Created
March 14, 2025 13:10
-
-
Save scmanjarrez/8353cce985753ce420e66c292d3b3d11 to your computer and use it in GitHub Desktop.
Small script to discover output ports open in a fw
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import subprocess | |
from concurrent.futures import ThreadPoolExecutor | |
from concurrent.futures import wait | |
def tcp_scan(host): | |
ports = [] | |
def check_port(port): | |
proc = subprocess.run( | |
f"timeout 2 telnet {host} {port}", shell=True, capture_output=True | |
) | |
if b"Connected" in proc.stdout: | |
print(port) | |
ports.append(port) | |
return | |
if b"refused" in proc.stderr: | |
print(port) | |
ports.append(port) | |
return | |
# for port in [53, 80, 113, 443, 465, 587, 993, 8080]: | |
# check_port(port) | |
with ThreadPoolExecutor(max_workers=30) as executor: | |
futures = [executor.submit(check_port, port) for port in range(1, 65536)] | |
wait(futures) | |
print("TCP open ports: ", ports) | |
def udp_scan(host): | |
ports = [] | |
def check_port(port): | |
print(f"Checking port {port}") | |
# Send 3 packets just to be sure (UDP doesn't guarantee packet delivery) | |
subprocess.run(f"echo -n 'open' | nc -4u -w1 {host} {port}", shell=True) | |
subprocess.run(f"echo -n 'open' | nc -4u -w1 {host} {port}", shell=True) | |
subprocess.run(f"echo -n 'open' | nc -4u -w1 {host} {port}", shell=True) | |
# This requires a special setup, in the remote host it's required to run tcpdump | |
# sudo tcpdump host x.x.x.x and udp | |
# where x.x.x.x is the origin of the scan IP | |
# for port in [1194]: | |
# check_port(port) | |
with ThreadPoolExecutor(max_workers=30) as executor: | |
futures = [executor.submit(check_port, port) for port in range(1, 65536)] | |
wait(futures) | |
# tcp_scan("x.x.x.x") # controlled IP | |
udp_scan("x.x.x.x") # controlled IP, running tcpdump with udp protocol filter |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment