• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Port scanner

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More

View previous topic :: View next topic  
Author Message
Giro
New Member
New Member


Joined: 25 Mar 2004
Posts: 22
Location: England

Offline

PostPosted: Wed Feb 05, 2003 11:15 pm    Post subject: Port scanner Reply with quote

Thought i would write a port scanner in php, Here is the code are there any services im missing??

Code:

<?php
//Get the users ip address.
$ip = $_SERVER['REMOTE_ADDR'];
//Set timeout.
$timeout = 20;

//TCP Function for scanning the ports.
function test($ip, $port, $timeout, $service)
{
   $sock = fsockopen($ip, $port, &$errno, &$errstr, $timeout);

   if (!$sock)
   {
      echo ("I tryed port $port - $errstr - Port $port is used by $service<br>");
   }
   else
   {
      echo ("Connected to port $port - Running service: $service<br>");
   }
}

//Quick check on SMB+uPnP using TCP.
echo ("Checked if common windows services are running..<br>");

test($ip, 445, $timeout, "SMB via TCP");
test($ip, 139, $timeout, "SMB via TCP");
test($ip, 5000, $timeout, "uPnP<br>");

//Quick check on common server ports using TCP.
echo ("Checked if daemons are running..<br>");

test($ip, 21, $timeout, "FTPd");
test($ip, 23, $timeout, "Telnet");
test($ip, 25, $timeout, "SMTP");
test($ip, 79, $timeout, "Finger");
test($ip, 80, $timeout, "HTTP Server");
test($ip, 110, $timeout, "POP3");
test($ip, 113, $timeout, "IDENT");
test($ip, 143, $timeout, "IMAP");
test($ip, 443, $timeout, "HTTPS Server");
echo ("<br>");

echo ("Test finished..");
?>


It a simple script just wanted to know if im missing anything eg. ports. Thanx.
Back to top
View user's profile Send private message
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Thu Feb 06, 2003 12:11 am    Post subject: Reply with quote

You could keep coding till youdie in your chair trying to get them all but you would want the common for servers and PC's so I'd add 53 for dns, 114 for news, 22 for ssh, 139 for ms shares and what ever SAMBA uses. If you really wanted to go nuts try the various dynamic ports for IM :>
Back to top
View user's profile Send private message Visit poster's website
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Thu Feb 06, 2003 5:34 pm    Post subject: Reply with quote

Ports 5900,5901,5800,5801 for VNC.

How about some of the Trojan ports? Backorifice, netbus etc?
Back to top
View user's profile Send private message Send e-mail
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Thu Feb 06, 2003 5:49 pm    Post subject: Reply with quote

Could you write a loop in the script, so you have the option of doing all 65000 ports? Smile
Back to top
View user's profile Send private message Send e-mail
Giro
New Member
New Member


Joined: 25 Mar 2004
Posts: 22
Location: England

Offline

PostPosted: Thu Feb 06, 2003 8:05 pm    Post subject: Reply with quote

jasonlambert wrote:
Could you write a loop in the script, so you have the option of doing all 65000 ports? Smile


Yeh but it would take to long.

Code:
if ($mode == 'all')
{
   //Set port to 0
   $port = 0;

   //Loop till port is 65000
   while ($ports < 65000)
   {
      $ports = $port++;
      $ip = $_SERVER['REMOTE_ADDR'];
                $timeout = 20;
      $sock = fsockopen($ip, $ports, &$errno, &$errstr, $timeout);

      if (!$sock)
      {

      }
      else
      {
         echo ("Connected to port $ports - OK..<br>");
      }
   }
}


I have added VNC and Proxy/Socks ports. I might add some trojan ports as another scan.
Back to top
View user's profile Send private message
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Thu Feb 06, 2003 9:00 pm    Post subject: Reply with quote

I don't claim to know all the ports and services but you may wish just to a quick lookover at http://geocities.com/insecurepc/port-numbers.txt for any common ports we may have missed.
Back to top
View user's profile Send private message Visit poster's website
ThePsyko
SF Mod
SF Mod


Joined: 17 Oct 2002
Posts: 16777178
Location: California

Offline

PostPosted: Fri Feb 07, 2003 4:00 am    Post subject: Reply with quote

heh.. at 20 seconds per port, might as well hit the pub for a few brews while waiting for it to finish Smile I actually use a similar script on my site to check for common proxy ports:

