port scanner
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: port scanner

  1. #1
    Junior Member
    Join Date
    Aug 2001
    Posts
    1

    Post port scanner

    hi ,

    I want to make a port scanner in C.Could somebody explain to me the working of a port scanner.From where should i begin.Can anyone also redirect me to the concerned links?

    Thanx,
    Rohit.

  2. #2
    Member
    Join Date
    Oct 2001
    Posts
    74
    here is a very simple port scanner in php, save it in a php file, create a form passing values $host $lowport and $highport and you have yourself a nice little lightweight port scanner. I know you asked for one in c but I don't know c although it should be similiar. hope it helps.


    $time = 1;
    if ($pressed)
    {
    set_time_limit(0);
    echo "Scanning $host" . "...
    \n"; flush();
    for ($i = $lowport; $i <= $highport; $i++) {
    $portn = fsockopen($target, $i, $errno, $errstr, $time);
    if (!$portn) {
    echo "Port $i is not open on $host";
    flush();
    }
    else {
    echo "Open port at $i";
    flush();
    fclose($portn);
    }
    }
    }

  3. #3
    Senior Member
    Join Date
    Jul 2001
    Posts
    420
    I think using the built in socket functionality of Unix the above could be ported quickly to C. But why bother since the PHP script appears legit.
    If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
    -- former White House cybersecurity adviser Richard Clarke

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    114
    try writing a stealth Ps in PHP script...i think C would be better candidate for that.....neverthelss rohit u could try The ethical......... Ankit Fadia..it has both the c and perl code plus a breif discription..i m not sure but there could be something on his site to..... check it out hackingtruths.box.sk
    Better Laugh At Your Own Problems..
    Coz...The World Laughs At Them

  5. #5
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Well, I think it kicks ass that you actually want to write one, instead of just running someone else's script. I would recommend dl'ing the source for a couple of open source port scanners, and go from their.

    From where should i begin?
    Well:
    void main (){


    That should get you started.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  6. #6
    Member
    Join Date
    Oct 2001
    Posts
    74
    I wouldnt know where to begin on a stealth ps in php, is it even possible, if so I'd like to hear some ideas.
    Soulman I agree with you on not using someone elses work, I just posted that so he could see the logic behind one, then as dspeidel stated he could port it to c. I am currently working on a tutorial with a more advanced version of that script, hope to have it done in a day or 2.

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    Looking at the source code for NMAP might be a good place to start, since its the best port scanner ever to roam the Earth.
    www.insecure.org/nmap

  8. #8
    It's simpel!

    You only have to make a program there Connact to target to se if the port are open! you kan use a for command:

    a = some input (start)
    b = some input (end)

    for(i = a; i <= b; i++)
    {
    If()
    blah
    else
    blah
    }

    There you can scan the ranke the user type!

  9. #9
    Basic:

    Connact to a port if it's open return with 1 if not return with 0.......
    and then just print out!

  10. #10
    Banned
    Join Date
    Oct 2001
    Posts
    1,462
    Yet again, Google saves the day... I did a search for portscan.c and I got this.... The original page is here [http://staticdischarge.org/Hacking/Sources/PORTSCAN.C]

    Code:
    /* 
     * internet port scanner 
     *
     * This program will scan a hosts TCP ports printing all ports that accept
     * connections, and if known, the service name.
     * This program can be trivially altered to do UDP ports also.
     *
     * Kopywrong (K) Aug. 25, '94 pluvius@io.org
     *
     * Hey kiddies, this is a C program, to run it do this:
     * $ cc -o pscan pscan.c
     * $ pscan <host> [max port]
     *
     * No, this will not get you root.
     * 
     * Changes:
     * Changed fprintf to printf in line 34 to work with my Linux 1.1.18 box
     * Netrunner 1/18/95 11:30pm
     *
     * Changes:
     * converts port# to network byte order.
     * Therapy 10/29/96 9:00pm
     * 
    */
    static char sccsid[] = "@(#)pscan.c     1.0     (KRAD) 08/25/94";
    #include <stdio.h>
    #include <sys/types.h>
    #include <sys/socket.h>
    #include <netinet/in.h>
    #include <netdb.h>
    
    #define MAX_PORT 1024 /* scan up to this port */
    int s;
    struct sockaddr_in addr;
    char rmt_host[100];
    
    int skan(port)
    int port;
    {
     int r;
        s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
        if (s < 0) {
           /* fprintf("ERROR: socket() failed\n"); */
           /* Changed to printf for my Linux 1.1.18 box */
           printf("ERROR: socket() failed\n");
           exit(0);
        }
    
        addr.sin_family = PF_INET;
        addr.sin_port = htons(port);
        addr.sin_addr.s_addr = inet_addr(rmt_host);
    
        r = connect(s,(struct sockaddr *) &addr, sizeof(addr));
    
        close(s);
        if (r==-1) {
           return (1 == 0);
        }
    
        return (1 == 1);
    }
    
    main(argc,argv) 
    int argc;
    char *argv[];
    {
     int a,b,c,d,e,f;
     struct hostent *foo;
     struct servent *bar;
    
       if (argc < 2) {
          fprintf(stderr,"usage: %s <host> [highest port]\n",argv[0]);
          exit(0);
       }
    
