Port scanning – alternative
Alternative port scanning tools.
Portscan with netcat
Scans specific IP between tcp port 20 – 65000.
1 2 |
for i in $(seq 20 65000); do nc -zv 10.xx.xx.xx $i 2>&1;done | grep open |
Check open ports outbound from host with Wget
Check outbound rules from specific host. If TCP SYN is received on tcpdump the outbound port is allowed.
On victim:
1 2 |
for i in $(seq 20 65000); do wget –connect-timeout=2 -t 1 http://10.11.1.X:$i; done |
On attacker:
1 2 |
tcpdump -I tun0 host 10.11.1.x and not port 22 and not port 80 and not arp |
Python script / piescan
https://github.com/m57/piescan/blob/master/piescan.py
1 2 |
./piescan.py -t 10.xx.xx.xx -p 0-1024 -v |