Linux: poor man’s port scanner¶
- Title:
Linux: poor man’s port scanner
- Author:
Douglas O’Leary <dkoleary@olearycomputers.com>
- Description:
Linux: poor man’s port scanner
- Date created:
11/12/2012
- Date updated:
11/12/2012
- Disclaimer:
Standard: Use the information that follows at your own risk. If you screw up a system, don’t blame it on me…
The C|EH forum on linkedin had an article on 11/12/12 related to a bash-based port scan. The article pointed to this url I don’t see that being something I’d use on a pentest - nmap is much to readily available - however, for a quick down/dirty method of checking if a system has a specific port open, it’s pretty sweet.
The basic method is to execute echo redirected to /dev/tcp/${ip}/${port}. If the echo returns 0, the port’s open, otherwise you’ll get a connection refused.
# echo > /dev/tcp/192.168.12.1/80
# echo $?
0
# echo > /dev/tcp/192.168.12.1/18
-ksh: /dev/tcp/192.168.12.1/18: cannot create [Connection refused]
One of the respondents to the article mentioned that /dev/tcp isn’t always available in bash - even more important since I use ksh - however, this link provides some good instructions on enabling it.