Androsh7

$Host.UI.RawUI.WindowTitle = "ICMP Scanner" $max_connections = 100 # increase to speed up scans (100 is default) $show_unreachable = $false # shows unsuccessful pings $debug = $false # prints debug information function Get_Addresses_Between ([byte[]]$StartBytes, [byte[]]$EndBytes) { $address_array = @() $StartInt = [int32]"0x$([System.BitConverter]::ToString($StartBytes).Replace('-',''))" $EndInt = [int32]"0x$([System.BitConverter]::ToString($EndBytes).Replace('-',''))" ${StartInt}..$([math]::max(${EndInt},${StartInt})) | ForEach-Object { $HexString = [convert]::ToString($_, 16).PadLeft(8, "0") $oct1 = [convert]::FromHexString($HexString.Substring(0,2)) $oct2 = [convert]::FromHexString($HexString.Substring(2,2)) $oct3 = [convert]::FromHexString($HexString.Substring(4,2)) $oct4 = [convert]::FromHexString($HexString.Substring(6,2)) $address_array += [ipaddress]"$oct1.$oct2.$oct3.$oct4" } return $address_array } function Parse_Machines ($user_input) { $out_array = @() $user_input -split "," | ForEach-Object { if ($_ -match "^(\d+\.){3}\d+$") { $out_array += [ipaddress]$_ } elseif ($_ -match '^(\d+\.){3}\d+-(\d+\.){3}\d+$') { $range = $_ -split "-" $startIP = [ipaddress]($range[0]) $endIP = [ipaddress]($range[1]) $startBytes = $startIP.GetAddressBytes() $endBytes = $endIP.GetAddressBytes() Get_Addresses_Between -StartBytes $startBytes -EndBytes $endBytes | ForEach-Object { $out_array += $_ } } elseif ($_ -match '^(\d+\.){3}\d+/\d{1,2}$') { $split_IP = $_ -split "/" $currentIP = [ipaddress]$split_ip[0] $currentBytes = $currentIP.GetAddressBytes() $currentBinary = "" 0..3 | ForEach-Object { $currentBinary += [convert]::ToString($currentBytes[$_], 2).PadLeft(8, "0") } $subnetMask = [int32]$split_IP[1] $subnetBinary = "$("1" * $subnetMask)$("0" * (32 - $subnetMask))" $startBinary = "" $startBinary = "" 0..31 | ForEach-Object { if ($subnetBinary[$_] -eq "1") { $endBinary += $currentBinary[$_] $startBinary += $currentBinary[$_] } else { $endBinary += "1" $startBinary += "0" } } $endBytes = New-Object byte[] 4 $startBytes = New-Object byte[] 4 0..3 | ForEach-Object { $startBytes[$_] = [convert]::ToInt32(($startBinary.Substring($_ * 8, 8)), 2) $endBytes[$_] = [convert]::ToInt32(($endBinary.Substring($_ * 8, 8)), 2) } Get_Addresses_Between -StartBytes $startBytes -EndBytes $endBytes | ForEach-Object { $out_array += $_ } } else { $out_array += "$_" } } Return $out_array } While ($true) { Clear-Host Write-Host "Running ICMP_Scanner.ps1 at $(Get-Date)" -ForegroundColor Cyan $input = Read-Host "Enter IP addresses I.E: (192.168.1.1, 10.15.1.1-10.15.1.255, Machine15)" $machines = Parse_Machines -user_input $input.Replace(" ", "") Write-Host "========================================================================" -ForegroundColor Cyan # builds the ping objects $connectors = @() 1..$([math]::max(${max_connections}, $machines.Count)) | ForEach-Object { $connector = New-Object psobject # States: # 0 = ready to connect # 1 = waiting to connect $connector | Add-Member -MemberType NoteProperty -Name "State" -Value 0 $connector | Add-Member -MemberType NoteProperty -Name "Host" -Value $null $connector | Add-Member -MemberType NoteProperty -Name "Time" -Value $null $connector | Add-Member -MemberType NoteProperty -Name "Ping_Result" -Value $null $connector | Add-Member -MemberType NoteProperty -Name "Pinger" -Value $(New-Object System.Net.NetworkInformation.Ping) $connectors += $connector } if ($debug) { Write-Host "Setup $($connectors.Count) pingers" -ForegroundColor Yellow } # run the scan $host_iter = 0 $finished_connections = $false $finished_checks = $false $stopWatch = [System.Diagnostics.Stopwatch]::StartNew() $last_update = $stopWatch.Elapsed.TotalSeconds while ($finished_connections -eq $false -or $finished_checks -eq $false) { # start the connections 0..