Network Scanner v1.0

This PowerShell script is a network scanner. Utilising the Invoke-PingSweep function, it will attempt to ping each host in the specified range and if it gets a response, it will attempt to find open ports from a specified list.

The Invoke-PingSweep function is available from the TechNet gallery and I take no credit for writing this integral part of the script. https://gallery.technet.microsoft.com/scriptcenter/Invoke-TSPingSweep-b71f1b9b

This script will then output a list of discovered IP addresses, hostnames and open ports. There are options to then export to a CSV and/or TXT file as well.

Usage: .\NetScan.ps1 -StartIP 0.0.0.0 -EndIP 1.1.1.1 [-CSV file.csv] [-TXT file.txt] [-CSVHostsOnly] [-TXTHostsOnly]

download-icon.273921f460a0c6119fe317a1393d1ce1 Download the Network Scanner v1.0 here!

#################################################################################################
#                                                                                               #
#   Network Scanner v1.0                                                                        #
#                                                                                               #
#   Written by: Mike Oldfield                                                                   #
#   Date: 02/06/2016                                                                            #
#                                                                                               #
#   This PS1 scans a specified range of IP addresses. It will find all online nodes, resolve    #
#   to a hostname and scan for open ports from a specified list.                                #
#                                                                                               #
#   This PS1 utilises function "Invoke-PingSweep", avaialble from the TechNet Gallery.          #
#   https://gallery.technet.microsoft.com/scriptcenter/Invoke-TSPingSweep-b71f1b9b              #
#                                                                                               #
#   Usage: .\NetScan.ps1 -StartIP 0.0.0.0 -EndIP 0.0.0.0 [-CSV file.csv] [-TXT file.txt]        #
#                        [-CSVHostsOnly] [-TXTHostsOnly]                                        #
#                                                                                               #
#################################################################################################

#############################
#                           #
#        PARAMETERS         #
#                           #
#############################

# Set some avaialble paramters. This bit must come first.
param(
    
    [string]$CSV = "NetScan.csv",       # -CSV: Specifies where you want to save the CSV file output. If not specified, "NetScan.csv" will be created in the directory the script was executed
    [string]$TXT = "NetScan.txt",       # -TXT: Specifies where you want to save the TXT file output. If not specified, "NetScan.txt" will be created in the directory the script was executed
    [switch]$CSVHostsOnly = $false,     # -CSVHostsOnly: Requests that only the hostnames be exported to the CSV file
    [switch]$TXTHostsOnly = $false,     # -TXTHostsOnly: Requests that only the hostnames be exported to the TXT file
    [Parameter(Mandatory = $true)]
    [string]$StartIP,                   # -StartIP: Specifies the first IP address in the range you wish to scan, for example 10.0.0.1
    [Parameter(Mandatory = $true)]
    [string]$EndIP                      # -EndIP: Specifies the last IP address in the range you wish to scan, for example 10.0.0.20

)

#############################
#                           #
#         VARIABLES         #
#                           #
#############################

$scriptVer = "v1.0"                 # What version of the script is this? Used for header info
$scriptAuth = "Mike Oldfield"       # Who wrote the script?
$scriptLastUpdate = "02/06/2016"    # When was the script last updated?

#############################
#                           #
#         FUNCTIONS         #
#                           #
#############################

