Here is the code for a simple port scanner constructed with bash. The script takes three arguments: a host name or I.P. address, the port at which we wish to start our scans, and the port at which we wish to stop our scans.But before this you have to add /dev/tcp/ support to bash.
#!/bin/bash
#populate our variables from the arguments
host=$1
startport=$2
stopport=$3
#function pingcheck ping a device to see if it is up
function pingcheck
{
ping=`ping -c 1 -w 10 $host | grep bytes | wc -l`
if [ “$ping” -gt 1 ];then
echo “$host is up”;
else
echo “$host is down quitting”;
exit
fi
}
#function portcheck test a port to see if it is open
function portcheck
{
for ((counter=$startport; counter<=$stopport; counter++))
do
(echo >/dev/tcp/$host/$counter) > /dev/null 2>&1 && echo “$counter open”
done
}
#run our functions
pingcheck
portcheck
We can divide this script in three parts.
(1)In first part we populate variable for argument ;variable $0 is reserved for script name . ./scriptname host startport stopport
So host value saved in variable 1 ;start port value is saved in variable 2 & stop port value is saved in variable 3.
(2)Second part is ping check function.
We defined ping check function to determine host is up or not. Here we use pipe for giving previous command output to next command.
ping -c 1 -w 10 $host | grep bytes | wc -l
-c 1 is indicated that we only transmitted 1 packet .
-w 10 is indicated timeout value is 10 seconds.
If host is up then we got some response like
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.056 ms
— 127.0.0.1 ping statistics —
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.056/0.056/0.056/0.000 ms
Now this output is redirected to input of next command which is grep bytes ,it used for searching ; so it will only take line which has bytes so out put of that is
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.056 ms
Next this is applied to wc -l which is used for counting line ; so output is one because we have only one line output of previous command.
So final value is 1 ;this value is stored into the variable name ping
Now we used simple if statement which check value in ping variable i value is greater than 1 than host is up otherwise down because if host is down than we don`t get response which contain bytes so no grep output & hence line is zero & value in variable ping is also zero.
(3)Third part is port scanning function
First is for loop ;it will running for start port to stop port which we have to specified in argument while running of script.So if we specified start port =80 ;stop port =85 then for loop will run from 80 to 85 to check open port.
Next is (echo >/dev/tcp/$host/$counter) > /dev/null 2>&1 && echo “$counter open”
Here we are redirect output of /dev/tcp/$host/$counter (Which actually check port is open or not) to /dev/null(Which is null file).2>&1 is used to display error message.And final output is display on screen.
And in last two line we called function which we defined in part 2 & part 3.
Usage of script:
chmod +x script_name.sh
./script_name host start_port stop_port
We can also scan multiple I.P. by reading I.P. from file.
Penetration Tester `s Script 