$($connectors.length - 1) | Where-Object { $connectors[$_].State -eq 0 } | ForEach-Object { if ($host_iter -ge $machines.Count) { $finished_connections = $true return } $connectors[$_].Host = $machines[$host_iter] $connectors[$_].Ping_Result = $($connectors[$_].Pinger.SendPingAsync($machines[$host_iter])) $connectors[$_].Time = $stopWatch.Elapsed $connectors[$_].State = 1 if ($debug) { Write-Host "Setup pinger $_ - pinging host $($connectors[$_].Host) at $($connectors[$_].Time)"} $host_iter++ } # check on connections $finished_checks = $true 0..$($connectors.Length - 1) | Where-Object { $connectors[$_].State -eq 1} | ForEach-Object { if ($connectors[$_].Ping_Result.IsCompleted -ne $true) { $finished_checks = $false return } # show resolved ip address for hostnames $hostname = $connectors[$_].Host if ($hostname -notmatch "^(\d{1,3}\.){3}\d{1,3}$") { $hostname = "$hostname ($($connectors[$_].Ping_Result.Result.Address))" } # color different kinds of connections $state = $connectors[$_].Ping_Result.Result.Status $color = "" switch ($state) { "Success" { $state = "Reachable ($($connectors[$_].Ping_Result.Result.RoundTripTime)ms)" $color = "Green" } "TimedOut" { $state = "Timed Out" $color = "Red" } "DestinationHostUnreachable" { $state = "Host Unreachable" $color = "Red" } Default { $color = "Yellow" } } if ($show_unreachable -or $state -match "^Reachable") { Write-Host "Host $hostname - $state" -ForegroundColor $color } # reset connector $connectors[$_].Host = $null $connectors[$_].State = 0 } } # destroy connector objects if ($debug) { Write-Host "Destroying 100 pingers" -ForegroundColor Yellow} $connectors | ForEach-Object { $_.Pinger.Dispose() } $connectors.Clear() Write-Host "========================================================================" -ForegroundColor Cyan Write-Host "Scanned $($machines.Count) hosts in $([math]::Round($stopWatch.Elapsed.TotalSeconds, 2)) seconds" -ForegroundColor Cyan $userinput = Read-Host "Press Enter to continue or Q to quit" if ($userinput -match "Q") { exit } }

$Host.UI.RawUI.WindowTitle = "TCP_Scanner" $max_connections = 100 # increase to speed up scans (100 is default) $timeout = 1500 # milliseconds until a port is deemed to be closed (1500 is default) $show_updates = $true # prints an update every 1,000 ports $show_closed = $false # shows closed ports $debug = $false # prints information on individual socket connections (not recommended) $TCPPorts = @{ 20 = "FTP (Data Transfer)" 21 = "FTP (Control)" 22 = "SSH" 23 = "Telnet" 25 = "SMTP" 53 = "DNS Zone Transfers" 80 = "HTTP" 110 = "POP3" 135 = "RPC" 139 = "NetBIOS Session Service" 143 = "IMAP" 179 = "BGP" 389 = "LDAP" 443 = "HTTPS" 445 = "SMB" 465 = "SMTPS (SMTP over SSL)" 514 = "Syslog (TCP - Less Common)" 587 = "SMTP (Mail Submission)" 636 = "LDAPS" 873 = "Rsync" 902 = "VMware ESXi Remote Console" 912 = "VMware Authentication Daemon" 989 = "FTPS (Data)" 990 = "FTPS (Control)" 993 = "IMAPS" 995 = "POP3S" 1080 = "SOCKS Proxy" 1194 = "OpenVPN" 1433 = "MSSQL" 1521 = "Oracle Database" 1723 = "PPTP VPN" 1883 = "MQTT" 2049 = "NFS" 2375 = "Docker (Unsecured)" 2376 = "Docker (Secured)" 3306 = "MySQL" 3389 = "RDP" 3690 = "Subversion (SVN)" 4444 = "Metasploit" 4789 = "VXLAN" 5000 = "Docker Registry / UPnP" 5060 = "SIP (Unencrypted)" 5061 = "SIP (Encrypted)" 5432 = "PostgreSQL" 5900 = "VNC" 5985 = "WinRM (HTTP)" 5986 = "WinRM (HTTPS)" 6379 = "Redis" 6667 = "IRC" 8000 = "Common Web Applications" 8080 = "HTTP Proxy / Alternative HTTP" 8443 = "HTTPS Alternative" 9000 = "SonarQube / Alternate Web Services" 9090 = "Prometheus / Web Services" 9200 = "Elasticsearch" 11211 = "Memcached (Can use TCP)" 27017 = "MongoDB" 33848 = "VMware NFC (VM file transfer)" } function Resolve_Port ([int]$open_port) { if ($TCPPorts.ContainsKey($open_port)) { return " - $($TCPPorts[$open_port])" } return "" } # takes port ranges and breaks them into individual ports (I.E: 1-5 to 1,2,3,4,5) function Parse_Ports { param ( [string]$portsInput ) $ports = @() $portsInput.Split(',') | ForEach-Object { if ($_ -match '(\d+)-(\d+)') { $ports += ($matches[1]..