# Invoke-PingSweep: https://gallery.technet.microsoft.com/scriptcenter/Invoke-TSPingSweep-b71f1b9b

function Invoke-TSPingSweep { 

  Param( 
    [parameter(Mandatory = $true, 
      Position = 0)] 
    [ValidatePattern("\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b")] 
    [string]$StartAddress, 
    [parameter(Mandatory = $true, 
      Position = 1)] 
    [ValidatePattern("\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b")] 
    [string]$EndAddress, 
    [switch]$ResolveHost, 
    [switch]$ScanPort, 
    [int[]]$Ports = @(21,22,23,53,69,71,80,98,110,139,111,389,443,445,1080,1433,2001,2049,3001,3128,5222,6667,6868,7777,7878,8080,1521,3306,3389,5801,5900,5555,5901,9998,9999), 
    [int]$TimeOut = 100 
  ) 
  Begin { 
    $ping = New-Object System.Net.Networkinformation.Ping 
  } 
  Process { 
    foreach($a in ($StartAddress.Split(".")[0]..$EndAddress.Split(".")[0])) { 
      foreach($b in ($StartAddress.Split(".")[1]..$EndAddress.Split(".")[1])) { 
        foreach($c in ($StartAddress.Split(".")[2]..$EndAddress.Split(".")[2])) { 
          foreach($d in ($StartAddress.Split(".")[3]..$EndAddress.Split(".")[3])) { 
            write-progress -activity PingSweep -status "$a.$b.$c.$d" -percentcomplete (($d/($EndAddress.Split(".")[3])) * 100) 
            $pingStatus = $ping.Send("$a.$b.$c.$d",$TimeOut) 
            if($pingStatus.Status -eq "Success") { 
              if($ResolveHost) { 
                write-progress -activity ResolveHost -status "$a.$b.$c.$d" -percentcomplete (($d/($EndAddress.Split(".")[3])) * 100) -Id 1 
                $getHostEntry = [Net.DNS]::BeginGetHostEntry($pingStatus.Address, $null, $null) 
              } 
              if($ScanPort) { 
                $openPorts = @() 
                for($i = 1; $i -le $ports.Count;$i++) { 
                  $port = $Ports[($i-1)] 
                  write-progress -activity PortScan -status "$a.$b.$c.$d" -percentcomplete (($i/($Ports.Count)) * 100) -Id 2 
                  $client = New-Object System.Net.Sockets.TcpClient 
                  $beginConnect = $client.BeginConnect($pingStatus.Address,$port,$null,$null) 
                  if($client.Connected) { 
                    $openPorts += $port 
                  } else { 
                    # Wait 
                    Start-Sleep -Milli $TimeOut 
                    if($client.Connected) { 
                      $openPorts += $port 
                    } 
                  } 
                  $client.Close() 
                } 
              } 
              if($ResolveHost) { 
                $hostName = ([Net.DNS]::EndGetHostEntry([IAsyncResult]$getHostEntry)).HostName 
              } 
              # Return Object 
              New-Object PSObject -Property @{ 
                IPAddress = "$a.$b.$c.$d"; 
                HostName = $hostName; 
                Ports = $openPorts
              } | Select-Object IPAddress, HostName, Ports 
            } 
          } 
        } 
      } 
    } 
  } 
  End { 
  } 
}

#############################
#                           #
#          HEADER           #
#                           #
#############################

# Write a pretty header
Write-Host "`r`n################################################`r`n" -ForegroundColor darkcyan -NoNewLine
Write-Host "#####   " -ForegroundColor darkgray -NoNewLine
Write-Host "Network Scanner $scriptVer               " -ForegroundColor gray -NoNewLine
Write-Host "#####`r`n#####   " -ForegroundColor darkgray -NoNewLine
Write-Host "Written by: $scriptAuth" -ForegroundColor gray -NoNewLine
Write-Host "          #####`r`n#####   " -ForegroundColor darkgray -NoNewLine
Write-Host "Last Updated: $scriptLastUpdate " -ForegroundColor gray -NoNewLine
Write-Host "          #####`r`n" -ForegroundColor darkgray -NoNewLine
Write-Host "################################################`r`n" -ForegroundColor darkcyan


#############################
#                           #
#        SCRIPTY BIT        #
#                           #
#############################

# Tell us what we're about to do
Write-Host "Scanning IP range: " -ForegroundColor yellow -NoNewLine
Write-Host "$StartIP - $EndIP`r`n"

# Start trying to do the scans, but catch any errors at the end
try {
    
    # Run the network scan against the requested IP range
    $Scan = Invoke-TSPingSweep -StartAddress $StartIP -EndAddress $EndIP -ResolveHost -ScanPort
    
    # Write a message telling us the results are coming...
    Write-Host "Scan Results:" -ForegroundColor green
    
    # Grab and display the results from the network scan
    $Scan | Select-Object IPAddress, HostName, Ports
    
    # Check if we asked only for the hostnames in a CSV
    if ($CSVHostsOnly) {
    
        # If we did, write the hostnames to a CSV file. File name specified by parameter $csv
        $Scan | Select-Object HostName | Export-CSV $csv -NoTypeInformation
    
    # But if we didn't...
    } else {
    
        # Write everything to a CSV file. Convert the ports to a string separated by ;
        $Scan | Select-Object IPAddress, HostName, @{Name="Ports";Expression={[string]::join("; ", ($_.Ports))}} | Export-CSV $csv -NoTypeInformation
        
    }
    
    # Check if we asked only for the hostnames in a TXT
    if ($TXTHostsOnly) {
    
        # If we did, write the hostnames to a TXT file, stripping out the header. File name specified by parameter $txt
        $Scan | Select-Object -ExpandProperty HostName | Out-File $txt
    
    # But if we didn't...
    } else {
    
        # Write everything to a TXT file
        $Scan | Select-Object IPAddress, HostName, Ports | Out-File $txt
    
    }
    
# Capture any errors
} catch [System.Exception] {

    # Report any errors in red
    Write-Host "`r`nError! $_`r`n" -ForegroundColor red
    
    # Kill the script
    Exit

}

 

%d bloggers like this: