Five online services to perform a port scanning
…and a python script to rule them all!
In early stages of penetration tests you could like to run a port scan on a host without having it originated from your IP address.
You can use some online services that allows this kind of scan.
YouGetSignal
Allow the scanning of a single port
[embed]http://www.yougetsignal.com/tools/open-ports/[/embed]
Ping.eu
Like YouGetSignal, just one port at a time
[embed]http://ping.eu/port-chk/[/embed]
ViewDNS
The scanned ports are: 21, 22, 23, 25, 80, 110, 139, 143, 445, 1433, 1521, 3306 and 3389
[embed]http://viewdns.info/portscan/[/embed]
HackerTarget
Will test for common services only (21) FTP, (22) SSH, (25) SMTP, (80) HTTP, (443) HTTPS and (3389) RDP.
Nmap version detection ( -sV ) is enabled.
[embed]https://hackertarget.com/tcp-port-scan/[/embed]
IPFingerprints
This service allow the scan of a port range, with a lot of options
[embed]http://www.ipfingerprints.com/portscan.php[/embed]
Rule them all with a python script!
Furthermore, Austin Jackson has developed a python script that perform scans from console using this online services, scanless:
Usage
Requires the requests
and bs4
libraries to run, install with pip.
$ python scanless.py --help
usage: scanless.py [-h] [-t TARGET] [-s SCANNER] [-l] [-a]
scanless, public port scan scrapper
optional arguments:
-h, --help show this help message and exit
-t TARGET, --target TARGET
ip or domain to scan
-s SCANNER, --scanner SCANNER
scanner to use (default: yougetsignal)
-l, --list list scanners
-a, --all use all the scanners
$ python scanless.py --list
Scanner Name | Website
---------------|------------------------------
yougetsignal | http://www.yougetsignal.com
viewdns | http://viewdns.info
hackertarget | https://hackertarget.com
ipfingerprints | http://www.ipfingerprints.com
pingeu | http://ping.eu
$ python scanless.py -s viewdns -t scanme.nmap.org
Running scanless...
------- viewdns -------
PORT STATE SERVICE
21/tcp closed ftp
22/tcp open ssh
23/tcp closed telnet
25/tcp closed smtp
53/tcp closed dns
80/tcp open http
110/tcp closed pop3
139/tcp closed netbios
143/tcp closed imap
443/tcp closed https
445/tcp closed smb
1433/tcp closed mssql
1521/tcp closed oracle
3306/tcp closed mysql
3389/tcp closed rdp
-----------------------
$ python scanless.py -a -t scanme.nmap.org
Running scanless...
------- yougetsignal -------
PORT STATE SERVICE
21/tcp closed ftp
22/tcp open ssh
23/tcp closed telnet
25/tcp closed smtp
53/tcp closed dns
80/tcp open http
110/tcp closed pop3
115/tcp closed sftp
135/tcp closed msrpc
139/tcp closed netbios
143/tcp closed imap
194/tcp closed irc
443/tcp closed https
445/tcp closed smb
1433/tcp closed mssql
3306/tcp closed mysql
3389/tcp closed rdp
5632/tcp closed pcanywhere
5900/tcp closed vnc
6112/tcp closed wc3
----------------------------
------- viewdns -------
PORT STATE SERVICE
21/tcp closed ftp
22/tcp open ssh
23/tcp closed telnet
25/tcp closed smtp
53/tcp closed dns
80/tcp open http
110/tcp closed pop3
139/tcp closed netbios
143/tcp closed imap
443/tcp closed https
445/tcp closed smb
1433/tcp closed mssql
1521/tcp closed oracle
3306/tcp closed mysql
3389/tcp closed rdp
-----------------------
------- hackertarget -------
tarting Nmap 7.01 ( https://nmap.org ) at 2017-05-06 02:31 UTC
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.065s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
PORT STATE SERVICE VERSION
21/tcp closed ftp
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0)
23/tcp closed telnet
25/tcp closed smtp
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
110/tcp closed pop3
143/tcp closed imap
443/tcp closed https
445/tcp closed microsoft-ds
3389/tcp closed ms-wbt-server
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.05 second
----------------------------
------- ipfingerprints -------
Host is up (0.16s latency).
Not shown: 484 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp filtered rpcbind
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.11 - 3.14
Network Distance: 10 hops
------------------------------
------- pingeu -------
PORT STATE SERVICE
21/tcp closed ftp
22/tcp open ssh
23/tcp closed telnet
25/tcp closed smtp
53/tcp closed dns
80/tcp open http
139/tcp closed netbios
443/tcp closed https
445/tcp closed smb
3389/tcp closed rdp
----------------------
[embed]https://github.com/vesche/scanless[/embed]