Linux: poor man’s port scanner

Title:Linux: poor man’s port scanner
Author:Douglas O’Leary <dkoleary@olearycomputers.com>
Description:Linux: poor man’s port scanner
Date created:11/12/2012
Date updated:11/12/2012
Disclaimer:Standard: Use the information that follows at your own risk. If you screw up a system, don’t blame it on me...

The C|EH forum on linkedin had an article on 11/12/12 related to a bash-based port scan. The article pointed to this url I don’t see that being something I’d use on a pentest - nmap is much to readily available - however, for a quick down/dirty method of checking if a system has a specific port open, it’s pretty sweet.

The basic method is to execute echo redirected to /dev/tcp/${ip}/${port}. If the echo returns 0, the port’s open, otherwise you’ll get a connection refused.

# echo > /dev/tcp/192.168.12.1/80
# echo $?
0
# echo > /dev/tcp/192.168.12.1/18
-ksh: /dev/tcp/192.168.12.1/18: cannot create [Connection refused]

One of the respondents to the article mentioned that /dev/tcp isn’t always available in bash - even more important since I use ksh - however, this link provides some good instructions on enabling it.