Skip to content

Instantly share code, notes, and snippets.

@scmanjarrez
Created March 14, 2025 13:10
Show Gist options
  • Save scmanjarrez/8353cce985753ce420e66c292d3b3d11 to your computer and use it in GitHub Desktop.
Save scmanjarrez/8353cce985753ce420e66c292d3b3d11 to your computer and use it in GitHub Desktop.
Small script to discover output ports open in a fw
import subprocess
from concurrent.futures import ThreadPoolExecutor
from concurrent.futures import wait
def tcp_scan(host):
ports = []
def check_port(port):
proc = subprocess.run(
f"timeout 2 telnet {host} {port}", shell=True, capture_output=True
)
if b"Connected" in proc.stdout:
print(port)
ports.append(port)
return
if b"refused" in proc.stderr:
print(port)
ports.append(port)
return
# for port in [53, 80, 113, 443, 465, 587, 993, 8080]:
# check_port(port)
with ThreadPoolExecutor(max_workers=30) as executor:
futures = [executor.submit(check_port, port) for port in range(1, 65536)]
wait(futures)
print("TCP open ports: ", ports)
def udp_scan(host):
ports = []
def check_port(port):
print(f"Checking port {port}")
# Send 3 packets just to be sure (UDP doesn't guarantee packet delivery)
subprocess.run(f"echo -n 'open' | nc -4u -w1 {host} {port}", shell=True)
subprocess.run(f"echo -n 'open' | nc -4u -w1 {host} {port}", shell=True)
subprocess.run(f"echo -n 'open' | nc -4u -w1 {host} {port}", shell=True)
# This requires a special setup, in the remote host it's required to run tcpdump
# sudo tcpdump host x.x.x.x and udp
# where x.x.x.x is the origin of the scan IP
# for port in [1194]:
# check_port(port)
with ThreadPoolExecutor(max_workers=30) as executor:
futures = [executor.submit(check_port, port) for port in range(1, 65536)]
wait(futures)
# tcp_scan("x.x.x.x") # controlled IP
udp_scan("x.x.x.x") # controlled IP, running tcpdump with udp protocol filter
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment