World’s slimmest TCP port scanner – By @
Ok, the name is a pun on Titan’s watch 😛 and is something that is an outcome of a really cool bash feature which I’ll be discussing. Bash provides a way to create a TCP connection or send UDP packets to a host on a given port, the cool thing is that you don’t have to rely on other scripting languages or programs for creating sockets/network connections when writing a shell script. Using this feature one can write simple to complex network utilities/scripts (a sigh of relief for scriptters :-) if that is that a word ). NOTE: This is a bash provided feature(if it is compiled with –enable-net-redirections option) and has nothing to do with /dev Devices.
Using these sockets/connections is as simple as accessing a file which is inline with the unix philosophy. All you need to do is to read/write to files of the form:
/dev/<protocol>/<host>/<port> where, <protocol> = tcp | udp <host> = hostname | IP <port> = port number.
For example, lets say you want to send a custom payload to a web server, you can do it with the following command:
$echo -en “HEAD / HTTP/1.0\r\n\r\n” > /dev/tcp/example.com/80
You won’t get anything in return for obvious reasons(no read!). Now you’ll say what good can this be. Well, you can assign it a fd and read and write to that fd if your script is a network interactive one and expects some data in response.
Example commands: # 15 is just random fd that I chose, you can choose any fd number you like. $ exec 15<> /dev/tcp/example.com/80 $ echo -en “HEAD / HTTP/1.1\r\nhost: example.com\r\n\r\n” >&15 $ cat <&15 HTTP/1.1 302 Found Date: Thu, 30 Jul 2009 21:56:37 GMT Server: Apache Location: https://example.com:443/ Connection: close Content-Type: text/html; charset=iso-8859-1
Finally, time for the slimmest TCP port scanner:
#!/bin/sh # Usage:>$tcpscan.sh <host> <start_port> <end_port> # for p in `seq $2 $3`;do (echo “foo” > /dev/tcp/$1/$p) &> /dev/null ; RET=$?; if [ $RET -eq 0 ]; then echo “$p/tcp open”; fi; done
I know it looks ugly :-P, no sanity checks etc, had to keep it slim you know… Tell me when u use it in your shell scripts.