петък, юли 15, 2022

Check remote computers for open UDP ports with PowerShell (ext. script) 2

Minimalistic-offensive-security-tools/port-scan-udp.ps1 at master · InfosecMatter/Minimalistic-offensive-security-tools · GitHub 

Function port-scan-udp {

  param($hosts,$ports)

  if (!$ports) {

    Write-Host "usage: port-scan-udp <host|hosts> <port|ports>"

    Write-Host " e.g.: port-scan-udp 192.168.1.2 445`n"

    return

  }

  $out = ".\scanresults.txt"

  foreach($p in [array]$ports) {

   foreach($h in [array]$hosts) {

    $x = (gc $out -EA SilentlyContinue | select-string "^$h,udp,$p,")

    if ($x) {

      gc $out | select-string "^$h,udp,$p,"

      continue

    }

    $msg = "$h,udp,$p,"

    $u = new-object system.net.sockets.udpclient

    $u.Client.ReceiveTimeout = 500

    $u.Connect($h,$p)

    # Send a single byte 0x01

    [void]$u.Send(1,1)

    $l = new-object system.net.ipendpoint([system.net.ipaddress]::Any,0)

    $r = "Filtered"

    try {

      if ($u.Receive([ref]$l)) {

        # We have received some UDP data from the remote host in return

        $r = "Open"

      }

    } catch {

      if ($Error[0].ToString() -match "failed to respond") {

        # We haven't received any UDP data from the remote host in return

        # Let's see if we can ICMP ping the remote host

        if ((Get-wmiobject win32_pingstatus -Filter "address = '$h' and Timeout=1000 and ResolveAddressNames=false").StatusCode -eq 0) {

          # We can ping the remote host, so we can assume that ICMP is not

          # filtered. And because we didn't receive ICMP port-unreachable before,

          # we can assume that the remote UDP port is open

          $r = "Open"

        }

      } elseif ($Error[0].ToString() -match "forcibly closed") {

        # We have received ICMP port-unreachable, the UDP port is closed

        $r = "Closed"

      }

    }

    $u.Close()

    $msg += $r

    Write-Host "$msg"

    echo $msg >>$out

   }

  }

}


# Examples:

#

# port-scan-udp 10.10.0.1 137

# port-scan-udp 10.10.0.1 (135,137,445)

# port-scan-udp (gc .\ips.txt) 137

# port-scan-udp (gc .\ips.txt) (135,137,445)

# 0..255 | foreach { port-scan-udp 10.10.0.$_ 137 }

# 0..255 | foreach { port-scan-udp 10.10.0.$_ (135,137,445) }

Публикувано от в Няма коментари:

Check remote computers for open TCP ports with PowerShell (ext. script) 1

Minimalistic-offensive-security-tools/port-scan-tcp.ps1 at master · InfosecMatter/Minimalistic-offensive-security-tools · GitHub 

Function port-scan-tcp {

  param($hosts,$ports)

  if (!$ports) {

    Write-Host "usage: port-scan-tcp <host|hosts> <port|ports>"

    Write-Host " e.g.: port-scan-tcp 192.168.1.2 445`n"

    return

  }

  $out = ".\scanresults.txt"

  foreach($p in [array]$ports) {

   foreach($h in [array]$hosts) {

    $x = (gc $out -EA SilentlyContinue | select-string "^$h,tcp,$p,")

    if ($x) {

      gc $out | select-string "^$h,tcp,$p,"

      continue

    }

    $msg = "$h,tcp,$p,"

    $t = new-Object system.Net.Sockets.TcpClient

    $c = $t.ConnectAsync($h,$p)

    for($i=0; $i -lt 10; $i++) {

      if ($c.isCompleted) { break; }

      sleep -milliseconds 100

    }

    $t.Close();

    $r = "Filtered"

    if ($c.isFaulted -and $c.Exception -match "actively refused") {

      $r = "Closed"

    } elseif ($c.Status -eq "RanToCompletion") {

      $r = "Open"

    }

    $msg += $r

    Write-Host "$msg"

    echo $msg >>$out

   }

  }

}


# Examples:

#

# port-scan-tcp 10.10.0.1 137

# port-scan-tcp 10.10.0.1 (135,137,445)

# port-scan-tcp (gc .\ips.txt) 137

# port-scan-tcp (gc .\ips.txt) (135,137,445)

# 0..255 | foreach { port-scan-tcp 10.10.0.$_ 137 }

# 0..255 | foreach { port-scan-tcp 10.10.0.$_ (135,137,445) }

Публикувано от в Няма коментари:
Етикети: , , ,

Check remote computers for open TCP ports with PowerShell

Fast and simple: 


Test-NetConnection -ComputerName 172.30.33.11 -Port 22

Script:

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force -Scope Currentuser

cd $env:temp

Start-Transcript -LiteralPath .\Test_results.txt

$ip = Read-Host -Prompt 'Enter server IP'

$p1 = Read-Host -Prompt 'Enter 1st port to test (ENTER or 0 to skip): '

$p2 = Read-Host -Prompt 'Enter 2nd port to test (ENTER or 0 to skip): '

$p3 = Read-Host -Prompt 'Enter 3rd port to test (ENTER or 0 to skip): '

Write-Host ""

Write-Host "Open ports test results:"

if ($p1 -gt 0)

{

if (Test-NetConnection -ComputerName $ip -Port $p1 -InformationLevel Quiet -WarningAction SilentlyContinue) {"Port $p1 is open" } else {"Port $p1 is closed"}

}

else {"No port - no test"}

if ($p2 -gt 0)

{

if (Test-NetConnection -ComputerName $ip -Port $p2 -InformationLevel Quiet -WarningAction SilentlyContinue) {"Port $p2 is open" } else {"Port $p2 is closed"}

}

else {"No port - no test"}


if ($p3 -gt 0)

{

if (Test-NetConnection -ComputerName $ip -Port $p3 -InformationLevel Quiet -WarningAction SilentlyContinue) {"Port $p3 is open" } else {"Port $p3 is closed"}

}

else {"No port - no test"}

Test-NetConnection -ComputerName $ip -TraceRoute -InformationLevel Detailed

Stop-Transcript

Set-ExecutionPolicy -ExecutionPolicy Undefined -Force -Scope CurrentUser


Start-Process notepad .\Test_results.txt



Публикувано от в Няма коментари:

Retrieving IPsec VPN PSK key from Fortigate

The API entry point is ;

"https://x.x.x.x/api/v2/cmdb/vpn.ipsec/phase1-interface?plain-text-password=1?

The full http get would look like the following ;

curl -k -H "Authorization: rest_api_admin_user zw7q8QyGrHwtfrn8tkGyfNbnGGN7js" "https://192.168.1.99/api/v2/cmdb/vpn.ipsec/phase1-interface?plain-text-password=1?access_token=zw7q8QyGrHwtfrn8tkGyfNbnGGN7js"

The output and field for "psksecret": will show the text value. 

Account with API permissions is must

Ken Felix Security Blog: fortios how to recover ipsec-vpn PSK string in text format (socpuppet.blogspot.com)

Публикувано от в Няма коментари:
Абонамент за: Публикации (Atom)