We recently had to perform a hardware upgrade of a perimeter firewall. Doing so is a major undertaking, and while we have very good documentation, it’s always important to do some real-world testing.
To facilitate this, we needed to perform some port scanning from outside our network to ensure that A) All of our firewall rule documentation matched what was actually configured, and B) Ensure a smooth transition to the new hardware. Most port scanners I found were capable of scanning a port range for a given IP set. But I wasn’t able to find much of anything that could take specific IP/port data and return the results. I had previously written a simple ASP.NET application to do this, but it wasn’t designed for testing large datasets.
So, I decided Powershell was the best bet. There were several available examples, but nothing that truly did what we needed. I was able to pull several resources together and came up with the attached Powershell script. Credit for the port detection goes to Boe Prox, to Gaurhoth for the IP range powershell functions, and to Oisin Grehan for the multithreading code.
The result is a script that takes a CSV input and outputs the results to CSV. You can specify IP addresses (eg. 192.168.100.1), CIDR subnets (192.168.1.0/24, 10.254.254.16/28, and/or IP ranges (10.0.1.1-10). The services.xml file in the bin folder contains a powershell object with port settings for various well-know ports and can be modified to meet your needs. Port cans be specified using their well-known name (eg. SMTP, RDP, HTTP) or in a protocol/portNum format (eg. tcp/80, udp/53, tcp/4900-4910).
Scanning is fairly quick:
PS D:\temp\portscanner> .\PortScanner.ps1 Importing Data from .\externalrules.csv Imported 3033 targets Flattening targets into endpoints There are 3996 to scan Begin Scanning at 07/08/2011 15:58:31 Waiting for scanning threads to finish... We scanned 3996 endpoints in 399.1811698 Exporting data to .\results.csv
Happy networking!
I REALLY like your program as I am responsible for managing the implementation of the extranet interfaces with all our 3rd parties. We often need to test interfaces which sometimes have 100’s of entries.
However I have run across a few UDP ports. I find that regardless of “how” open the port is the portscanner fails to detect open UDP ports and reports them as CLOSED. I tested a DNS Domain Controller on port 53 with NMAP and the report is:
PS C:\jj\portscanner> nmap -sU -p 53 10.2.206.49
Starting Nmap 6.40 ( http://nmap.org ) at 2014-05-23 18:20 Central Daylight Time
Nmap scan report for 10.2.206.49
Host is up (0.00s latency).
PORT STATE SERVICE
53/udp open domain
Nmap done: 1 IP address (1 host up) scanned in 0.93 seconds
PS C:\jj\portscanner>
However when i use firewall.csv:
Dest,Service,Action
10.2.206.49,udp/53,Allow
As input I get:
#TYPE Selected.System.Management.Automation.PSCustomObject
“ip”,”port”,”portType”,”timeout”,”status”
“10.2.206.49”,”53″,”UDP”,”5000″,”CLOSED”
Any thoughts?
The script otherwise is fantastic!