-
Notifications
You must be signed in to change notification settings - Fork 0
/
tcpscan.ps1
181 lines (118 loc) · 5.3 KB
/
tcpscan.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
cls
echo "==================================================================="
echo "A Simple port test script with a pseudo OS detection"
echo "You can detect OS, only if you have permission to remote OS :)"
echo "Bonus, FTP weak password check function added "
echo "USAGE:Just change the ports range variable and endpoint IP addresses to scan your own network "
echo "==================================================================="
$ports=@(135,21,80)
$endPoint=@(
'192.168.1.11',
'192.168.1.100'
,'192.168.1.109',
'192.168.1.14',
'192.168.1.119'
)
$users=@('abakus','foobar','potato','johny_bravo','pandwoo','victim1','victim2')
$passwords=@('grthyu76uyrkyu','rthytetytuyuyiuyiyt','pazzword','qwerty123','victimpassword123')
echo "Please wait trying to identify your local IP address"
try{
$ipa=Get-NetIPConfiguration | ?{$_.interfacealias -and $_.ipv4defaultgateway -ne $null`
-and $_.netadapter.status -ne 'Disconnected'} | select ipv4address
$localhost=$ipa.ipv4address | select -ExpandProperty ipaddress
echo "OK! your local IP identified $($ipa.ipv4address | select -ExpandProperty ipaddress)"
} catch {echo "Unable to identify your local IP :("}
function isAlive?{
$ping = New-Object System.Net.NetworkInformation.Ping
foreach($end in $endPoint){
$open=@()
$ping_status=$ping.Send($end)
if($ping_status.Status -eq 'Success') {
echo "-----------------------------------------"
Write-Host "$end is alive" -BackgroundColor DarkBlue -ForegroundColor yellow
if ($ping_status.Address -eq $localhost){
$obj= $(Get-WmiObject `
-ComputerName $end win32_operatingsystem |select `
caption,version,csname,osarchitecture)
identity? $obj
} else {
try {
$cred=Get-Credential ''
$obj= $(Get-WmiObject `
-ComputerName $end win32_operatingsystem -Credential $cred -ErrorAction SilentlyContinue |select `
caption,version,csname,osarchitecture)
identity? $obj
#echo "Your OS: $(Get-WmiObject -ComputerName $end -Credential $cred win32_operatingsystem -ErrorAction SilentlyContinue | select -ExpandProperty caption)"
}
catch{
$err = $_.Exception.Message
echo "UNKNOWN OS or incorrect USER/PASSWORD"
}
}
portCheck
}else{
echo "----------------------------------------"
Write-Host "$end $($ping_status.Status) " -BackgroundColor red
}
}
}
function portCheck{
foreach($p in $ports){
$rpc=new-object System.Net.Sockets.TcpClient
try {
$rpc.Connect($end,$p)
echo "PORT $p on $end IS OPEN"
if ($p -eq 21){
echo "Checking for WEAK password in FTP services"
weak_ftp_pass
}
}catch{
$err = $_.Exception.Message
echo "PORT $p on $end IS CLOSED "
#echo "error $err"
}
$rpc.close()
}
}
function weak_ftp_pass{
foreach($user in $users){
foreach($pass in $passwords){
try
{
$ftpRequest = [System.Net.FtpWebRequest]::Create("ftp://"+$end)
$ftpRequest.Method = [System.Net.WebRequestMethods+Ftp]::ListDirectoryDetails
#echo "Checking $user : $pass"
#sleep 1
$ftpRequest.Credentials = new-object System.Net.NetworkCredential($user, $pass)
$result = $ftpRequest.GetResponse()
$message = $result.BannerMessage + $result.WelcomeMessage
Write-Host "Match found! for $user : $Pass" -BackgroundColor White -ForegroundColor Black
#break #uncomment if you just need 1 password
}
catch
{
$err_ftp = $_.Exception.message
#echo "$err_ftp"
}
}
}echo ""
echo "======= FTP BANNER START ==========="
echo "$message"
echo "======= FTP BANNER END ==========="
echo ""
}
function identity? {
param(
[Parameter(Mandatory=$true)]$obj
)
$os_properties=New-Object -TypeName psobject -Property @{
OS=$obj.caption
Version=$obj.version
Arch=$obj.osarchitecture
Hostname=$obj.csname
}
echo "==========================================="
echo "$os_properties"
echo "==========================================="
}
isAlive?