Connection\RDP test and Port Scanning Scripts

By: Larry Brasher

Some of the feedback on the articles I wrote presented a concern of not being able to use or download Nmap on the
network:

Port scanning and reconnaissance via NMAP By: Larry Brasher | LinkedIn

Stealth Port Scanning. Stealth, Decoy or Zombie. By: Larry Brasher | LinkedIn

Well, all is not lost as you can create your own port scanner with the Windows inbox Powershell, at least to some degree.
While not as robust or feature rich as NMAP, the script I wrote does allow you to scan servers in a text file list via
whatever range you want to specify for TCP.

Disclaimer: The script in question was created and tested in my own home lab, on my own time, at my own expense and
resources. There is no proprietary code from any source listed other than what is native to powershell and\or publicly
listed. Any and all resources used or referenced are fully open to the public, such as TechNet for example.

Dedicated to Mohanapriya (Priya) my friend who inspires me to be better than I am.

Synopsis: This document incorporates three powershell scripts.

The first one is to test either ping or port access for RDP. You’ll be prompted for the selection of which test to perform.
The second and third one is to test TCP port access to a range of ports you wish to specify.

Disclaimer: The script in question was created and tested in my own home lab, on my own time, at my own expense and
resources. There is no proprietary code from any source listed other than what is native to powershell and\or publicly
listed. Any and all resources used or referenced are fully open to the public, such as TechNet for example.

Warning: The port scanning script should be used with caution. While simple to use and simple in its scripting, if used on
your network without consent, it could be detected by security monitoring tools as an exploit or reconnaissance attempt.
A test-netconnection for “A” port, singular, is of no consequence but against a range of ports can be prone to a different
interpretation of intent. I personally will NOT be doing such a thing at work against a range of ports. If you are part of
the security team and you have management approval then you are covered as management is aware. Never assume
you are not violating any company policy but rather err on the side of caution and find out first. All of this is up to YOU
to find out as each company is different.

Script 1: Ping or RDP test against a sever list

Here is an example of the output.

You get prompted for either “P” for ping or “R” for checking to see if RDP port is listening.
Note both the success on RDP check and the failed response for 3389 for one of the machines for IPv4 and Ipv6.

And of course the notice given should you give a response for something other than “P” or “R”.

Script
*************************

#Created by: Shane Brasher

function Test-Connectivity {

$servers = Get-Content -Path C:\users\Shane\Desktop\ServerList.txt

$date= Get-date

$choice = Read-Host "Do you want to ping (P) or test RDP port 3389 (R) on $server?"

foreach ($server in $servers) {

if ($choice -eq "P") {

# Ping option

if (Test-Connection -ComputerName $server -Count 1 -ErrorAction SilentlyContinue) {

Write-Host "$server is online at: $date" -ForegroundColor Green

} else {

Write-Host "$server is down" -ForegroundColor Red

}elseif ($choice -eq "R") {

# RDP port testing option

$result = Test-NetConnection -ComputerName $server -Port 3389

if ($result. TcpTestSucceeded) {

Write-Host "$server Port 3389 is listening" -ForegroundColor Green

} else {

Write-Host "$server Port 3389 is closed" -ForegroundColor Red

} else {

Write-Host "Invalid choice. Please select 'P' for ping or 'T' for RDP port testing." -ForegroundColor Red

Test-Connectivity

Script 2: Port Scan against a server list for a range of port

This script scans against a list of servers for a range of ports. The range of course can be altered to whatever you want.
Note that this is for TCP and not UDP.

Output below. Notice the closed vs opened ports.

Script
*****

Port Scan against a list of computers. Output is only for listening ports. You can alter the port range as you see fit in red
below:
********************

#Created by: Shane Brasher

Function PortScan {

$complist = Get-Content "D:\PowerShell\complist.txt"

$StartPort = 80
$EndPort = 100

foreach ($comp in $complist) {

for ($Port = $StartPort; $Port -le $EndPort; $Port++) {
$result = Test-NetConnection -ComputerName $comp -Port $Port
if ($result.TcpTestSucceeded) {
Write-Host "$comp - Port $Port is open." -ForegroundColor green
}
}
}
}
PortScan
#End
 Script 3. PortScan Port Range prompt—same thing but you are prompted for a port range.

#prompt for port range.

Function PortScanv2 {

# Prompt user for start and end port

$StartPort = Read-Host "Enter the start port:"

$EndPort = Read-Host "Enter the end port:"

foreach ($comp in $complist) {

for ($Port = [int]$StartPort; $Port -le [int]$EndPort; $Port++) {

$result = Test-NetConnection -ComputerName $comp -Port $Port

if ($result.TcpTestSucceeded) {

Write-Host "$comp - Port $Port is open." -ForegroundColor green

PortScanv2
#END

Output