Bash

We will be using netcat to create a simple port scanner. Essentially what we need to do is connect to the host we are scanning, and check if the port is open.

#!/bin/sh
# portscan without nmap, using netcat
# usage ./portscan.sh <ip> <startport> <endport>

# flags we are using
# -v verbose
# -n numeric-only IP, no dns
# -r randomize local and remote ports
# -z zero-I/O mode [used for scanning]
# -w timeout in seconds for connects

nc -v -n -r -z -w1 $1 $2-$3

output of the script:

[root@kadi bash]# ./portscan.sh 127.0.0.1 1-4000
(UNKNOWN) [127.0.0.1] 4000 (?) open
(UNKNOWN) [127.0.0.1] 3306 (mysql) open
(UNKNOWN) [127.0.0.1] 80 (http) open
(UNKNOWN) [127.0.0.1] 22 (ssh) open