Facebook Linkedin Youtube
Book An Appointment

Network Scanning Made Easy with PowerShell: A Comprehensive Guide

Network Scanning Made Easy with PowerShell: A Comprehensive Guide

August 27, 2024

In today’s digital landscape, understanding the security posture of your network is more important than ever. One of the essential tasks for any IT professional or network administrator is scanning the network to identify active hosts and open ports. Traditionally, tools like Nmap have been the go-to solutions for this purpose. However, did you know that PowerShell, a powerful scripting language built into Windows, can be leveraged to perform network scans as well? In this post, we’ll explore a versatile PowerShell script designed to scan networks, identify active hosts, and detect open ports.

Why Use PowerShell for Network Scanning? PowerShell is a powerful and flexible scripting language that’s available by default on Windows systems. By using PowerShell for network scanning, you can:

  • Quickly assess the security posture of your network.
  • Customize the script to meet your specific needs.
  • Avoid the need for third-party tools, keeping everything in-house and secure.

Introducing the Network Sweep Script Our PowerShell script is designed to perform a network sweep to identify hosts and open ports. It allows you to specify an IP range or a single IP address, an optional output file to save the results, and a list of ports or a range of ports to scan.

Key Features:

  • IP Range and Single IP Scanning: Scan either a single IP address or a whole range of IP addresses.
  • Port and Port Range Scanning: Customize the ports to scan, either by specifying individual ports or a range.
  • Optional Output to File: Save the results to a file or simply view them on the console.

Script Breakdown: Here’s the complete PowerShell script:

powershell




  
param (
    [string]$IP,
    [string]$outputFile = "",  # Making the output file optional
    [string]$Ports = "21,22,23,80,443,3389"  # Adding an optional ports parameter
)

# Function to display usage instructions
function Show-Usage {
    @"
Usage:
    .\NetworkSweep.ps1 -IP  [-outputFile ] [-Ports ]

Examples:
    .\NetworkSweep.ps1 -IP "192.168.1.0/24" -outputFile "ScanResults.txt" -Ports "22,80,443"
    .\NetworkSweep.ps1 -IP "192.168.1.100" -outputFile "SingleHostScan.txt" -Ports "21-23,80"

Description:
    This script performs a network sweep to identify hosts and open ports within a given IP
    range or for a single IP address. It mimics some of the functionality of the nmap -A option by
    scanning specified ports and providing a report of the open ports.

Parameters:
    -IP          Specifies the IP or IP range to scan.
    -outputFile  Specifies the file to which the scan results will be saved. (optional)
    -Ports       Specifies the ports or range of ports to scan. (optional, default is "21,22,23,80,443,3389")
"@
}

# Check if help is requested or required parameters are missing
if ($PSBoundParameters.ContainsKey('Help') -or -not $IP) {
    Show-Usage
    exit
}

# Parse the Ports parameter to create a list of ports to scan
$ports = @()
if ($Ports -match ",") {
    $ports = $Ports -split ","
} elseif ($Ports -match "-") {
    $startPort, $endPort = $Ports -split "-", 2
    $ports = $startPort..$endPort
} else {
    $ports = $Ports
}

# Function to expand IP range if an IP is provided
function Expand-IPRange($IP) {
    $ipRange = @()
    if ($IP -match '/') {
        $ip, $prefix = $IP -split '/', 2
        $ipAddress = [System.Net.IPAddress]::Parse($ip).GetAddressBytes()
        [Array]::Reverse($ipAddress)
        $ipDecimal = [System.BitConverter]::ToUInt32($ipAddress, 0)
        $maskDecimal = [uint32]::MaxValue - ([math]::Pow(2, (32 - $prefix)) - 1)
        $networkAddress = $ipDecimal -band $maskDecimal
        $broadcastAddress = $networkAddress -bor ([math]::Pow(2, (32 - $prefix)) - 1)
        for ($i = $networkAddress + 1; $i -lt $broadcastAddress; $i++) {
            $ipRange += [System.Net.IPAddress]::new($i).IPAddressToString
        }
    } else {
        $ipRange += $IP
    }
    return $ipRange
}

# Function to test ports on a given IP address
function Test-Port($ip, $port) {
    $tcpclient = New-Object system.net.sockets.tcpclient
    try {
        $connect = $tcpclient.BeginConnect($ip, $port, $null, $null)
        $wait = $connect.AsyncWaitHandle.WaitOne(500, $false)
        if ($wait -and $tcpclient.Connected) {
            $tcpclient.Close()
            return "$ip has $port open"
        } else {
            $tcpclient.Close()
            return "$ip has $port closed"
        }
    } catch {
        $tcpclient.Close()
        return "$ip has $port closed"
    }
}

# Expand the IP range based on the IP provided
$ipRange = Expand-IPRange $IP

# Scan each IP in the range
$results = foreach ($ip in $ipRange) {
    if (Test-Connection -ComputerName $ip -Count 1 -Quiet) {
        "Scanning $ip for open ports..."
        foreach ($port in $ports) {
            Test-Port -ip $ip -port $port
        }
    } else {
        "$ip is not responsive"
    }
}

# Output results to the specified file or display on console
if ($outputFile) {
    $results | Out-File -FilePath $outputFile
} else {
    $results | Out-Host
}
  
  
Copied...

How to Use the Script:

  1. Download or Copy the Script: Copy the script code provided above into a file named NetworkSweep.ps1.
  2. Run PowerShell as Administrator: Ensure you have the necessary permissions to execute scripts.
  3. Execute the Script:

To scan an IP range and save results to a file:
.\NetworkSweep.ps1 -IP “192.168.1.0/24” -outputFile “ScanResults.txt”

To scan a single IP and display the results on the console:
.\NetworkSweep.ps1 -IP “192.168.1.100”

To specify a custom range of ports:
.\NetworkSweep.ps1 -IP “192.168.1.0/24” -Ports “80-90,443”

Conclusion: By leveraging this PowerShell script, you can efficiently scan your network and detect any open ports or active hosts. It’s a great way to perform quick audits and checks without needing third-party tools. Feel free to modify and adapt the script to suit your needs, and always ensure you have proper authorization when scanning networks!Call to Action: Do you have any suggestions for enhancing this script further? Leave a comment below, or feel free to reach out to us. If you found this guide helpful, don’t forget to share it with your network!

Leave a Reply

Your email address will not be published. Required fields are marked *

Share:

Facebook
Twitter
LinkedIn

Related tags

no tags found

Send Us A Message

About our Company

Empowering your business with innovative IT solutions – where technology meets reliability.

Facebook Linkedin Youtube

Quick Links

Blogs

Copyrights © 2024 All Rights Reserved by Kalluri IT
Facebook Linkedin Youtube
Book An Appointment

Unlock Your Free Cybersecurity Essentials Guide!

Are you confident your business is protected from cyber threats? Don’t miss out on our exclusive guide:

Cybersecurity Essentials for Business Owners
Learn vital protection strategies and insights tailored for today’s digital challenges.

Simply fill out your details and we’ll send the PDF straight to your inbox. Gain the knowledge to safeguard your business effectively!