不借助工具进行端口扫描

Linux

单个端口

timeout 1 bash -c "echo >/dev/tcp/baidu.com/888" && echo open || echo closed

image.png

端口范围

for i in {80..100}; do timeout 1 bash -c "echo >/dev/tcp/baidu.com/$i" && echo "$i open" || echo "$i closed"; done

image.png

端口列表

for i in {80,3389}; do timeout 1 bash -c "echo >/dev/tcp/baidu.com/$i" && echo "$i open" || echo "$i closed"; done

image.png

Windows

单个端口

powershell.exe -c "%{tnc -InformationLevel Quiet baidu.com -port 80}"

image.png

powershell.exe -c "%{if(tnc -InformationLevel Quiet baidu.com -port 80){echo $_'----open'}else{echo $_'----close'}}"

端口范围

powershell.exe -c "80..90 | %{if(tnc -InformationLevel Quiet baidu.com -port $_){echo $_'----open';}else{echo $_'----close';}}"

image.png

端口列表

powershell.exe -c "80,3389 | %{if(tnc -InformationLevel Quiet baidu.com -port $_){echo $_'----open';}else{echo $_'----close';}}"

image.png

参考：《照弹不误：出站端口受限环境下反弹Shell的思考》