http://www.perlmonks.org?node_id=202756
Category: Networking
Author/Contact Info
Description: Determines which TCP ports and services a host may be using by opening a TCP socket connection. Used for determining what services are running on a specific host. I used the RFC port number list to pull service names so you may have to download this list and modify unused lines with a (#) comment to match the regex. I am a Perl N00b so please be easy on me. Format for the rfc list looks like this:

# Keyword         Decimal    Description                     References
#                                   
#                          Jon Postel <postel@isi.edu>
tcpmux            1/tcp    TCP Port Service Multiplexer
tcpmux            1/udp    TCP Port Service Multiplexer
#                          Mark Lottor <MKL@nisc.sri.com>
compressnet       2/tcp    Management Utility
compressnet       2/udp    Management Utility
compressnet       3/tcp    Compression Process
compressnet       3/udp    Compression Process
Feel free to contact me if you'd like a copy.		 
#!/usr/bin/perl
use IO::Socket;

# ********************************************************************
# pscanner : portscan hosts using a tcp connection through
# IO::Socket module and prepackaged port-numbers RFC list 
#  
# Fri Oct  4 10:50:44 EDT 2002
# ********************************************************************


print "Enter the name of the server you would like to scan\n";
chomp( my $server = <STDIN> );
print "What port would you like to start at\? \(1-65000\)\n";
chomp( my $start = <STDIN> );

## Store portlist in @portlist
open( PORTLIST, "./port-numbers" ) or die "Unable to open portlist: $!
+";
my @portlist = <PORTLIST>;
close(PORTLIST);
chomp(@portlist);

foreach (@portlist) {
    next if $_ =~ /^\#/;
    @whatever = ( split ( /\s+/, ( split (/\//) )[0] ) );
    ( $service, $portnumber ) = ( @whatever[0], @whatever[1] );
    $servicelist{"$portnumber"} = "$service";
}

for ( $portnumber = $start ; $portnumber <= 65000 ; $portnumber++ ) {
    $sock = IO::Socket::INET->new(
        PeerAddr => $server,
        PeerPort => $portnumber,
        Proto    => 'tcp'
    );

    if ($sock) {
        print "Connected on port $portnumber $servicelist{$portnumber}
+\n";
    }
    else {

        #  print "$port failed\n";
    }
}    #  End for


=head1 NAME

pscanner - Scans host on TCP ports and pulls service type from RFC por
+t-numbers list

=head1 DESCRIPTION

Determines which TCP ports and services a host may be using by opening
a TCP socket connection.  Used for determining what services are runni
+ng on a 
specific host.

=head1 PREREQUISITE

IO::Socket module
Pre-packaged RFC port numbers list

=head1 COREQUISITE

None

=head1 README

Determines which TCP ports and services a host may be using by opening
a TCP socket connection.  Used for determining what services are runni
+ng on a 
specific host.

=pod OSNAMES

Unix, Linux, Win32


=pod SCRIPT CATEGORIES

Networking

=cut
Replies are listed 'Best First'.
Re: pscanner.pl
by Mr. Muskrat (Canon) on Oct 04, 2002 at 17:14 UTC

    merlyn,
    This is not warez. 'Warez' imlies illegally acquired software, i.e. "D00d, come check out my 1337 ftp site. It's got lots of warez like ISOs of all of the M$ software you can imagine." And as much as some people would like it be, port scanning is not illegal. At times, it can come in handy. It can also be used to "case" a server for possible weaknesses. Would a "script kiddie" use a perl port scanner? I doubt it. Nmap is much better suited for their usage. This looks like a legit attempt at learning.

    /dev/null,
    I commend you for having the guts to post this. I can't believe that you would try to get into a flamefest. This is not the kind of thing that I come here to read.

    IANA maintains a list of port numbers. It is possible to have a port number as high as 65535. So I am curious why you choose to go up to 65000. Also, you are only scanning for TCP ports. Why not go all out and scan for UDP ports as well?

    Update: I forgot to mention that I'm not voting on the flamefest posts. Just please! Please! Don't do it again!

[reply]
      Mr. Muskrat,
      I am sorry for not killing the circle of flame but I had to stand up for what I thought was right. This script was not intended for hacking into a workstation. I wrote this script strictly for checking services running on a few of my clients. Thanks for the input.. i'll consider changing the script to check all portnumbers and UDP ports.

      /dev/null
[reply]
        In that case I believe that, didactic as this effort may have been :-), you should really follow merlyn's (brashly expressed) suggestion to use nmap, a very versatile and solid tool for all manner of network examination tasks.

        Makeshifts last the longest.

[reply]
      Script kiddies aside, NMAP is possibly the best scanner ever coded (other than Nessus which uses NMAP as part of it's design). Although this is interesting , to compare the two is ludicrous.
[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.

Back to Code Catacombs