Code:
<?php

if( @$connect = fsockopen( $ip, 80, $errno, $errstr, 5 ))
{

   $today = time();
   $addit = mysql_query( "insert into proxies( ip, host, port, date ) values( '$ip', '$host', '80', '$today' )")
               or die( "unable to add port to table" );
   }

if( @$connect = fsockopen( $ip, 8080, $errno, $errstr, 5 ))
{

   $today = time();
   $addit = mysql_query( "insert into proxies( ip, host, port, date ) values( '$ip', '$host', '8080', '$today' )")
               or die( "unable to add port to table" );
   }

if( @$connect = fsockopen( $ip, 1080, $errno, $errstr, 5 ))
{

   $today = time();
   $addit = mysql_query( "insert into proxies( ip, host, port, date ) values( '$ip', '$host', '1080', '$today' )")
               or die( "unable to add port to table" );
   }

if( @$connect = fsockopen( $ip, 3128, $errno, $errstr, 5 ))
{

   $today = time();
   $addit = mysql_query( "insert into proxies( ip, host, port, date ) values( '$ip', '$host', '3128', '$today' )")
               or die( "unable to add port to table" );
   }

?>


Obviously it stores the ones it finds in a database for later retrieval by me Smile
Back to top
View user's profile Send private message Send e-mail
Giro
New Member
New Member


Joined: 25 Mar 2004
Posts: 22
Location: England

Offline

PostPosted: Fri Feb 07, 2003 11:51 am    Post subject: Reply with quote

What do you think would be a good timeout limit?
Back to top
View user's profile Send private message
myhatisred
Just Arrived
Just Arrived


Joined: 11 Jan 2003
Posts: 0


Offline

PostPosted: Fri Feb 07, 2003 4:49 pm    Post subject: Reply with quote

10 sec
Back to top
View user's profile Send private message Visit poster's website AIM Address
Battery Powered
Just Arrived
Just Arrived


Joined: 10 Apr 2003
Posts: 0


Offline

PostPosted: Fri Apr 11, 2003 12:13 am    Post subject: Reply with quote

I would sugest a short timeout, nearer 1 second, otherwise you could be opening yourself upto security problems with people trying to drain system resources / bandwidth (DoS etc. . .)

I have coded a small script that does a similar role as yours,
however I put together a standard txt file with around three and a half thousand of the most common ports with a small description,
then when my script finds an open port it refers to the file to get a description of the open port

If anyones intrested let me know and i'll elborate

All the best,
B.P
Back to top
View user's profile Send private message
big tom
Forum Fanatic
Forum Fanatic


Joined: 28 May 2002
Posts: 16777215
Location: UK

Offline

PostPosted: Fri Apr 11, 2003 1:12 am    Post subject: Reply with quote

Is there anyway to get the headers form the service? because the services listed won't always be on that port.

for example, I have an ssh server on port 80 (all ports apart from 80 are blocked on the gateway at college Crying or Very sad )
Back to top
View user's profile Send private message
spoofedpackets
Just Arrived
Just Arrived


Joined: 03 Mar 2003
Posts: 1
Location: Atlanta

Offline

PostPosted: Fri Apr 11, 2003 5:06 am    Post subject: Reply with quote

I would split it up. List all ports up to like 9000. Then have 3 levels of scans. Full scan all 9000 ports.. Quick scan maybe like 0-100. Then have an intermediate scan.
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Battery Powered
Just Arrived
Just Arrived


Joined: 10 Apr 2003
Posts: 0


Offline

PostPosted: Fri Apr 11, 2003 12:41 pm    Post subject: Reply with quote

i think what spoofedpackets said is a good idea,

The one i created on my site that allows a user to check for a specific set of ports (set by myself) and then an option to probe for a port of their choice,
Aiding in limiting bandwidth and server CPU usage,
you can see the online port scan here:

http://www.hackerzhell.co.uk/portscan.php

As mentioned above it will give information on what any open port is commonly associated with, it woudnt be any good it someone ran something on a non-default port,

But if anyone intrested in it, just shout.

All the best,
B.P
Back to top
View user's profile Send private message
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Fri Apr 11, 2003 12:47 pm    Post subject: Reply with quote

Have you tried implementing a banner grabber into it BP?
Back to top
View user's profile Send private message Visit poster's website
Battery Powered
Just Arrived
Just Arrived


Joined: 10 Apr 2003
Posts: 0


Offline

PostPosted: Fri Apr 11, 2003 1:08 pm    Post subject: Reply with quote

I havnt tried to do so no, but i think it might be a good idea

Currently it searches through a file set out like:

--------------------------------------------------
| port no | port name| port description |
--------------------------------------------------

And relays back default port information, but i think a mod is in order : )

B.P
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register