$matches[2]) } else { $ports += [int]$_ } } return $ports } while ($true) { Clear-Host Write-Host "Running TCP_Scanner.ps1 at $(Get-Date)" -ForegroundColor Cyan $target = Read-Host "Enter the target IP address or hostname" # attempt to resolve the target if ($target -match "^(\d{1,3}\.){3}\d{1,3}$") { $target = [IPAddress]$target } else { try { Write-Host "Attempting to resolve $target" -ForegroundColor Yellow $dns_resolution = Resolve-DnsName -Name $target -ErrorAction Stop $target = [ipaddress]( $dns_resolution | Where-Object { $_.Type -eq "A" } | Select-Object -First 1).IPAddress Write-Host "Resolved to $target" -foreground Cyan } catch { Write-Host "Failed to resolve the provided hostname: $target" -ForegroundColor Red Write-Host "Aborting scan" -ForegroundColor Red Write-Host "Press ENTER to continue" Read-Host continue } } $portsInput = Read-Host "Enter the ports to scan (e.g. 80, 443-500, 8080)" # creates port array $ports = Parse_Ports -portsInput $portsInput | Where-Object { $_ -gt 0 -and $_ -lt 65536 } | Sort-Object -Unique if ($ports.Count -eq 0) { Write-Host "No ports specified aborting scan" -ForegroundColor Red Write-Host "Press ENTER to continue" Read-Host continue } Write-Host "========================================================================" -ForegroundColor Cyan # builds the tcp_clients $connectors = @() 1..${max_connections} | ForEach-Object { $connector = New-Object psobject # States: # 0 = ready to connect # 1 = waiting to connect $connector | Add-Member -MemberType NoteProperty -Name "State" -Value 0 $connector | Add-Member -MemberType NoteProperty -Name "Port" -Value $null $connector | Add-Member -MemberType NoteProperty -Name "Time" -Value $null $connector | Add-Member -MemberType NoteProperty -Name "Tcp_Client" -Value $(New-Object System.Net.Sockets.TcpClient) $connectors += $connector } if ($debug) { Write-Host "Setup $($connectors.Count) connectors" -ForegroundColor Yellow } # run the scan $port_iter = 0 $finished_connections = $false $finished_checks = $false $stopWatch = [System.Diagnostics.Stopwatch]::StartNew() while ($finished_connections -eq $false -or $finished_checks -eq $false) { # start the connections 0..$($connectors.length - 1) | Where-Object { $connectors[$_].State -eq 0 } | ForEach-Object { if ($port_iter -ge $ports.Count) { $finished_connections = $true return } $connectors[$_].Tcp_Client.ConnectAsync($target, $ports[$port_iter]) 1>$null $connectors[$_].Port = $ports[$port_iter] $connectors[$_].Time = $stopWatch.Elapsed $connectors[$_].State = 1 if ($debug) { Write-Host "Setup TCP_Client $_ - ${target}:$($connectors[$_].Port) - Status $($connectors[$_].State) - Time $($connectors[$_].Time)" -ForegroundColor Yellow } if ($show_updates -and $port_iter % 1000 -eq 0) { Write-Host "Scanned $($port_iter) of $($ports.Count) ports" -ForegroundColor Yellow } $port_iter++ } # check on connections $finished_checks = $true 0..