       if (sscanf(argv[1],"%d.%d.%d.%d",&a,&b,&c,&d) != 4) {
          foo = gethostbyname(argv[1]);
          if (foo == NULL) {
             fprintf(stderr,"error: cannot resolve host %s\n",argv[1]);
             exit(0);
          }
          sprintf(rmt_host,"%d.%d.%d.%d",(unsigned char )foo->h_addr_list[0][0],
                  (unsigned char ) foo->h_addr_list[0][1], 
                  (unsigned char ) foo->h_addr_list[0][2], 
                  (unsigned char ) foo->h_addr_list[0][3]);
       } else {
          strncpy(rmt_host,argv[1],99);
       }
    
    
       if (argc > 2) {
          f = atoi(argv[2]);
       } else
          f = MAX_PORT;
    
       fprintf(stdout,"Scanning host %s - TCP ports 1 through %d\n",rmt_host,f);
    
       for (e =1;e<=f;e++) {
        char serv[100];
          if (skan(e)) {
             bar = getservbyport(htons(e),"tcp"); 
             printf("%d (%s) is running.\n",e,(bar == NULL) ? "UNKNOWN" :
                    bar->s_name); 
          }
       }
    }
    
    
    
    
    ------------------------------------------------------------------------------------
    
    	Here is another simple portscanner written in PERL
    
    #!/usr/bin/perl
    #
    # A simple TCP port scanner in perl
    # James.Abendschan@nau.edu  27 January 1996
    #
    # output to stdout, logging to stderr
    #
    # todo - 
    #  better arg handling :)
    #  fork() scans?
    
    # ports to scan:
    # 21 - ftp
    # 23 - telnet
    # 25 - smtp
    # 79 - finger
    # 80 - www
    # 119 - nntp
    # 139 - netbios (wfwg over tcpip)
    # 8000 - occasional www
    # 8080 - ocassional www
    
    @myports = (21, 23, 25, 79, 80, 119, 139, 8000, 8080);
    
    require 'sys/socket.ph';
    require 'flush.pl';
    
    $SIG{'ALRM'} = 'do_alarm';
    
    if ($ARGV[0] eq "") {
     print "please provide a subnet to scan!  e.g., 134.114.84\n";
     exit 1;
    }
    
    {
     $net = $ARGV[0];
     ($a, $b, $c) = split(/\./, $net);
     
      for ($d=0;$d<256;$d++) {
       $host = "$a.$b.$c.$d";
    
       @portlist = @myports;
    
       while(@portlist) {
        $port = shift(@portlist);
        print STDERR "Trying $host:$port\n";
        $data = scan($host, $port);
        if (index($data, "FAILED") != 0) {
         @addr = split(/\./, $host);
         $addr = pack(' C4', @addr[0], @addr[1], @addr[2], @addr[3]);
         ($name, $aliases, $type, $len, @addrs) = gethostbyaddr($addr, 2);
         if ($name eq "") {
          $name = $host;
         }
         print STDOUT "$name:$port:$data\n";
         flush(STDOUT);
        }
       }
      }
    }
    
    #
    # scan (host, port)
    # returns error or banner
    #
    
    sub scan
    {
     
     $hostname = shift @_;
     $serverport = shift @_;
    
     $connecttimeout = "1";		# time to wait for a reply
     $bannertimeout = "7";		# time to wait for data after a connect
    
    init:
        
       # seed & pick a random port number 
     
       for ($i=0; $i < $$; $i++) { rand(); }
    
       $clientport = int(rand(32768) + 1024);
       $sockaddr = 'S n a4 x8';
       $locport=pack($sockaddr, &AF_INET, $clientport, "\0\0\0\0");
    
       if (!socket(C, &PF_INET, &SOCK_STREAM, $proto)) {
        #print "WARNING - couldn't create client socket: $!\n";
        sleep 5;
        goto init;
       }
    
       if (!bind(C, $locport)) { 
        # die("cannot bind client socket: $!\n");
        #print "WARNING - couldn't bind client socket:$!\n";
        sleep (5);
        goto init;
       }
    
       ($name, $aliases, $proto) = getprotobyname('tcp');
       ($name, $aliases, $type, $len, $thisaddr) = gethostbyname($hostname);
       ($a,$b,$c,$d) = unpack('C4', $thisaddr);
    
       $ipaddr="$a.$b.$c.$d";
       
       $thatport = pack($sockaddr, &AF_INET, $serverport, $thisaddr);
       
       alarm(0);
       alarm($connecttimeout);
    
       if (!connect(C, $thatport)) {
        return "FAILED: $!\n";
       }
    
       alarm(0);
    
       select(C); 
       $| = 1;
       select(STDOUT);
    
       # Now send/rec data to C
    
       # nudge it..
    
       print C "\r\n";
    
       alarm($bannertimeout); 
    
       $banner = "";
       while ($data = <C>) {
        $banner = "$banner$data" 
       }
    
       alarm(0);
    
       if ($banner eq "") {
        $banner = $data;
       }
    
       shutdown(C, 1);
       close(C);
    
       $banner =~ tr/\r/\./;
       $banner =~ tr/\n/\./;
    
       return $banner;
    }
    
    #
    # Handle timeouts
    #
    
    sub do_alarm {
      alarm(0); # reset alarm clock
      $SIG{'ALRM'} = 'do_alarm';
      close (C);
      return "FAILED: timeout";
    }
    
    
    
    
    
    --------------------------------------------------------------------------------

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •