Introduction
this is an old fashion to learn which port is open or not on the target. I check around for nice and fast portscanner but could not find and off course this one not like nmap just connects the port and if its connected tells its open.
by the way http finger is the part of this web app. which checks if 80. port is open on the target and writes the output I guess after user saw the output who will understand which OS runs on the target.
Usage
You just need to give IP address or URL and starting port and ending port. after that watch the magic.
Some Performance Tricks
if I dont use the threads it tooks 10 times more then now. actually we dont need to use that database for port explanation but it looks better to see what has seen so far in that ports.
ASP.NET 2 and System.Net.Sockets is really powerfull and easy to use.
StartPort = Convert.ToInt32(numStart.Text);
EndPort = Convert.ToInt32(numEnd.Text);
ipAdres = txtIP.Text;
Thread[] pool = new Thread[(EndPort - StartPort) + 1];
int i = 0;
DateTime start = DateTime.Now;
for (int CurrPort = StartPort; CurrPort <= EndPort; CurrPort++)
{
Thread th =
new Thread(new System.Threading.ParameterizedThreadStart(portAc));
th.Start(CurrPort);
pool[i] = th;
i++;
}
#region thread pool
int k = --i;
int retryCount = 0;
for (; i >= 0; i--)
{
if (pool[i].IsAlive)
{
i = k;
retryCount++;
continue;
}
if (retryCount == 1000)
{
break;
}
}
#endregion
#region httpfinger
if (http)
{
WebRequest request = WebRequest.Create("http://" + txtIP.Text);
request.Credentials = CredentialCache.DefaultCredentials;
try{
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
string serverType = response.Headers["server"];
if (serverType.Contains("IIS"))
{
lblServer.Text = "Windows System ";
if (serverType.Contains("5."))
{
lblServer.Text += "XP/2000";
}
if (serverType.Contains("6."))
{
lblServer.Text += "2003";
}
}
if (serverType.ToLower().Contains("apache"))
{
lblServer.Text += "probably linux";
}
lblServer.Text += "
" + serverType;
}
catch(Exception Err){
}
}
#endregion
DateTime end = DateTime.Now;
TimeSpan sonuc = end - start;
lblzaman.Text = sonuc.TotalSeconds + " total secs";
that piece of code does the main job and offcourse we need to give that threads a function for port open and connection.
public void portAc(object portNoObj)
{
int portNo = (int)portNoObj;
TcpClient TcpScan = new TcpClient();
try
{
TcpScan.Connect(ipAdres, portNo);
if (!TcpScan.Connected) return;
log += "Port " + portNo + " open\r\n";
switch (portNo)
{
case 80: http = true; break;
}
try
{
DataRow dr = dt.NewRow();
dr[0] = "http://www.portsdb.org/bin/portsdb.cgi?portnumber=" +
portNo + "&protocol=ANY&String=";
dt.Rows.Add(dr);
}
catch (Exception Err)
{
throw Err;
}
}
catch
{
}
}
The TcpClient
class provides simple methods for connecting, sending, and receiving stream data over a network in synchronous blocking mode. But we just used its Connect function to see is that port open or not. You can try this portAc function with a for loop and see it yourself. If we did not use the threads how much time we can lost.
Is it legal
Yes for me and google I dunno what do u think about that. If you use it for security and see what is going on its not a big issue.
Conclusion
The code of scanner is really easy to understand. Just download the source and have fun. This application can not run under ASP.NET 1.x. You need to have ASP.NET 2.0.