nostromo has asked for the wisdom of the Perl Monks concerning the following question:

hi there!

for a project, i'd need an portscanner-code - as small as possible.
best would be a for-loop, which contains start- and end-port and
the scan-command itself in one line. any modules can be included.
an URL, where i can find such source would be perfect too.

so, the ideal source should look like this:

print "Open ports: ";
for($port=1; $port < 1024; $port++)
 {
   if((command which scans host:$port)) print " $port";
 }

TIA,
nostromo

Replies are listed 'Best First'.
Re: portscanner
by marcos (Scribe) on Jun 12, 2000 at 16:31 UTC
    The first thing that I can think of is trying to open a socket to that host:port. 
    use strict;
use IO::Socket;

my $host = "localhost";
my $sock;
print "Open ports:\n";
for(my $port=1; $port < 1024; $port++) {
    $sock = new IO::Socket::INET(PeerAddr => $host, PeerPort => $port,
+ Proto => 'tcp');
    if ($sock) {
        print "$port\n";
        close $sock;    
    }
}

    [download]
    Hope this helps.
    marcos
[reply]
[d/l]
      thanks !!
      this piece of code is exactly what i've been searching for :)

      cu,
      nostromo
[reply]
RE: portscanner
by jjhorner (Hermit) on Jun 12, 2000 at 16:40 UTC

    Moral implications aside, you should be able to write this yourself, with a little guidance. I don't know if this is a school project, in which case you shouldn't be asking for help, or if this is a questionable use script, in which case do your own dirty work, but part of the gift of power is the responsibility.

    Guidance:

    • Look in to socket programming. For port scanners, you will be probably be sending SYN packets for TCP service ports, and request-type packets to UDP ports. Socket programming will give you those abilities.
    • You will want speed, so look into perl algorithms to speed up your code. The wolf book is my favorite.
    • You will want effective code, so look into Effective Perl Programming co-written by our own Randal Schwartz.
    • If you want advanced features, pick up a networking book and learn on your own how to interract with different services running on each port.
    • Some good links:

    Don't expect everything handed to you. Looking for guidance is one thing. Looking for solutions is another. If this is supposed to be a learning experience, you should probably go talk to your professor. 

    J. J. Horner
Linux, Perl, Apache, Stronghold, Unix
jhorner@knoxlug.org http://www.knoxlug.org/
[reply]
      And I thought I had a hair trigger!

      JJ, there are plenty of legitimate reasons to build a portscanner into an application. As an admin, I have four different KINDS of portscanners - and I've never been anything but a white-hat. I use portscans to validate my network security; to check that all the required services on a remote system are working (this has advantages over process-checking); to check for active trojans and NetBus-style programs; and, in one rare case, as an authentication tool. (I spent some time trying to create an ultra-secure system; one technique I liked was to create simple "bounce-back" servers that sat on three odd ports on the client system. If the client requesting access to the system had those three ports open, but no others, and the valid key, it was permitted access.)

      Can a portscanner be used for cracking? Certainly. A crowbar can be used for a break-in, too. That doesn't mean I think everyone I see in the hardware store looking for a crowbar is a burglar.

      The rest of your answer was good, and as it happens, I agree that SoPW isn't a place for total solutions - but it is a place for someone to ask questions. Which this person did. He (or she) even thanked the person who answered their question, and just in case they aren't around at the moment, I'll thank you for that list of resources. It's very good, and should be a mini-FAQ we can point other newbies to.

      One more detail, just in case this particular portscanner is intended for ungood purposes;

      Don't.

      Portscanners have been around for a long time. If you use a portscanner that simple for illegitimate purposes against someone's network - say, mine - your source IP will be logged and I'll know it before the scan's complete. Which will make me take an interest in who you are, where you are, and which ISP you're soon to be formerly using. No threat, just a warning; there are stupid admins out there, no doubt about it, but these days even the stupid ones have better security than that.

      - Ozymandias

[reply]

        I agree with you. As a system admin I make use of dual-use tools all the time. I was just warning that there are moral implications to making something that can be used as a tool and a weapon. Look at fission: Very good and very bad. Look at guns: Very good and very bad. Look at hemp: very good, very bad, and sometimes very illegal.

        I was just giving a gentle reminder that there are questionable uses for things, but I didn't mean to imply that the only use for such tools was bad.

        Thanks for pointing out my somewhat misleading response. 

        J. J. Horner
Linux, Perl, Apache, Stronghold, Unix
jhorner@knoxlug.org http://www.knoxlug.org/
[reply]

Back to Seekers of Perl Wisdom