How to Code Your Own Port Scanner Using BASH Script and netcat Tool in Linux?

The first step of penetration testing is reconnaissance (information gathering) which involves scanning for open ports in the machine. There are various tools available on the internet to perform port scanning but, the ability to make your own port scanner is just felt amazing. So here are the steps to follow in order to achieve the same. To make this port scanner we will use netcat. You can use (nc -h or man nc) to see what it is and what it does in detail.

Source code:

#!/bin/bash
if ["$1" == "" ]
then
  echo "Usage: ./port.sh [IP]"
  echo "Example ./port.sh 192.168.1.10"
else
  echo "Please wait while it is scanning all the open ports..."
  nc -nvz $1 1-65535 > $1.txt 2>&1
fi
tac $1.txt
rm -rf $1.txt

Output:

Steps to Use this Port Scanner:

Step 1: Copy the source code and create a file port.sh and paste the code into it and then save it.

Step 2: Make sure to give the executable permission to your script. Type the below command to do so.

chmod +x port.sh

Step 3: Usage for the script type (./port.sh [followed by the target’s IP address]) 

./port.sh 192.168.1.10

Functionality:

#!/bin/bash

Since we are using bash, the first line will be the shebang line. Shebang(#!) will instruct the operating system that which interpreter we are using, so in our case, we are using bash, so we will specify the path of it(/bin/bash).

if ["$1" == "" ]
then
  echo "Usage: ./port.sh [IP]"
  echo "Example ./port.sh 192.168.1.10"

Here we will use the if statement to see whether our variable $1 has a proper and valid value or not. In our case, if our variable does not contain any value so it will show the usage of the script.

else
  echo "Please wait while it is scanning all the open ports..."
  nc -nvz $1 1-65535 > $1.txt 2>&1
fi

Where there is an if there is an else, so if our variable $1 contains a proper and valid value, so it will trigger our else statement in which we are using Netcat command to see how many and which ports are open in the target machine, then we are storing the output (result) in a text file which will be named same as the IP address (the user will enter). And then we are using the fi command to indicate the end of our (if/else) statement.

Note: You can use (nc -h or man nc) to see what netcat is and what it does in detail.

tac $1.txt
rm -rf $1.txt

The result will be stored from the last open port to the first open port it finds, so we will use tac command (which is reverse of cat command) which will so the result in reverse order, so it will convert the result into the right order i.e. from first open port to last open port. And then finally after showing the result in the right order we will use rm -rf command to remove (delete) the output text file.

Note:

nc -nvz $1 1-65535 > $1.txt 2>&

In the source code in line 8, (nc -nvz $1 1-65535 > $1.txt 2>&) you can customize your ports under which range you have to scan.