$($connectors.Length - 1) | Where-Object { $connectors[$_].State -eq 1 } | ForEach-Object { # check if connection is successful if ($connectors[$_].Tcp_Client.Connected -eq $true) { if ($debug) { Write-Host "Receiving TCP_Client $_ - ${target}:$($connectors[$_].Port) - " -ForegroundColor Yellow -NoNewline } Write-Host "Port $($connectors[$_].Port) is open$(Resolve_Port -open_port $connectors[$_].Port)" -ForegroundColor Green $connectors[$_].Tcp_Client.Client.Disconnect($true) } # check if connection failed elseif ($stopWatch.Elapsed.TotalMilliseconds - $connectors[$_].Time.TotalMilliseconds -gt $timeout) { if ($debug) { Write-Host "Receiving TCP_Client $_ - ${target}:$($connectors[$_].Port) - " -ForegroundColor Yellow -NoNewline } if ($show_closed) { Write-Host "Port $($connectors[$_].Port) is closed" -ForegroundColor Red } } # skip if connection is still pending else { $finished_checks = $false return } $finished_checks = $false # reset connector $connectors[$_].Tcp_Client.Dispose() $connectors[$_].Tcp_Client = New-Object System.Net.Sockets.TcpClient $connectors[$_].Time = $null $connectors[$_].Port = $null $connectors[$_].State = 0 } } Write-Host "========================================================================" -ForegroundColor Cyan Write-Host "Scanned $($ports.Count) ports in $([math]::Round($stopWatch.Elapsed.TotalSeconds, 2)) seconds" -ForegroundColor Cyan # destroy connector objects $connectors | ForEach-Object { $_.Tcp_Client.Dispose() } $connectors.Clear() $userinput = Read-Host "Press Enter to continue or Q to quit" if ($userinput -match "Q") { exit } }

$Host.UI.RawUI.WindowTitle = "UDP_Scanner" $max_connections = 100 # increase to speed up scans (100 is default) $timeout = 2000 # milliseconds until a port is deemed to be closed (2000 is default) $show_updates = $true # prints an update every 1000 ports $show_closed = $false # shows closed ports $debug = $false # prints information on individual socket connections (not recommended) $UDPPorts = @{ 53 = "DNS Queries" 67 = "DHCP (Server)" 68 = "DHCP (Client)" 69 = "TFTP" 123 = "NTP" 135 = "RPC Locator Service" 137 = "NetBIOS Name Service" 138 = "NetBIOS Datagram Service" 161 = "SNMP" 162 = "SNMP Trap" 500 = "IKE (IPsec VPN Negotiation)" 514 = "Syslog (UDP - Common)" 520 = "RIP (Routing Information Protocol)" 623 = "IPMI (Remote Management)" 1434 = "MSSQL Browser" 1645 = "RADIUS Authentication (Alternative)" 1646 = "RADIUS Accounting (Alternative)" 1701 = "L2TP VPN" 1812 = "RADIUS Authentication" 1813 = "RADIUS Accounting" 1900 = "SSDP (UPnP Discovery)" 2049 = "NFS (Also TCP)" 3478 = "STUN (Session Traversal)" 4500 = "IPsec NAT-T" 5004 = "RTP (Media Streaming)" 5005 = "RTCP (Control for RTP)" 5353 = "mDNS (Multicast DNS)" 5355 = "LLMNR (Link-Local Multicast Name Resolution)" 5683 = "CoAP (IoT Protocol)" 64738 = "Mumble VoIP" } function Resolve_Port ([int]$open_port) { if ($UDPPorts.ContainsKey($open_port)) { return " - $($UDPPorts[$open_port])" } return "" } # takes port ranges and breaks them into individual ports (I.E: 1-5 to 1,2,3,4,5) function Parse_Ports { param ( [string]$portsInput ) $ports = @() $portsInput.Split(',') | ForEach-Object { if ($_ -match '(\d+)-(\d+)') { $ports += ($matches[1]..$matches[2]) } else { $ports += [int]$_ } } return $ports } while ($true) { Clear-Host Write-Host "Running UDP_Scanner.ps1 at $(Get-Date)" -ForegroundColor Cyan $target = Read-Host "Enter the target IP address or hostname" # attempt to resolve the target if ($target -match "^(\d{1,3}\.){3}\d{1,3}$") { $target = [IPAddress]$target } else { try { Write-Host "Attempting to resolve $target" -ForegroundColor Yellow $dns_resolution = Resolve-DnsName -Name $target -ErrorAction Stop $target = [ipaddress]( $dns_resolution | Where-Object { $_.Type -eq "A" } | Select-Object -First 1).IPAddress Write-Host "Resolved to $target" -foreground Cyan } catch { Write-Host "Failed to resolve the provided hostname: $target" -ForegroundColor Red Write-Host "Aborting scan" -ForegroundColor Red