This PowerShell script is a network scanner. Utilising the Invoke-PingSweep function, it will attempt to ping each host in the specified range and if it gets a response, it will attempt to find open ports from a specified list.
The Invoke-PingSweep function is available from the TechNet gallery and I take no credit for writing this integral part of the script. https://gallery.technet.microsoft.com/scriptcenter/Invoke-TSPingSweep-b71f1b9b
This script will then output a list of discovered IP addresses, hostnames and open ports. There are options to then export to a CSV and/or TXT file as well.
Usage: .\NetScan.ps1 -StartIP 0.0.0.0 -EndIP 1.1.1.1 [-CSV file.csv] [-TXT file.txt] [-CSVHostsOnly] [-TXTHostsOnly]
Download the Network Scanner v1.0 here!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 |
################################################################################################# # # # Network Scanner v1.0 # # # # Written by: Mike Oldfield # # Date: 02/06/2016 # # # # This PS1 scans a specified range of IP addresses. It will find all online nodes, resolve # # to a hostname and scan for open ports from a specified list. # # # # This PS1 utilises function "Invoke-PingSweep", avaialble from the TechNet Gallery. # # https://gallery.technet.microsoft.com/scriptcenter/Invoke-TSPingSweep-b71f1b9b # # # # Usage: .\NetScan.ps1 -StartIP 0.0.0.0 -EndIP 0.0.0.0 [-CSV file.csv] [-TXT file.txt] # # [-CSVHostsOnly] [-TXTHostsOnly] # # # ################################################################################################# ############################# # # # PARAMETERS # # # ############################# # Set some avaialble paramters. This bit must come first. param( [string]$CSV = "NetScan.csv", # -CSV: Specifies where you want to save the CSV file output. If not specified, "NetScan.csv" will be created in the directory the script was executed [string]$TXT = "NetScan.txt", # -TXT: Specifies where you want to save the TXT file output. If not specified, "NetScan.txt" will be created in the directory the script was executed [switch]$CSVHostsOnly = $false, # -CSVHostsOnly: Requests that only the hostnames be exported to the CSV file [switch]$TXTHostsOnly = $false, # -TXTHostsOnly: Requests that only the hostnames be exported to the TXT file [Parameter(Mandatory = $true)] [string]$StartIP, # -StartIP: Specifies the first IP address in the range you wish to scan, for example 10.0.0.1 [Parameter(Mandatory = $true)] [string]$EndIP # -EndIP: Specifies the last IP address in the range you wish to scan, for example 10.0.0.20 ) ############################# # # # VARIABLES # # # ############################# $scriptVer = "v1.0" # What version of the script is this? Used for header info $scriptAuth = "Mike Oldfield" # Who wrote the script? $scriptLastUpdate = "02/06/2016" # When was the script last updated? ############################# # # # FUNCTIONS # # # ############################# # Invoke-PingSweep: https://gallery.technet.microsoft.com/scriptcenter/Invoke-TSPingSweep-b71f1b9b function Invoke-TSPingSweep { Param( [parameter(Mandatory = $true, Position = 0)] [ValidatePattern("\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b")] [string]$StartAddress, [parameter(Mandatory = $true, Position = 1)] [ValidatePattern("\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b")] [string]$EndAddress, [switch]$ResolveHost, [switch]$ScanPort, [int[]]$Ports = @(21,22,23,53,69,71,80,98,110,139,111,389,443,445,1080,1433,2001,2049,3001,3128,5222,6667,6868,7777,7878,8080,1521,3306,3389,5801,5900,5555,5901,9998,9999), [int]$TimeOut = 100 ) Begin { $ping = New-Object System.Net.Networkinformation.Ping } Process { foreach($a in ($StartAddress.Split(".")[0]..$EndAddress.Split(".")[0])) { foreach($b in ($StartAddress.Split(".")[1]..$EndAddress.Split(".")[1])) { foreach($c in ($StartAddress.Split(".")[2]..$EndAddress.Split(".")[2])) { foreach($d in ($StartAddress.Split(".")[3]..$EndAddress.Split(".")[3])) { write-progress -activity PingSweep -status "$a.$b.$c.$d" -percentcomplete (($d/($EndAddress.Split(".")[3])) * 100) $pingStatus = $ping.Send("$a.$b.$c.$d",$TimeOut) if($pingStatus.Status -eq "Success") { if($ResolveHost) { write-progress -activity ResolveHost -status "$a.$b.$c.$d" -percentcomplete (($d/($EndAddress.Split(".")[3])) * 100) -Id 1 $getHostEntry = [Net.DNS]::BeginGetHostEntry($pingStatus.Address, $null, $null) } if($ScanPort) { $openPorts = @() for($i = 1; $i -le $ports.Count;$i++) { $port = $Ports[($i-1)] write-progress -activity PortScan -status "$a.$b.$c.$d" -percentcomplete (($i/($Ports.Count)) * 100) -Id 2 $client = New-Object System.Net.Sockets.TcpClient $beginConnect = $client.BeginConnect($pingStatus.Address,$port,$null,$null) if($client.Connected) { $openPorts += $port } else { # Wait Start-Sleep -Milli $TimeOut if($client.Connected) { $openPorts += $port } } $client.Close() } } if($ResolveHost) { $hostName = ([Net.DNS]::EndGetHostEntry([IAsyncResult]$getHostEntry)).HostName } # Return Object New-Object PSObject -Property @{ IPAddress = "$a.$b.$c.$d"; HostName = $hostName; Ports = $openPorts } | Select-Object IPAddress, HostName, Ports } } } } } } End { } } ############################# # # # HEADER # # # ############################# # Write a pretty header Write-Host "`r`n################################################`r`n" -ForegroundColor darkcyan -NoNewLine Write-Host "##### " -ForegroundColor darkgray -NoNewLine Write-Host "Network Scanner $scriptVer " -ForegroundColor gray -NoNewLine Write-Host "#####`r`n##### " -ForegroundColor darkgray -NoNewLine Write-Host "Written by: $scriptAuth" -ForegroundColor gray -NoNewLine Write-Host " #####`r`n##### " -ForegroundColor darkgray -NoNewLine Write-Host "Last Updated: $scriptLastUpdate " -ForegroundColor gray -NoNewLine Write-Host " #####`r`n" -ForegroundColor darkgray -NoNewLine Write-Host "################################################`r`n" -ForegroundColor darkcyan ############################# # # # SCRIPTY BIT # # # ############################# # Tell us what we're about to do Write-Host "Scanning IP range: " -ForegroundColor yellow -NoNewLine Write-Host "$StartIP - $EndIP`r`n" # Start trying to do the scans, but catch any errors at the end try { # Run the network scan against the requested IP range $Scan = Invoke-TSPingSweep -StartAddress $StartIP -EndAddress $EndIP -ResolveHost -ScanPort # Write a message telling us the results are coming... Write-Host "Scan Results:" -ForegroundColor green # Grab and display the results from the network scan $Scan | Select-Object IPAddress, HostName, Ports # Check if we asked only for the hostnames in a CSV if ($CSVHostsOnly) { # If we did, write the hostnames to a CSV file. File name specified by parameter $csv $Scan | Select-Object HostName | Export-CSV $csv -NoTypeInformation # But if we didn't... } else { # Write everything to a CSV file. Convert the ports to a string separated by ; $Scan | Select-Object IPAddress, HostName, @{Name="Ports";Expression={[string]::join("; ", ($_.Ports))}} | Export-CSV $csv -NoTypeInformation } # Check if we asked only for the hostnames in a TXT if ($TXTHostsOnly) { # If we did, write the hostnames to a TXT file, stripping out the header. File name specified by parameter $txt $Scan | Select-Object -ExpandProperty HostName | Out-File $txt # But if we didn't... } else { # Write everything to a TXT file $Scan | Select-Object IPAddress, HostName, Ports | Out-File $txt } # Capture any errors } catch [System.Exception] { # Report any errors in red Write-Host "`r`nError! $_`r`n" -ForegroundColor red # Kill the script Exit } |