PX : code

PHP PortScanner by Fabian Dennler
Download this code


<?

/*------------------------------------------------------------------------------------

  PortScanner PHP3 script
  -------------------------------
  A php3 routine to perform a port scann of an ip adress or hostname.
  Ground idea (Netbus detector) by Troels Arvin <tarvin@mdb.ku.dk>

  At the end of this file there is a list of port an there description.
  Create a file i.e port_def.inc, insert this definitions and include 
  the file in this script. 
  
  Author: Fabian Dennler, fab@harlequin.ch
  Date:   03.05.2000
  Version 1.0, September 21 1999.
  Revision 03.05.2000
  Latest version is at: http://www.harlequin.ch/projekte/scripts/

------------------------------------------------------------------------------------*/

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html>
<!-- Version 1.0, September 21 1999. -->
<!-- Revision 03.05.00 -->
<!-- Latest version is at http://www.harlequin.ch/projekte/scripts/ -->
<!-- Fabian Dennler, 21091999 -->
<head><title>Online Port Scanner Utility</title>
<meta name="description" content="Online Port Scanner utility - see if there are unknows open Ports"> 
<meta name="keywords" content="port scanner, detection">

<style type="text/css">
<!--
body { background-color: white;color: black;}
strong {color: red;font-weight: bold;}
input.submit {background-color: navy;color: white;}
h1 {color: navy;}
code {color: blue;}
h2 {color: navy;}
pre {background-color: "#AAAACC";}
p.note {font-size: smaller;}
p.permission {color: "#0000FF4";}
-->
</style>
</head>
<body>
<center>
<table cellpadding="0" cellspacing="0">
<tr align="center">
    <td>&nbsp;</td>
    <td align="center"><h1>Online Port Scanner</h1></td>
    <td>&nbsp;</td>
</tr>
<tr>
    <td colspan=3>
    Mit diesem Online Scanner ist es m&ouml;glich ein bestimmter Rechner im Internet nach offener Ports zu durchsuchen.<br>
    Sie k&ouml;nnen den Scanner so einstellen, das er die "Well Know Ports" und/oder die "Registred Ports" durchsucht, aber auch 
    mit Benutzerdefinierte Angaben. Momentan beschrenkt sich dieser Dienst f&uuml;r TCP Verbindungen.
    </td>
</tr>
</table>

<hr noshade size="1">

<?php
error_reporting
(0);

function 
connectToPort ($host$port) {
    global 
$OPEN_PORTS;
    
// This function is the interesting part of the script.
    // It may be called from the 'MAIN'
    // part of the script further down.
    // Not declared ill unless we find something
    
$status 0;
//    print "<p>Trying port $port at $host...";

    // Open a socket to the user's computer (or proxy; in 
    // this case, the result can't be trusted)
    
$socket fsockopen($host$port, &$errno, &$errstr);

    if (
$socket) {
        
// A connection could be made.

//        print "<br>Port $port connection established - <strong>ATTENTION!</strong></p>";
        
$status 1;    
        
$OPEN_PORTS[$port] = $port;

//        print "$OPEN_PORTS";

        // Let's see if it's speaking
        // To make sure that we will not be listening for ever
        // in case of a silent (but open) port
        
set_socket_blocking($socket0);

        
$count 0;
        
$portOutput "";

        
// We will not keep trying for ever; let's stop after
        // 10000 glances
        
while ($count 10000) {
            if (
$readString fread($socket1)) {
                
// Convert <, >, " and & to HTML entities
                
$readString htmlspecialchars($readString);
                
// Add the output to the sum of output
                
$portOutput .= $readString;
//                $portOutput .= $portOutput."<br>";
            
}
            
$count++;
        }

        
// Enough of this. Close the connection.
        
fclose($socket);

        if (
$portOutput != "") {
            print 
"<p align=\"left\"><b>Server Output for Port $port:</b><br>";
            print 
"<p align=\"left\">$portOutput</p>";
        }

    } else {

        
// In case we have good news:
//        print "<br>Port $port connection refused - <code>good</code></p>";
    
}

    
// Return status for the port we just examined
    
return $status;

};

function 
Port_print($item) {
    global 
$scann_host;
    global 
$OPEN_PORTS;
    global 
$PORTSNUMBER;
    global 
$PORTSDESCRIPTION;
    if (
$item!="") {
//        print "$OPEN_PORTS";
        
$check_connection "telnet://".$scann_host.":".$item;
        if (
$OPEN_PORTS[$item]) {
        print 
"<li><a href=\"$check_connection\">$PORTSNUMBER[$item] : $PORTSDESCRIPTION[$item]</a><br>\n";
        };
    };
};


function 
printForm ($host$uri) {
    
// Make sure the user knows what's going on.
    // This should not be dangerous in any way, but let's ask anyway

    
print "
        <form method=post action=\"$uri\">
        <table cellpadding='1' cellspacing='0' border='0' bgcolor='#000000'><tr><td><table cellpadding='0' cellspacing='0' border='0' bgcolor='#BBBBDD'><tr><td>        <table bgcolor=\"#AAAACC\" cellpadding=\"3\" cellspacing=\"0\" border=0>
            <tr align=\"center\">
                <td colspan=2><h2>Scanner Konfiguration</h2></td>
            </tr>
            <tr align=\"center\">
                <td valign=\"top\">Durchsuche Host</td>
                <td align=\"left\">
                <li><input type=text name=\"Host_To_Scann\" Value=\"localhost\">
                </td>
            </tr>
            <tr align=\"center\">
                <td valign=\"top\">Durchsuche Ports</td>
                <td align=\"left\">
                <li><input type=checkbox checked name=\"Well_Know_Ports\">Well Know Ports
                <li><input type=checkbox name=\"Registred_Ports\">Registred Ports
                <li><input type=checkbox name=\"User_Ports\">Benutzerdefinierte Ports <small>(Folgende Felder Eintragen)</small>
                </td>
            </tr>
            <tr align=\"center\">
                <td valign=\"top\">&nbsp;</td>
                <td align=\"left\">
                From <input type=text name=\"User_Port_From\"> To <input type=text name=\"User_Port_To\"><br>&nbsp;
                </td>
            </tr>
        </table>
        <table><tr><td>
        <p class=\"permission\">Permission to connect to <code>selected ports</code> at 
        <code>selected host</code>&nbsp;granted:&nbsp;&nbsp;<input 
        type=checkbox name=permission value=\"ok\"></p>
        
        
        </td>
        </tr>
        <tr>
        <td align='center'><p><input class=submit type=submit></p></td>
        </form>
        </tr></table>        
        </td></tr></table></td></tr></table>
    "
;
};

// **********
//    MAIN
// **********

// Initialize
$Detection_Status 0;
$CONN_PORT[];
$OPEN_PORTS[];

// Set Port List
include "port_def.inc";

// This may seem stupid; but if PHP is running in 'safe mode', 
// the SCRIPT_URI environment variable doesn't seem to 
// be readily available

$uri "http://" $SERVER_NAME $REQUEST_URI;

// Standard CGI environment variable; we are not using CGI, but
// fortunately, the variable is still avaliable

if ($Host_To_Scann!="localhost") {
    
$scann_host gethostbyaddr($Host_To_Scann);
}
else {
    
$scann_host gethostbyaddr($REMOTE_ADDR);
};

// Trying to make sure that the user actually wants me
// to scan his/her ports. - And trying to make sure that nobody is 
// directly linking to the script.

if (!(($permission == "ok") && ($REQUEST_METHOD == "POST") && ($HTTP_REFERER == $uri))) {
    
// Write the permission-asking form - i.e. call the
    // previously defined 'printForm' function
    
printForm($host$uri);
}
else {

    if (!(
$Well_Know_Ports=="")) {
        for (
$i=0;$i<=1023;$i++) {
            
$Scann_Ports[$i] = $PORTSNUMBER[$i];
        };
    };

    if (!(
$Registred_Ports=="")) {
        for (
$i=1024;$i<=17007;$i++) {
            
$Scann_Ports[$i] = $PORTSNUMBER[$i];
        };
    };

    if (!(
$User_Ports=="")) {
        
$Scan_Ports[]=0;
        for (
$i=$User_Port_From;$i<=$User_Port_To;$i++) {
            
$Scann_Ports[$i] = $PORTSNUMBER[$i];
        };
    };

    
// Paranoia checks OK. Let's do it
    
print "
        <h2>Processing host $scann_host ...</h2>
    "
;


//    print "<table border=1 cellpadding=5>";
//    print "<tr><td>";
    
    // Call script and add the status to the sum of status
    // codes. The function 'connectToPort' is defined above

    
while(list($KEY,$VALUE) = each($Scann_Ports)) {
         
//echo "$VALUE\n";
          
$Detection_Status += connectToPort($scann_host$Scann_Ports[$VALUE]);
//         echo "$Detection_Status";
//         echo "<hr noshade>\n";
    
};

//    print "</td></tr>";
//    print "</table>";

//    print "<hr noshade>\n";


    // Summarize results
    
print "<table>";
    print 
"<tr><td align=\"center\">";
    print 
"<h1>Conclusion</h1>";
    print 
"</td></tr>";
    print 
"<tr><td>";

    if (
$Detection_Status 0) {
        print 
"
            <p>Connection to at least one port succeeded.</p>
            <p>This means that this computer have any services activated.
            See <a href=\"http://www2.dgsys.com/~lkh/ipnumb.html\" target='_blank'>port definition</a> for more informations.</p>
        "
;
        print 
"<p><b>Following services are running:</b></p>";

        
array_walk$Scann_Ports 'Port_print' );        

        print 
"
            <p>You may <a href=\"$uri\">try again</a>.</p>
        "
;

    }
    else {
        
// It's nice to bring good news
        
print "
            <p>No ports responded at host $scann_host. 
            Congratulations - that's a <code>good</code> sign!</p>
            <p>You may <a href=\"$uri\">try again</a>.</p>
        "
;

    }

    print 
"</td></tr>";
    print 
"</table>";

}



?>


<hr noshade size="1">


</center>
</body>

</html>

/*-------------------------------------------------------------------------------------------------------------------------------------*/
/*-------------------------------------------------------------------------------------------------------------------------------------*/
/*                    PORT DEFINITIONS                        */
/*-------------------------------------------------------------------------------------------------------------------------------------*/
/*-------------------------------------------------------------------------------------------------------------------------------------*/

<?PHP


$PORTSNUMBER
[];
$PORTSDESCRIPTION[];

/*       WELL KNOW PORTS PORTS   */

$PORTSNUMBER[0] = 0;
$PORTSDESCRIPTION[0] = "Reserved";

//                          Jon Postel 
$PORTSNUMBER[1] = 1;
$PORTSDESCRIPTION[1] = "TCP Port Service Multiplexer";

//                          Mark Lottor 
$PORTSNUMBER[2] = 2;
$PORTSDESCRIPTION[2] = "Management Utility";

$PORTSNUMBER[3] = 3;
$PORTSDESCRIPTION[3] = "Compression Process";

//                          Bernie Volz 
$PORTSNUMBER[4] = 4;
$PORTSDESCRIPTION[4] = "Unassigned";

$PORTSNUMBER[5] = 5;
$PORTSDESCRIPTION[5] = "Remote Job Entry";

//                          Jon Postel 
$PORTSNUMBER[6] = 6;
$PORTSDESCRIPTION[6] = "Unassigned";

$PORTSNUMBER[7] = 7;
$PORTSDESCRIPTION[7] = "Echo";

