======================================================= Linux: poor man's port scanner ======================================================= :Title: Linux: poor man's port scanner :Author: Douglas O'Leary :Description: Linux: poor man's port scanner :Date created: 11/12/2012 :Date updated: 11/12/2012 :Disclaimer: Standard: Use the information that follows at your own risk. If you screw up a system, don't blame it on me... The C|EH forum on linkedin had an article on 11/12/12 related to a bash-based port scan. The article pointed to `this url`_ I don't see that being something I'd use on a pentest - nmap is much to readily available - however, for a quick down/dirty method of checking if a system has a specific port open, it's pretty sweet. The basic method is to execute echo redirected to /dev/tcp/${ip}/${port}. If the echo returns 0, the port's open, otherwise you'll get a connection refused. :: # echo > /dev/tcp/192.168.12.1/80 # echo $? 0 # echo > /dev/tcp/192.168.12.1/18 -ksh: /dev/tcp/192.168.12.1/18: cannot create [Connection refused] One of the respondents to the article mentioned that /dev/tcp isn't always available in bash - even more important since I use ksh - however, this link provides some good instructions on enabling it. .. _this url: http://pentestlab.wordpress.com/2012/11/1 2/creating-a-tcp-port-scanner-in-bash.