I recently had a co-worker who needed to quickly determine the ports that were allowed outbound on a network. After some research, I stumbled upon @mubix 's awesome creation, being www.letmeoutofyour.net.
Using iptables and some apache-fu, he created a machine that will answer on each port that is connected to. This is nothing new, I just simply wanted to share a couple quick ways to find open outbound ports using native command shells and letmeoutofyour.net.
Windows
Powershell:
**Update: After talking with @mubix, I have rewritten this to reduce potential false positive scenarios associated with pre-routing/proxies
$ErrorActionPreference = "silentlycontinue"; 1..1024 | % {$req = [System.Net.WebRequest]::Create("http://open.zorinaq.com:$_"); req.Timeout = 600; $resp = $req.GetResponse(); $respstream = $resp.GetResponseStream(); $stream = new-object System.IO.StreamReader $respstream; $out = $stream.ReadToEnd(); if ($out.trim() | select-string "Yep"){echo "$_ Allowed out"}}
Cmd.exe (using netcat):
for /L %i in (1,1,1024) do @nc.exe -z -v open.zorinaq.com %i | findstr "Yep"
Linux
Using iptables and some apache-fu, he created a machine that will answer on each port that is connected to. This is nothing new, I just simply wanted to share a couple quick ways to find open outbound ports using native command shells and letmeoutofyour.net.
**Update: mubix has shut down letmeoutofyour.net (sadface). I have now modified the scripts to work with another site that does the same thing (open.zorinaq.com).
**Update: After talking with @mubix, I have rewritten this to reduce potential false positive scenarios associated with pre-routing/proxies
$ErrorActionPreference = "silentlycontinue"; 1..1024 | % {$req = [System.Net.WebRequest]::Create("http://open.zorinaq.com:$_"); req.Timeout = 600; $resp = $req.GetResponse(); $respstream = $resp.GetResponseStream(); $stream = new-object System.IO.StreamReader $respstream; $out = $stream.ReadToEnd(); if ($out.trim() | select-string "Yep"){echo "$_ Allowed out"}}
Cmd.exe (using netcat):
for /L %i in (1,1,1024) do @nc.exe -z -v open.zorinaq.com %i | findstr "Yep"
Linux
Bash (using netcat):
for ((i=1; i<1024; i++)) do nc -z -v open.zorinaq.com $i | grep "Yep"; done
Python:
https://github.com/jakxx/Scripts/blob/master/lemmeout.py
Bash (using netcat): for ((i=1; i<1024; i++)) do nc -z -v open.zorinaq.com $i | grep "Yep"; done
Python:
https://github.com/jakxx/Scripts/blob/master/lemmeout.py
https://github.com/jakxx/Scripts/blob/master/lemmeout.py