//                          Jon Postel 
$PORTSNUMBER[8] = 8;
$PORTSDESCRIPTION[8] = "Unassigned";

$PORTSNUMBER[9] = 9;
$PORTSDESCRIPTION[9] = "Discard";

//                          Jon Postel 
$PORTSNUMBER[10] = 10;
$PORTSDESCRIPTION[10] = "Unassigned";

$PORTSNUMBER[11] = 11;
$PORTSDESCRIPTION[11] = "Active Users";

//                          Jon Postel 
$PORTSNUMBER[12] = 12;
$PORTSDESCRIPTION[12] = "Unassigned";

$PORTSNUMBER[13] = 13;
$PORTSDESCRIPTION[13] = "Daytime";

//                          Jon Postel 
$PORTSNUMBER[14] = 14;
$PORTSDESCRIPTION[14] = "Unassigned";

$PORTSNUMBER[15] = 15;
$PORTSDESCRIPTION[15] = "Unassigned";

$PORTSNUMBER[16] = 16;
$PORTSDESCRIPTION[16] = "Unassigned";

$PORTSNUMBER[17] = 17;
$PORTSDESCRIPTION[17] = "Quote of the Day";

//                          Jon Postel 
$PORTSNUMBER[18] = 18;
$PORTSDESCRIPTION[18] = "Message Send Protocol";

//                          Rina Nethaniel
$PORTSNUMBER[19] = 19;
$PORTSDESCRIPTION[19] = "Character Generator";

$PORTSNUMBER[20] = 20;
$PORTSDESCRIPTION[20] = "File Transfer [Default Data]";

$PORTSNUMBER[21] = 21;
$PORTSDESCRIPTION[21] = "File Transfer [Control]";

//                          Jon Postel 
$PORTSNUMBER[22] = 22;
$PORTSDESCRIPTION[22] = "Unassigned";

$PORTSNUMBER[23] = 23;
$PORTSDESCRIPTION[23] = "Telnet";

//                          Jon Postel 
$PORTSNUMBER[24] = 24;
$PORTSDESCRIPTION[24] = "any private mail system";

//                          Rick Adam 
$PORTSNUMBER[25] = 25;
$PORTSDESCRIPTION[25] = "Simple Mail Transfer";

//                          Jon Postel 
$PORTSNUMBER[26] = 26;
$PORTSDESCRIPTION[26] = "Unassigned";

$PORTSNUMBER[27] = 27;
$PORTSDESCRIPTION[27] = "NSW User System FE";

//                          Robert Thomas 
$PORTSNUMBER[28] = 28;
$PORTSDESCRIPTION[28] = "Unassigned";

$PORTSNUMBER[29] = 29;
$PORTSDESCRIPTION[29] = "MSG ICP";

//                          Robert Thomas 
$PORTSNUMBER[30] = 30;
$PORTSDESCRIPTION[30] = "Unassigned";

$PORTSNUMBER[31] = 31;
$PORTSDESCRIPTION[31] = "MSG Authentication";

//                          Robert Thomas 
$PORTSNUMBER[32] = 32;
$PORTSDESCRIPTION[32] = "Unassigned";

$PORTSNUMBER[33] = 33;
$PORTSDESCRIPTION[33] = "Display Support Protocol";

//                          Ed Cain 
$PORTSNUMBER[34] = 34;
$PORTSDESCRIPTION[34] = "Unassigned";

$PORTSNUMBER[35] = 35;
$PORTSDESCRIPTION[35] = "any private printer server";

//                          Jon Postel 
$PORTSNUMBER[36] = 36;
$PORTSDESCRIPTION[36] = "Unassigned";

$PORTSNUMBER[37] = 37;
$PORTSDESCRIPTION[37] = "Time";

//                          Jon Postel 
$PORTSNUMBER[38] = 38;
$PORTSDESCRIPTION[38] = "Route Access Protocol";

