Previous articles have published methods and scripts for bulk port scanning of specified IP, PowerShell methods for sending and receiving TCP and UDP message packets, and attempts to log on to the SQL Server service via PowerShell. This constitutes the Psnet assembly used to manipulate network state through PowerShell. Recently, after trying to find a way to scan and scan ports for a specified range of IP segments, this article describes how to bulk scan IP and its corresponding ports via PowerShell.
is still extended on the basis of the Psnet assembly, first creating the script file under $env:psspace/psnet/tcpop invoke-scanipport.ps1, and $env:psspace/psnet/tcpop/ To add a call to a script file in PSNET.PSM1:
Copy Code code as follows:
. $env:P Sspace/psnet/tcpop/invoke-scanipport.ps1
First, the variables that will appear in the following code are described:
Copy Code code as follows:
-startaddress[scan start IP address], used in conjunction with-endaddress, "This parameter must"
-endaddress[scan end IP Address], "This parameter must"
-resolvehost[whether to attempt to parse the host name]
-scanport[if port scan is to be done, if you want to scan the port this option must
-allport[whether all ports are scanned], range is 1~65534 (Note that this option scans for a long time and is recommended for use with a single IP selected and used sparingly)
-startport[scan start port], used in conjunction with-endport,-port parameter failure if this option exists with-PORTS option
-endport[Scan End Port]
The port scanned by default when-ports scans, and scans only 21,22,23,53,69,71,80,98,110,139,111,389,443,445,1080,1433,2001,2049 if subsequent parameters are not taken.
3001,3128,5222,6667,6868,7777,7878,8080,1521,3306,3389,5801,5900,5555,5901 if multiple digits separated by commas are followed by a number, the corresponding port is scanned. If only the default port is scanned, this parameter is not required
-timeout Timeout, default value is 100ms (MS)
This function is invoked in the following way:
Copy Code code as follows:
invoke-scanipport-startaddress 192.168.10.1-endaddress 192.168.10.254# Scan IP Segment
invoke-scanipport-startaddress 192.168.10.1-endaddress 192.168.10.254–resolvehost# Scan IP segment and attempt to resolve IP corresponding host name
Invoke-scanipport-startaddress 192.168.10.1-endaddress 192.168.10.254-resolvehost–scanport# Scan the IP segment and try to scan the default port
Invoke-scanipport-startaddress 192.168.10.1-endaddress 192.168.10.254-resolvehost-scanport-timeout #扫描IP段, Attempt to scan default port, port scan 50ms timeout
Invoke-scanipport-startaddress 192.168.10.1-endaddress 192.168.10.254-resolvehost-scanport-port #扫描IP段, and try to scan port 80.
invoke-scanipport-startaddress 192.168.10.1-endaddress 192.168.10.1-resolvehost-scanport–allport# Scan IP and try to scan all 1~ 65534 ports between
Invoke-scanipport-startaddress 192.168.10.1-endaddress 192.168.10.254-scanport-starport 21-endport 81# Scans all ports between 21 and 81 of the host between IP segments
A picture of a scan in the image above
Results after the scan is completed:
The code is as follows:
Copy Code code as follows:
===== FileName: invoke-scanipport.ps1=====
function Invoke-scanipport {
Param (
[Parameter (mandatory = $true,
Position = 0)]
[Validatepattern ("\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b")]
[String] $StartAddress,
[Parameter (mandatory = $true,
Position = 1)]
[Validatepattern ("\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b")]
[String] $EndAddress,
[Switch] $ResolveHost,
[Switch] $ScanPort,
[Switch] $AllPort,
[INT] $StartPort,
[INT] $EndPort,
[int[]] $Ports = @ (21,22,23,53,69,71,80,98,110,139,111,389,443,445,1080,1433,2001, '
2049,3001,3128,5222,6667,6868,7777,7878,8080,1521,3306,3389,5801,5900,5555,5901),
[int] $TimeOut = 100
)
Begin {
$ping = New-object System.Net.Networkinformation.Ping
}
Process {
foreach ($a in ($StartAddress. Split (".") [0]. $EndAddress. Split (".") [0])) {
foreach ($b in ($StartAddress. Split (".") [1]. $EndAddress. Split (".") [1])) {
foreach ($c in ($StartAddress. Split (".") [2]. $EndAddress. Split (".") [2])) {
foreach ($d in ($StartAddress. Split (".") [3]. $EndAddress. Split (".") [3])) {
$ip = "$a. $b. $c. $d"
Write-progress-activity "Scanip Ping"-status "$ip"-percentcomplete ($d/($EndAddress. Split (".") [3])) * 100)
$pingStatus = $ping. Send ("$ip", $TimeOut)
if ($pingStatus. Status-eq "Success") {
if ($ResolveHost) {
Write-progress-activity resolvehost-status "$ip"-percentcomplete ($d/($EndAddress. Split (".") [3]))-id 1
$getHostEntry = [Net.dns]::begingethostentry ($pingStatus. Address, $null, $null)
}
if ($ScanPort) {
if ($AllPort) {
$Ports = @ (1..65534)
}
if ($StartPort-ne $null-and $EndPort-ne $null) {
$Ports = @ ($StartPort. $EndPort)
}
$openPorts = @ ()
for ($i = 1; $i-le $Ports. Count; $i + +) {
$port = $Ports [($i-1)]
Write-progress-activity "portscan[$port] $result"-status "$ip"-percentcomplete (($i/($Ports. Count))-id 2
$client = New-object System.Net.Sockets.TcpClient
$beginConnect = $client. BeginConnect ($pingStatus. Address, $port, $null, $null)
if ($client. Connected) {
$openPorts + + $port
} else {
# wait
Start-sleep-milli $TimeOut
if ($client. Connected) {
$openPorts + + $port
$length = $openPorts. length
$result = "[Find $length ports. Last port $port] "
}
}
$client. Close ()
}
}
if ($ResolveHost) {
$hostName = ([Net.dns]::endgethostentry ([IAsyncResult] $getHostEntry)). HostName
}
# return Object
if ($openPorts-ne $null)
{
Write-host "IPAddress" "$ip"
if ($getHostEntry-ne $null)
{write-host "HostName" $getHostEntry}
Write-host "Ports" $openPorts
}
}
}
}
}
}
}
End {
}
}