Powershell TCP 端口扫描器

Question

我想创建一个 powershell 脚本来执行 TCP 端口扫描器，该扫描器可以列出给定 IP 地址的开放 TCP 端口。 这是我到目前为止所做的，这并不完美，我希望得到一些反馈和更正

       port = (80)
       network = (192.168.0)
       ErrorActionPreference= ‘silentlycontinue’
       { $ip = “{0}.{1}” –F $network,$add
       If(Test-Connection –BufferSize 32 –Count 1 –quiet –ComputerName $ip)
       { $socket = new-object System.Net.Sockets.TcpClient($ip, $port)

问题是没有扫描所有 TCP 端口，我不确定如何让它扫描。

Answer 1

您可以针对此用例利用一些模块。

Find-Module -Name '*nmap*' | 
Format-Table -AutoSize

<#
Version Name         Repository Description                                                                                                                                     
------- ----         ---------- -----------                                                                                                                                     
1.0.7   xNmap        PSGallery  Powershell DSC Configuration Script for installing Nmap versions 6.49 (Beta 4), 6.47, 6.46, 6.45, 6.40, and 6.25...                             
0.6.0   PoshNmap     PSGallery  A wrapper for NMAP Network Discovery                                                                                                            
1.3.1   PSnmap       PSGallery  Svendsen Tech's PSnmap is an asynchronous Linux nmap look-alike for PowerShell. Ping sweeps and scans a network (accepts CIDR notation) for s...
...
#>

为什么不为此用例使用专门构建的 cmdlet？

# get function / cmdlet details
Get-Command -Name Test-NetConnection -Syntax
(Get-Command -Name Test-NetConnection).Parameters.Keys
Get-help -Name Test-NetConnection -Full
Get-help -Name Test-NetConnection -Online
Get-help -Name Test-NetConnection -Examples

注意事项:

早期的 Windows PowerShell 版本没有 Test-NetConnection，如果这是您的用例，但即便如此，为什么要从头开始，而不是利用现有示例并根据需要进行调整？

好吧，除非这只是一个学习练习。即便如此，这并不意味着您不会先查看其他示例。

'powershell tcp port scanner'

搜索字符串提供的示例。

# Example 01
<#
Creating a Port Scanner with Windows PowerShell
https://devblogs.microsoft.com/scripting/creating-a-port-scanner-with-windows-powershell
#> 
# Creating a Port Scanner with Windows PowerShell
$port = 80
$net = “192.168.0”
$range = 1..254

foreach ($r in $range)
{
$ip = “{0}.{1}” -F $net,$r

if(Test-Connection -BufferSize 32 -Count 1 -Quiet -ComputerName $ip)
{
    $socket = new-object System.Net.Sockets.TcpClient($ip, $port)

    If($socket.Connected)
    {
        "$ip listening to port $port"
        $socket.Close() }
    }
}


# Example 02
<#
Port scan subnets with PSnmap for PowerShell
https://www.powershelladmin.com/wiki/Port_scan_subnets_with_PSnmap_for_PowerShell
#>
# Port scan subnets with PSnmap for PowerShell
#$computer, $port = $args[0,1] # assign values to these
$mysock = new-object net.sockets.tcpclient
$IAsyncResult = [IAsyncResult] $mysock.BeginConnect($computer, $port, $null, $null)
measure-command { $succ = $iasyncresult.AsyncWaitHandle.WaitOne(3000, $true) } | % totalseconds
$succ
$mysock.Connected
$mysock.Dispose()

# Example 03:
<# 
A Simple Network Port Scanner in PowerShell
https://www.nextofwindows.com/a-simple-network-port-scanner-in-powershell
#>
# #requires -Version 1
function Test-Port
{
    Param([string]$ComputerName,$port = 5985,$timeout = 1000)

    try
    {
        $tcpclient = New-Object -TypeName system.Net.Sockets.TcpClient
        $iar = $tcpclient.BeginConnect($ComputerName,$port,$null,$null)
        $wait = $iar.AsyncWaitHandle.WaitOne($timeout,$false)
        if(!$wait)
        {
            $tcpclient.Close()
            return $false
        }
        else
        {
            # Close the connection and report the error if there is one

            $null = $tcpclient.EndConnect($iar)
            $tcpclient.Close()
            return $true
        }
    }
    catch 
    {
        $false 
    }
}