//                          Robert Ullmann 
$PORTSNUMBER[39] = 39;
$PORTSDESCRIPTION[39] = "Resource Location Protocol";

//                          Mike Accetta 
$PORTSNUMBER[40] = 40;
$PORTSDESCRIPTION[40] = "Unassigned";

$PORTSNUMBER[41] = 41;
$PORTSDESCRIPTION[41] = "Graphics";

$PORTSNUMBER[42] = 42;
$PORTSDESCRIPTION[42] = "Host Name Server";

$PORTSNUMBER[43] = 43;
$PORTSDESCRIPTION[43] = "Who Is";

$PORTSNUMBER[44] = 44;
$PORTSDESCRIPTION[44] = "Who Is";

$PORTSNUMBER[45] = 45;
$PORTSDESCRIPTION[45] = "Message Processing Module [recv]";

$PORTSNUMBER[46] = 46;
$PORTSDESCRIPTION[46] = "MPM [default send]";


//                          Jon Postel 
$PORTSNUMBER[47] = 47;
$PORTSDESCRIPTION[47] = "NI FTP";

//                          Steve Kille 
$PORTSNUMBER[48] = 48;
$PORTSDESCRIPTION[48] = "Digital Audit Daemon";

//                          Larry Scott 
$PORTSNUMBER[49] = 49;
$PORTSDESCRIPTION[49] = "Login Host Protocol";

//                          Pieter Ditmars 
$PORTSNUMBER[50] = 50;
$PORTSDESCRIPTION[50] = "Remote Mail Checking Protocol";

//                          Steve Dorner 
$PORTSNUMBER[51] = 51;
$PORTSDESCRIPTION[51] = "IMP Logical Address Maintenance";

//                          Andy Malis 
$PORTSNUMBER[52] = 52;
$PORTSDESCRIPTION[52] = "XNS Time Protocol";

//                          Susie Armstrong 
$PORTSNUMBER[53] = 53;
$PORTSDESCRIPTION[53] = "Domain Name Server";

//                          Paul Mockapetris 
$PORTSNUMBER[54] = 54;
$PORTSDESCRIPTION[54] = "XNS Clearinghouse";

$PORTSNUMBER[55] = 55;
$PORTSDESCRIPTION[55] = "ISI Graphics Language";

$PORTSNUMBER[56] = 56;
$PORTSDESCRIPTION[56] = "XNS Authentication";

$PORTSNUMBER[57] = 57;
$PORTSDESCRIPTION[57] = "any private terminal access";

//                          Jon Postel 
$PORTSNUMBER[58] = 58;
$PORTSDESCRIPTION[58] = "XNS Mail";

//                          Susie Armstrong 
$PORTSNUMBER[59] = 59;
$PORTSDESCRIPTION[59] = "any private file service";


//                          Kathy Huber 
$PORTSNUMBER[66] = 66;
$PORTSDESCRIPTION[66] = "Oracle SQL*NET";

//                          Jack Haverty 
$PORTSNUMBER[67] = 67;
$PORTSDESCRIPTION[67] = "Bootstrap Protocol Server";

$PORTSNUMBER[68] = 68;
$PORTSDESCRIPTION[68] = "Bootstrap Protocol Client";

$PORTSNUMBER[69] = 69;
$PORTSDESCRIPTION[69] = "Trivial File Transfer";

//                          David Clark 
$PORTSNUMBER[70] = 70;
$PORTSDESCRIPTION[70] = "Gopher";

//                          Mark McCahill 
$PORTSNUMBER[71] = 71;
$PORTSDESCRIPTION[71] = "Remote Job Service";

$PORTSNUMBER[76] = 76;
$PORTSDESCRIPTION[76] = "Distributed External Object Store";

$PORTSNUMBER[78] = 78;
$PORTSDESCRIPTION[78] = "vettcp";

//                          Christopher Leong 
$PORTSNUMBER[79] = 79;
$PORTSDESCRIPTION[79] = "Finger";

//                          David Zimmerman 
$PORTSNUMBER[80] = 80;
$PORTSDESCRIPTION[80] = "World Wide Web HTTP";

//                          Jon Postel 
$PORTSNUMBER[88] = 88;
$PORTSDESCRIPTION[88] = "Kerberos";


//                          Eliot Moss 
$PORTSNUMBER[92] = 92;
$PORTSDESCRIPTION[92] = "Network Printing Protocol";


//                          Jeremy Siegel 
$PORTSNUMBER[107] = 107;
$PORTSDESCRIPTION[107] = "Remote Telnet Service";

//                          Joyce K. Reynolds 
$PORTSNUMBER[110] = 110;
$PORTSDESCRIPTION[110] = "Post Office Protocol - Version 3";

//                          Glenn Davis 
$PORTSNUMBER[113] = 113;
$PORTSDESCRIPTION[113] = "Authentication Service";

//                          Martin Forssen 
$PORTSNUMBER[115] = 115;
$PORTSDESCRIPTION[115] = "Simple File Transfer Protocol";

//                          Larry Barnes 
$PORTSNUMBER[119] = 119;
$PORTSDESCRIPTION[119] = "Network News Transfer Protocol";

//                          Larry Peterson 
$PORTSNUMBER[137] = 137;
$PORTSDESCRIPTION[137] = "NETBIOS Name Service";

$PORTSNUMBER[138] = 138;
$PORTSDESCRIPTION[138] = "NETBIOS Datagram Service";

$PORTSNUMBER[139] = 139;
$PORTSDESCRIPTION[139] = "NETBIOS Session Service";


/*       REGISTRED PORTS   */

$PORTSNUMBER[1024] = 1024;
$PORTSDESCRIPTION[1024] = "Reserved";

//                          IANA 
$PORTSNUMBER[1025] = 1025;
$PORTSDESCRIPTION[1025] = "network blackjack";

$PORTSNUMBER[1356] = 1356;
$PORTSDESCRIPTION[1356] = "CuillaMartin Company";


//                          Per Schroeder  
$PORTSNUMBER[1361] = 1361;
$PORTSDESCRIPTION[1361] = "LinX";


//                          Jeffery Chiao
$PORTSNUMBER[1366] = 1366;
$PORTSDESCRIPTION[1366] = "Novell NetWare Comm Service Platform";


//               Mary Ann Burt 
$PORTSNUMBER[1376] = 1376;
$PORTSDESCRIPTION[1376] = "IBM Person to Person Software";


//                          Andreas Glocker 
$PORTSNUMBER[1387] = 1361;
$PORTSDESCRIPTION[1387] = "Computer Aided Design Software Inc LM";


//                          Jeffrey Millman 
$PORTSNUMBER[1416] = 1405;
$PORTSDESCRIPTION[1416] = "Novell LU6.2";

//                          Bob Braden 
$PORTSNUMBER[1428] = 1428;
$PORTSDESCRIPTION[1428] = "Informatik License Manager";


//                          Steve Beigel 
$PORTSNUMBER[1433] = 1433;
$PORTSDESCRIPTION[1433] = "Microsoft-SQL-Monitor";

$PORTSNUMBER[1434] = 1434;
$PORTSDESCRIPTION[1434] = "Microsoft-SQL-Monitor";

//                           Matt Timmermans
$PORTSNUMBER[1465] = 1465;
$PORTSDESCRIPTION[1465] = "Pipes Platform";

//                           Eric Soderberg 
$PORTSNUMBER[1477] = 1477;
$PORTSDESCRIPTION[1477] = "ms-sna-server";

$PORTSNUMBER[1478] = 1478;
$PORTSDESCRIPTION[1478] = "ms-sna-base";

            
?>

Comments or questions?
PX is running PHP 5.2.17
Thanks to Miranda Productions for hosting and bandwidth.
Use of any code from PX is at your own risk.