Friday, April 26, 2013

Quickly Determine Allowed Outbound Ports

I recently had a co-worker who needed to quickly determine the ports that were allowed outbound on a network. After some research, I stumbled upon @mubix 's awesome creation, being

Using iptables and some apache-fu, he created a machine that will answer on each port that is connected to. This is nothing new, I just simply wanted to share a couple quick ways to find open outbound ports using native command shells and

**Update: mubix has shut down (sadface). I have now modified the scripts to work with another site that does the same thing (



**Update: After talking with @mubix, I have rewritten this to reduce potential false positive scenarios associated with pre-routing/proxies

$ErrorActionPreference = "silentlycontinue"; 1..1024 | % {$req = [System.Net.WebRequest]::Create("$_"); req.Timeout = 600; $resp = $req.GetResponse(); $respstream = $resp.GetResponseStream(); $stream = new-object System.IO.StreamReader $respstream; $out = $stream.ReadToEnd(); if ($out.trim() | select-string "Yep"){echo "$_ Allowed out"}}

Cmd.exe (using netcat):

for /L %i in (1,1,1024) do @nc.exe -z -v %i | findstr "Yep"


Bash (using netcat):

for ((i=1; i<1024; i++)) do nc -z -v $i | grep "Yep"; done

import urllib2;
for x in range (1,1024):
        url = "" % x;
                r = urllib2.urlopen(url, timeout=1);
                print "Port: %d" %x; print "Result: ",;
        except urllib2.URLError, err:
                print "Port: %d" %x; print "Result: Refused";