Write-Host "Press ENTER to continue" Read-Host continue } } $portsInput = Read-Host "Enter the ports to scan (e.g. 80, 443-500, 8080)" # creates port array $ports = Parse_Ports -portsInput $portsInput | Where-Object { $_ -gt 0 -and $_ -lt 65536 } | Sort-Object -Unique if ($ports.Count -eq 0) { Write-Host "No ports specified aborting scan" -ForegroundColor Red Write-Host "Press ENTER to continue" Read-Host continue } Write-Host "========================================================================" -ForegroundColor Cyan # builds the udp_clients $connectors = @() 1..${max_connections} | ForEach-Object { $connector = New-Object PSObject # States: # 0 = ready to connect # 1 = waiting to connect $connector | Add-Member -MemberType NoteProperty -Name "State" -Value 0 $connector | Add-Member -MemberType NoteProperty -Name "Port" -Value $null $connector | Add-Member -MemberType NoteProperty -Name "Time" -Value $null $connector | Add-Member -MemberType NoteProperty -Name "Udp_Client" -Value $(New-Object System.Net.Sockets.UdpClient) $connectors += $connector } if ($debug) { Write-Host "Setup $($connectors.Count) connectors" -ForegroundColor Yellow } # run the scan $port_iter = 0 $finished_connections = $false $finished_checks = $false $stopWatch = [System.Diagnostics.Stopwatch]::StartNew() while ($finished_connections -eq $false -or $finished_checks -eq $false) { # start the connections 0..$($connectors.length - 1) | Where-Object { $connectors[$_].State -eq 0 } | ForEach-Object { if ($port_iter -ge $ports.Count) { $finished_connections = $true return } $connectors[$_].Udp_Client.Connect($target, $ports[$port_iter]) 1>$null $connectors[$_].Udp_Client.Send([System.Text.Encoding]::UTF8.GetBytes("`0")) 1>$null $connectors[$_].Port = $ports[$port_iter] $connectors[$_].Time = $stopWatch.Elapsed $connectors[$_].State = 1 if ($debug) { Write-Host "Setup UDP_Client $_ - ${target}:$($connectors[$_].Port) - Status $($connectors[$_].State) - Time $($connectors[$_].Time)" -ForegroundColor Yellow } if ($show_updates -and $port_iter % 1000 -eq 0) { Write-Host "Scanned $($port_iter) of $($ports.Count) ports" -ForegroundColor Yellow } $port_iter++ } # check on connections $finished_checks = $true 0..$($connectors.Length - 1) | Where-Object { $connectors[$_].State -eq 1 } | ForEach-Object { # check if connection is successful if ($connectors[$_].Udp_Client.Client.Available -eq 0 -and $stopWatch.Elapsed.TotalMilliseconds -gt 1000) { if ($debug) { Write-Host "Receiving UDP_Client $_ - ${target}:$($connectors[$_].Port) - " -ForegroundColor Yellow -NoNewline } Write-Host "Port $($connectors[$_].Port) is open$(Resolve_Port -open_port $connectors[$_].Port)" -ForegroundColor Green } # check if connection failed elseif ($stopWatch.Elapsed.TotalMilliseconds - $connectors[$_].Time.TotalMilliseconds -gt $timeout) { if ($debug) { Write-Host "Receiving UDP_Client $_ - ${target}:$($connectors[$_].Port) - " -ForegroundColor Yellow -NoNewline } if ($show_closed) { Write-Host "Port $($connectors[$_].Port) is closed" -ForegroundColor Red } } # skip if connection is still pending else { $finished_checks = $false return } $finished_checks = $false # reset connector $connectors[$_].Udp_Client.Dispose() $connectors[$_].Udp_Client = New-Object System.Net.Sockets.UdpClient $connectors[$_].Time = $null $connectors[$_].Port = $null $connectors[$_].State = 0 } } Write-Host "========================================================================" -ForegroundColor Cyan Write-Host "NOTE: This UDP scanner relies on ICMP Type 3 Code 3 messages to determine if a port is closed." -ForegroundColor Yellow Write-Host "If a firewall is blocking these messages the port will be falsely reported as open" -ForegroundColor Yellow Write-Host "Scanned $($ports.Count) ports in $([math]::Round($stopWatch.Elapsed.TotalSeconds, 2)) seconds" -ForegroundColor Cyan # destroy connector objects $connectors | ForEach-Object { $_.Udp_Client.Dispose() } $connectors.Clear() $userinput = Read-Host "Press Enter to continue or Q to quit" if ($userinput -match "Q") { exit } }

