Port Scanning#

Warning

* Please DO NOT scan machines without the owners permission first.

Sometimes it’s useful to know which ports are open and what services a target machine is running.

Scanning Multiple Ports#

By passing a range and/or list of ports, we can connect to multiple ports one after another.

Combining this with the -v and -z options to turn on verbose and zero I/O mode, we can create a simple port scanner:

Unix

pync -vz host.example.com 20-30 80 443

Windows

py -m pync -vz host.example.com 20-30 80 443

Python

# scan.py
import pync
pync.run('-vz host.example.com 20-30 80 443')

As you can see, you can provide a single port, a list of ports or a range of ports to scan. In this case, we scan port 20 to 30 (20,21,22…30), port 80 (http) and port 443 (https).

For example, if ports 22 and 25 are open, you should see output similar to this:

...
Connection to host.example.com 22 port [tcp/ssh] succeeded!
Connection to host.example.com 25 port [tcp/smtp] succeeded!

Banner Grabbing#

It might also be useful to know which server software is running, and which versions.

This can be done by setting a small timeout with the -w flag, or maybe by issuing a well known command to the server:

Unix

echo "QUIT" | pync host.example.com 20-30

Windows

echo "QUIT" | py -m pync host.example.com 20-30

Python

# banner.py
import pync
pync.run('host.example.com 20-30', input=b'QUIT')

For example, if SSH was running on port 22, you might see output similar to this:

...
SSH-1.99-OpenSSH_3.6.1p2
Protocol mismatch.

SEE ALSO: