How can I do an online port scan only on ports where I run servers?
Add a comment
|
1 Answer
:: uses gnuwin32 sort, grep, sed, cut. You could rename windows sort.exe(could make a copy of sort.exe to windowssort.exe and unlocker lets you delete windows's sort.exe), and use gnuwin32 sort.exe instead.
@ECHO OFF
netstat -aon -p tcp | grep "LISTENING" | grep -o ":[^: ]*" | grep -P ":[0-9]+$" | grep -v "^:0$" | uniq | tr -d '\r' | tr -d '\n' | sed "s/:/,/g" | cut -b 2- | sed "s/,/\r\n/g" | sort -n | tr -d '\r' | tr -s '\n' ','
produces a comma delimited list like
29,35,85,115,145,155,163,170
(to see how it did that you could know a bit about regexes, something about those commands used, and try each portion at a time e.g. first netstat -aon -p tcp then add | grep "LISTENING" e.t.c. ). If sed could do find on new lines then it'd have been slightly shorter but sed can't, and if tr was more powerful then it'd be a bit simpler, but tr isn't.
You can put that comma delimited list of ports into an online port scanner
e.g.
http://www.t1shopper.com/tools/port-scan/
And if the list is too long, so the online port scan of those ports takes too long, then you could do nmap with that list, from another computer in your LAN, and if any are open then just do the online port scan on those.
It's pointless doing an online port scan on all 65535 ports, it'd take too long and is pointless doing so when you know only a small percentage of those even run a server and you know for certain which they are. And it's pointless to just scan 'common ports' when you know exactly which ports you run servers on, so which to test.