通常情況下,為了檢測(cè)指定的TCP端口是否存活��,我們都是通過(guò)telnet指定的端口看是否有響應(yīng)來(lái)確定���,然而默認(rèn)情況下win8以后的系統(tǒng)默認(rèn)是不安裝telnet的。設(shè)想一下如果你黑進(jìn)了一個(gè)服務(wù)器���,上面沒(méi)裝telnet�����,但是為了進(jìn)一步滲透進(jìn)內(nèi)網(wǎng),需要探測(cè)內(nèi)部服務(wù)器特定端口是否打開(kāi)�����,同時(shí)你還不愿意安裝telnet���,擔(dān)心引起管理員注意��。那么好吧��,在這個(gè)情況下你需要我的這個(gè)腳本�����。由于它是原生態(tài)的PowerShell語(yǔ)句完成,木有telnet你也照樣能檢測(cè)TCP端口的情況了����。
=====文件名:Get-TCPResponse.ps1=====
Function Get-TCPResponse {
<# Author:fuhj(powershell#live.cn ,http://fuhaijun.com)
.SYNOPSIS
Tests TCP port of remote or local system and returns a response header
if applicable
.DESCRIPTION
Tests TCP port of remote or local system and returns a response header
if applicable
If server has no default response, then Response property will be NULL
.PARAMETER Computername
Local or remote system to test connection
.PARAMETER Port
TCP Port to connect to
.PARAMETER TCPTimeout
Time until connection should abort
.EXAMPLE
Get-TCPResponse -Computername pop.126.com -Port 110
Computername : pop.126.com
Port : 110
IsOpen : True
Response : +OK Welcome to coremail Mail Pop3 Server (126coms[75c606d72bf436dfbce6.....])
Description
-----------
Checks port 110 of an mail server and displays header response.
#>
[OutputType('Net.TCPResponse')]
[cmdletbinding()]
Param (
[parameter(ValueFromPipeline,ValueFromPipelineByPropertyName)]
[Alias('__Server','IPAddress','IP','domain')]
[string[]]$Computername = $env:Computername,
[int[]]$Port = 25,
[int]$TCPTimeout = 1000
)
Process {
ForEach ($Computer in $Computername) {
ForEach ($_port in $Port) {
$stringBuilder = New-Object Text.StringBuilder
$tcpClient = New-Object System.Net.Sockets.TCPClient
$connect = $tcpClient.BeginConnect($Computer,$_port,$null,$null)
$wait = $connect.AsyncWaitHandle.WaitOne($TCPtimeout,$false)
If (-NOT $wait) {
$object = [pscustomobject] @{
Computername = $Computer
Port = $_Port
IsOpen = $False
Response = $Null
}
} Else {
While ($True) {
#Let buffer
Start-Sleep -Milliseconds 1000
Write-Verbose "Bytes available: $($tcpClient.Available)"
If ([int64]$tcpClient.Available -gt 0) {
$stream = $TcpClient.GetStream()
$bindResponseBuffer = New-Object Byte[] -ArgumentList $tcpClient.Available
[Int]$response = $stream.Read($bindResponseBuffer, 0, $bindResponseBuffer.count)
$Null = $stringBuilder.Append(($bindResponseBuffer | ForEach {[char][int]$_}) -join '')
} Else {
Break
}
}
$object = [pscustomobject] @{
Computername = $Computer
Port = $_Port
IsOpen = $True
Response = $stringBuilder.Tostring()
}
}
$object.pstypenames.insert(0,'Net.TCPResponse')
Write-Output $object
If ($Stream) {
$stream.Close()
$stream.Dispose()
}
$tcpClient.Close()
$tcpClient.Dispose()
}
}
}
}
首先創(chuàng)建一個(gè)System.Net.Sockets.TCPClient對(duì)象,去連接指定的域名和端口,瞬間斷開(kāi)的那是服務(wù)器沒(méi)開(kāi)那個(gè)端口�����,直接被拒絕了�����,如果沒(méi)拒絕�,那就等著服務(wù)器端給你響應(yīng),然后讀取字節(jié)流拼接起來(lái)進(jìn)行解析��。
最后需要強(qiáng)調(diào)的是需要對(duì)打開(kāi)的流和TCP連接進(jìn)行關(guān)閉��,以便釋放資源
調(diào)用方法如下:
