this is an old fashion to learn which port is open or not on the target. I check around for nice and fast portscanner but could not find and off course this one not like nmap just connects the port and if its connected tells its open.
by the way http finger is the part of this web app. which checks if 80. port is open on the target and writes the output I guess after user saw the output who will understand which OS runs on the target.
You just need to give IP address or URL and starting port and ending port. after that watch the magic.
if I dont use the threads it tooks 10 times more then now. actually we dont need to use that database for port explanation but it looks better to see what has seen so far in that ports.
ASP.NET 2 and System.Net.Sockets is really powerfull and easy to use.
StartPort = Convert.ToInt32(numStart.Text);
EndPort = Convert.ToInt32(numEnd.Text);
ipAdres = txtIP.Text;
Thread[] pool = new Thread[(EndPort - StartPort) + 1];
int i = 0;
DateTime start = DateTime.Now;
// Loop through the ports between start port and end port
for (int CurrPort = StartPort; CurrPort <= EndPort; CurrPort++)
{
Thread th =
new Thread(new System.Threading.ParameterizedThreadStart(portAc));
//NOTE: better to leave to system.
// th.Priority = ThreadPriority.AboveNormal;
th.Start(CurrPort);
pool[i] = th;
i++;
}
#region thread pool
int k = --i;
int retryCount = 0;
for (; i >= 0; i--)
{
if (pool[i].IsAlive)
{
i = k;
retryCount++;
continue;
}
if (retryCount == 1000)
{
break;
}
}
#endregion
#region httpfinger
if (http)
{
// Create a request for the URL.
WebRequest request = WebRequest.Create("http://" + txtIP.Text);
// If required by the server, set the credentials.
request.Credentials = CredentialCache.DefaultCredentials;
// Get the response.
try{
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
string serverType = response.Headers["server"];
if (serverType.Contains("IIS"))
{
lblServer.Text = "Windows System ";
if (serverType.Contains("5."))
{
lblServer.Text += "XP/2000";
}
if (serverType.Contains("6."))
{
lblServer.Text += "2003";
}
}
if (serverType.ToLower().Contains("apache"))
{
lblServer.Text += "probably linux";
}
lblServer.Text += "
" + serverType;
}
catch(Exception Err){
//sometime which returns 404 and it makes a problem.
}
}
#endregion
DateTime end = DateTime.Now;
TimeSpan sonuc = end - start;
lblzaman.Text = sonuc.TotalSeconds + " total secs";
that piece of code does the main job and offcourse we need to give that threads a function for port open and connection.
public void portAc(object portNoObj)
{
int portNo = (int)portNoObj;
TcpClient TcpScan = new TcpClient();
try
{
// Try to connect
TcpScan.Connect(ipAdres, portNo);
if (!TcpScan.Connected) return;
// If there's no exception, we can say the port is open
log += "Port " + portNo + " open\r\n";
//NOTE: We may include more finger tips to here
switch (portNo)
{
case 80: http = true; break;
}
try
{
DataRow dr = dt.NewRow();
dr[0] = "http://www.portsdb.org/bin/portsdb.cgi?portnumber=" +
portNo + "&protocol=ANY&String=";
dt.Rows.Add(dr);
} // Ends Try
catch (Exception Err)
{
throw Err;
}
}
catch
{
// An exception occured, thus the port is probably closed
}
}
The TcpClient
class provides simple methods for connecting, sending, and receiving stream data over a network in synchronous blocking mode. But we just used its Connect function to see is that port open or not. You can try this portAc function with a for loop and see it yourself. If we did not use the threads how much time we can lost.
Yes for me and google I dunno what do u think about that. If you use it for security and see what is going on its not a big issue.
The code of scanner is really easy to understand. Just download the source and have fun. This application can not run under ASP.NET 1.x. You need to have ASP.NET 2.0.
This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)