$Host.UI.RawUI.WindowTitle = "Active Directory Lookup" function Enter_to_Exit { Read-Host "Press Enter to exit" Exit } $mode = (Read-Host "Mode (User, Group, Computer)").toLower() # Check for valid mode if (-not $mode -or ($mode -ne "user" -and $mode -ne "group" -and $mode -ne "computer")) { Write-Host "ERROR - Invalid mode. Please specify User, Group, or Computer." -ForegroundColor Red Enter_to_Exit } Write-Host "----- Active Directory $($mode.ToUpper()) Lookup -----" -ForegroundColor Cyan # Check if Active Directory module is installed if (-not (Get-Module -ListAvailable -Name ActiveDirectory)) { Write-Host "ERROR - The Active Directory module is not installed. Please install it before running this script." -ForegroundColor Red Enter_to_Exit exit } Write-Host "Current Domain: ${$(Get-ADDomain).DNSRoot}`n" Write-Host "Lookup Information (leave blank to skip):" -ForegroundColor Cyan if ($mode = "User") { $Username = Read-Host -Prompt "Enter Username to lookup" if (-not $Username) { $Username = "*" } $First_Name = Read-Host -Prompt "Enter First Name" if (-not $First_Name) { $First_Name = "*" } $Last_Name = Read-Host -Prompt "Enter Last Name" if (-not $Last_Name) { $Last_Name = "*" } $Middle_Initial = Read-Host -Prompt "Enter Middle Initial" if (-not $Middle_Initial) { $Middle_Initial = "*" } } elseif ($mode = "Group") { $Username = Read-Host -Prompt "Enter Username to lookup" if (-not $Username) { $Username = "*" } } elseif ($mode = "Computer") { $Computer = Read-Host -Prompt "Enter Computer to lookup" if (-not $Computer) { $Computer = "*" } } Write-Host "" Write-Host "Known Domains:" -ForegroundColor Cyan $domains = Get-Content -Path "domains.txt" | Where-Object { $_ -notmatch "^#" } $domains | ForEach-Object { Write-Host $_ -ForegroundColor Yellow } $lookup_domain = Read-Host -Prompt "Enter search domain (blank for all):" Write-Host "`nSearching for ${mode}:" -ForegroundColor Cyan if (-not $lookup_domain) { $domains | ForEach-Object { Write-Host "Searching domain $_" -ForegroundColor Cyan if ($global:mode = "User") { $QueryResults = Get-ADUser -Filter {SamAccountName -like $global:Username -and GivenName -like $global:First_Name -and Surname -like $global:Last_Name -and Initials -like $global:Middle_Initial} -Properties * -Server "$_" } elseif ($global:mode = "Group") { $QueryResults = Get-ADGroup -Filter {Name -like $global:Username} -Properties * -Server $_ } elseif ($global:mode = "Computer") { $QueryResults = Get-ADComputer -Filter {Name -like $global:Computer} -Properties * -Server $_ } if ($QueryResults) { Write-Host $QueryResults } else { Write-Host "No results found in $_" -ForegroundColor Red } } } Enter_to_Exit

read -p "First 3 octets of the IP (e.g., 192.168.1): " ip_base for i in {1..254} ;do (ping -c 1 $ip_base.$i | grep "bytes from" &) ;done

#!/bin/bash read -p "Target IP: " target_ip read -p "Start port: " start_port read -p "End port: " end_port echo "scanning ${target_ip} on ports ${start_port} thru ${end_port}" > scan_result for ((i=${start_port};i<=${end_port};i++)); do timeout 1.5 echo -n 2>/dev/null < /dev/tcp/${target_ip}/${i} && echo "port ${i} open" >> scan_result || echo "port ${i} closed" >> scan_result & if [[ $(expr ${i} % 1000) -eq 0 ]]; then echo "scanning ${target_ip} port ${i} of ${end_port}" fi done sleep 1.5 grep -P -e "scan|open" scan_result