Multithreaded Powershell Port Scanner

We recently had to perform a hardware upgrade of a perimeter firewall. Doing so is a major undertaking, and while we have very good documentation, it’s always important to do some real-world testing.

To facilitate this, we needed to perform some port scanning from outside our network to ensure that A) All of our firewall rule documentation matched what was actually configured, and B) Ensure a smooth transition to the new hardware. Most port scanners I found were capable of scanning a port range for a given IP set. But I wasn’t able to find much of anything that could take specific IP/port data and return the results. I had previously written a simple ASP.NET application to do this, but it wasn’t designed for testing large datasets.

ASP.NET Port Scanner

So, I decided Powershell was the best bet. There were several available examples, but nothing that truly did what we needed. I was able to pull several resources together and came up with the attached Powershell script. Credit for the port detection goes to Boe Prox, to Gaurhoth for the IP range powershell functions, and to Oisin Grehan for the multithreading code.

The result is a script that takes a CSV input and outputs the results to CSV. You can specify IP addresses (eg. 192.168.100.1), CIDR subnets (192.168.1.0/24, 10.254.254.16/28, and/or IP ranges (10.0.1.1-10). The services.xml file in the bin folder contains a powershell object with port settings for various well-know ports and can be modified to meet your needs. Port cans be specified using their well-known name (eg. SMTP, RDP, HTTP) or in a protocol/portNum format (eg. tcp/80, udp/53, tcp/4900-4910).

Scanning is fairly quick:

PS D:\temp\portscanner> .\PortScanner.ps1 Importing Data from .\externalrules.csv
Imported 3033 targets
Flattening targets into endpoints
There are 3996 to scan
Begin Scanning at 07/08/2011 15:58:31
Waiting for scanning threads to finish...
We scanned 3996 endpoints in 399.1811698
Exporting data to .\results.csv

Happy networking!

portscanner

One thought on “Multithreaded Powershell Port Scanner

  1. I REALLY like your program as I am responsible for managing the implementation of the extranet interfaces with all our 3rd parties. We often need to test interfaces which sometimes have 100’s of entries.

    However I have run across a few UDP ports. I find that regardless of “how” open the port is the portscanner fails to detect open UDP ports and reports them as CLOSED. I tested a DNS Domain Controller on port 53 with NMAP and the report is:

    PS C:\jj\portscanner> nmap -sU -p 53 10.2.206.49

    Starting Nmap 6.40 ( http://nmap.org ) at 2014-05-23 18:20 Central Daylight Time

    Nmap scan report for 10.2.206.49
    Host is up (0.00s latency).
    PORT STATE SERVICE
    53/udp open domain

    Nmap done: 1 IP address (1 host up) scanned in 0.93 seconds
    PS C:\jj\portscanner>

    However when i use firewall.csv:

    Dest,Service,Action
    10.2.206.49,udp/53,Allow

    As input I get:

    #TYPE Selected.System.Management.Automation.PSCustomObject
    “ip”,”port”,”portType”,”timeout”,”status”
    “10.2.206.49”,”53″,”UDP”,”5000″,”CLOSED”

    Any thoughts?

    The script otherwise is fantastic!

Leave a Reply to David Woodson Cancel reply

Your email address will not be published. Required fields are marked *