Code: |
<?php
if( @$connect = fsockopen( $ip, 80, $errno, $errstr, 5 ))
{
$today = time();
$addit = mysql_query( "insert into proxies( ip, host, port, date ) values( '$ip', '$host', '80', '$today' )")
or die( "unable to add port to table" );
}
if( @$connect = fsockopen( $ip, 8080, $errno, $errstr, 5 ))
{
$today = time();
$addit = mysql_query( "insert into proxies( ip, host, port, date ) values( '$ip', '$host', '8080', '$today' )")
or die( "unable to add port to table" );
}
if( @$connect = fsockopen( $ip, 1080, $errno, $errstr, 5 ))
{
$today = time();
$addit = mysql_query( "insert into proxies( ip, host, port, date ) values( '$ip', '$host', '1080', '$today' )")
or die( "unable to add port to table" );
}
if( @$connect = fsockopen( $ip, 3128, $errno, $errstr, 5 ))
{
$today = time();
$addit = mysql_query( "insert into proxies( ip, host, port, date ) values( '$ip', '$host', '3128', '$today' )")
or die( "unable to add port to table" );
}
?> |
Obviously it stores the ones it finds in a database for later retrieval by me
|
|
Back to top |
|
|
Giro New Member
Joined: 25 Mar 2004 Posts: 22 Location: England
|
Posted: Fri Feb 07, 2003 11:51 am Post subject: |
|
|
What do you think would be a good timeout limit?
|
|
Back to top |
|
|
myhatisred Just Arrived
Joined: 11 Jan 2003 Posts: 0
|
Posted: Fri Feb 07, 2003 4:49 pm Post subject: |
|
|
10 sec
|
|
Back to top |
|
|
Battery Powered Just Arrived
Joined: 10 Apr 2003 Posts: 0
|
Posted: Fri Apr 11, 2003 12:13 am Post subject: |
|
|
I would sugest a short timeout, nearer 1 second, otherwise you could be opening yourself upto security problems with people trying to drain system resources / bandwidth (DoS etc. . .)
I have coded a small script that does a similar role as yours,
however I put together a standard txt file with around three and a half thousand of the most common ports with a small description,
then when my script finds an open port it refers to the file to get a description of the open port
If anyones intrested let me know and i'll elborate
All the best,
B.P
|
|
Back to top |
|
|
big tom Forum Fanatic
Joined: 28 May 2002 Posts: 16777215 Location: UK
|
Posted: Fri Apr 11, 2003 1:12 am Post subject: |
|
|
Is there anyway to get the headers form the service? because the services listed won't always be on that port.
for example, I have an ssh server on port 80 (all ports apart from 80 are blocked on the gateway at college )
|
|
Back to top |
|
|
spoofedpackets Just Arrived
Joined: 03 Mar 2003 Posts: 1 Location: Atlanta
|
Posted: Fri Apr 11, 2003 5:06 am Post subject: |
|
|
I would split it up. List all ports up to like 9000. Then have 3 levels of scans. Full scan all 9000 ports.. Quick scan maybe like 0-100. Then have an intermediate scan.
|
|
Back to top |
|
|
Battery Powered Just Arrived
Joined: 10 Apr 2003 Posts: 0
|
Posted: Fri Apr 11, 2003 12:41 pm Post subject: |
|
|
i think what spoofedpackets said is a good idea,
The one i created on my site that allows a user to check for a specific set of ports (set by myself) and then an option to probe for a port of their choice,
Aiding in limiting bandwidth and server CPU usage,
you can see the online port scan here:
http://www.hackerzhell.co.uk/portscan.php
As mentioned above it will give information on what any open port is commonly associated with, it woudnt be any good it someone ran something on a non-default port,
But if anyone intrested in it, just shout.
All the best,
B.P
|
|
Back to top |
|
|
ShaolinTiger Forum Fanatic
Joined: 18 Apr 2002 Posts: 16777215 Location: Kuala Lumpur, Malaysia
|
Posted: Fri Apr 11, 2003 12:47 pm Post subject: |
|
|
Have you tried implementing a banner grabber into it BP?
|
|
Back to top |
|
|
Battery Powered Just Arrived
Joined: 10 Apr 2003 Posts: 0
|
Posted: Fri Apr 11, 2003 1:08 pm Post subject: |
|
|
I havnt tried to do so no, but i think it might be a good idea
Currently it searches through a file set out like:
--------------------------------------------------
| port no | port name| port description |
--------------------------------------------------
And relays back default port information, but i think a mod is in order : )
B.P
|
|
Back to top |
|
|
|