├── README.md
└── port-tester.py


/README.md:
--------------------------------------------------------------------------------
1 | # Port-Tester, firewall port testing tool
2 | 
3 | Let us suppose that during a pentest we got command execution on a remote server, but when we want to do a reverse connection to our server the connection is not established for some reason (Firewall / IPS / etc); or maybe you just want to test which ports you can access remotely from that particular server.
4 | 
5 | In that cases comes into play this simple script, which allows us to know, given a range of ports, which ports can be accessed from inside the server. We use a server that has the 65k open ports (open.zorinaq.com), and determine what ports we can access and what ports we cannot.
6 | 


--------------------------------------------------------------------------------
/port-tester.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | 
 3 | # Port-Tester v0.1
 4 | # Test which remote ports the server running this script can access to.
 5 | # written by localh0t
 6 | # Date: 03/02/12
 7 | # Contact: mattdch@me.com
 8 | # Follow: @mattdch
 9 | # localh0t.github.io
10 | 
11 | import sys,socket,errno
12 | 
13 | # Functions goes here
14 | 
15 | def banner():
16 | 	return "\n####################\n# Port Tester v0.1 #\n####################"
17 | 
18 | def exitProgram(code):
19 | 	if code==1:
20 | 		sys.exit("\n[!] Exiting help...\n")
21 | 	if code==2:
22 | 		sys.exit("\n[!] Test finished, exiting...\n")
23 | 	if code==3:
24 | 		sys.exit("\n[!] Exiting...\n")
25 | 	if code==4:
26 | 		sys.exit("\n[-] Exiting, check arguments...\n")
27 | 
28 | def strToInt(convert,typeParam):
29 | 	try:
30 | 		value = int(convert)
31 | 		return value
32 | 	except:
33 | 		print "\n[-] Number given in " + typeParam + " is invalid"
34 | 		exitProgram(3)
35 | 
36 | def checkTimeout(timeout):
37 | 	if timeout is None or timeout <= 0:
38 | 		# Default timeout : 3 seconds
39 | 		timeout = 3
40 | 	else:
41 | 		pass
42 | 	return timeout
43 | 
44 | def connectHost(host,port,timeout):
45 | 	try:
46 | 		sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
47 | 		sock.settimeout(timeout)
48 | 		sock.connect((host, port))
49 | 		# Connection established, we can access that port
50 | 		return "[+] We can reach port " + str(port)
51 | 	except:
52 | 		# If some error happens (refused / filtered), we cannot access that port, print that
53 | 		return "[-] We cannot reach port " + str(port)
54 | 
55 | if len(sys.argv) <= 4:
56 | 	print banner()
57 | 	print "\nUsage:\n======\n\npython", sys.argv[0], "-s [START PORT] -e [END PORT] -t [TIMEOUT (Seconds) (Optional, default: 3)]"
58 | 	exitProgram(1)
59 | 
60 | # Set some variables
61 | count = 0
62 | timeout = None
63 | start_port = None
64 | end_port = None
65 | 
66 | # Read args
67 | for arg in sys.argv:
68 | 	if arg == "-s":
69 | 		start_port = strToInt(sys.argv[count+1],"-s")
70 | 	elif arg == "-e":
71 | 		end_port = strToInt(sys.argv[count+1],"-e")
72 | 	elif arg == "-t":
73 | 		timeout = strToInt(sys.argv[count+1],"-t")
74 | 	count+=1
75 | 
76 | # Do some checks
77 | if start_port is None or end_port is None:
78 | 	exitProgram(4)
79 | timeout = checkTimeout(timeout)
80 | 
81 | # Test started
82 | print banner()
83 | print "\n[!] Port-test started..."
84 | print "[!] Timeout: " + str(timeout) + " seconds\n"
85 | 
86 | # In case we had DNS problems on the server, we use the IP instead the domain, if you wanna use the domain : hostname = socket.gethostbyname("open.zorinaq.com")
87 | hostname = '163.172.166.150' # open.zorinaq.com , 65k ports open
88 | 
89 | for port in range(start_port , end_port+1):
90 | 	print connectHost(hostname, port, timeout)
91 | exitProgram(2)
92 | 


--------------------------------------------------------------------------------