Port Scanning

[drawmack]

I was bored tonight so I wrote up a little port scanner in php. Took me less then an hour and the file is under 120 lines of code including comments, html and white space. On top of that it's valid xhtml.

Sometimes the simplicity of this language scares me. Anyway here it is, phport scanner.

This is educational software and not intended to be used for hacking or any other illegal activity.

[HalfaBee]

Might be valid xhtml, but $_POST[ip] is not valid PHP.

HalfaBee

[laserlight]

Invalid English comments too, with "at the end of teh form"

There's also $_POST[scan_btn], I think, though I doubt scan_btn will ever be a reserved word in PHP.

Actually, could there be a slight problem with your "if the person entered an ip resolve it to the domain name" regex?

Cos it doesnt seem to take into account that a domain name contains periods (and dashes) as well.

[HalfaBee]

I saw the 'teh', but didn't think I would comment.
Hell, I can think 2000 WPM and ytpe 20.

Halfabee

[drawmack]

Quote:

Originally posted by laserlight
Invalid English comments too, with "at the end of teh form"

There's also $_POST[scan_btn], I think, though I doubt scan_btn will ever be a reserved word in PHP.

Actually, could there be a slight problem with your "if the person entered an ip resolve it to the domain name" regex?

Cos it doesnt seem to take into account that a domain name contains periods (and dashes) as well.

Yeah I guess I should quote my array indecies. What I do with the regex is say if it has letters, any letters, then it's a domain name otherwise it's an ip address. It's a very loose check but I was writting as an example of how easy port scans are in php.

[drawmack]

alright here is an updated version.

Change Log:
1) fixed spelling error in comment so that laserlight can stop twitching

2) quoted array index references that are not variables

3) put output into a table and used just a touch of css for readability.

4) did a bit better preperation on the input destination.

5) made http check port 80 instead of 115, don't know what I was thinking last night.

here it is

[Moonglobe]

i'd say id works........ and its not hard to add to.

however it would be nice to have a 'check all' button.............

[axo]

eurgh... i get notices all over because of undefined variables, so:

replace line 50 with

Code:

<td colspan="4"><input type="text" size="30" name="ip" value="<?php echo isset($_POST['ip']) ? $_POST['ip'] : ""; ?>" /></td>

and replace line 64 with

Code:

    echo (isset($_POST[$cur_field]) && '1' == $_POST[$cur_field]) ? "checked " : "";

[axo]

here's the modified version with the checkAll javascript function

[Moonglobe]

one thing of note......... the current timeout limit of 10 allows for only two full timeouts... not enough time to check all ports. If there are too mny failures, the script itself wil timeout after 30 seconds. if you're goign to use this, timeout=3 and set_time_limit(0); wouldnt be a bad idea.

[drawmack]

moon,
you make a good point, however I wrote it for educational purposes so I don't think I'll be adding code that makes it more usable.

[HalfaBee]

Quote:

Originally posted by Moonglobe
one thing of note......... the current timeout limit of 10 allows for only two full timeouts... not enough time to check all ports. If there are too mny failures, the script itself wil timeout after 30 seconds. if you're goign to use this, timeout=3 and set_time_limit(0); wouldnt be a bad idea.

I don't think time spent in these functions affects the script running time.

Halfabee