Linux - /dev/tcp/<HOSTNAME>/<PORT>

Linux中存在一个特殊的设备文件/dev/tcp/<HOSTNAME>/<PORT>，该文件可以直接和目标建立TCP通信，利用这一特性可以进行端口检测。

 

zzh@ZZHPC:/dev$ lh | grep tcp

zzh@ZZHPC:/dev$ echo > /dev/tcp/192.168.1.16/21
zzh@ZZHPC:/dev$ echo > /dev/tcp/192.168.1.16/22
bash: connect: Connection refused
bash: /dev/tcp/192.168.1.16/22: Connection refused

zzh@ZZHPC:/dev$ lh /dev/tcp/192.168.1.16/22
ls: cannot access '/dev/tcp/192.168.1.16/22': No such file or directory
zzh@ZZHPC:/dev$ lh /dev/tcp/192.168.1.16/21
ls: cannot access '/dev/tcp/192.168.1.16/21': No such file or directory

没有输出表示端口是通的，有输出端口不通。

 

portscan.txt

172.17.0.1 21,22,8080
192.168.1.16 21,22,80

 

portscan.sh:

if [[ -n "$1" ]] && [[ -f "$1" ]]; then
    while read -r line; do    # -r    do not allow backslashes to escape any characters
        machine=$(echo "$line" | cut -d' ' -f1) || exit 100
        ports=$(echo "$line" | cut -d' ' -f2) || exit 101
        OLD_IFS=$IFS
        IFS=","
        for port in $ports; do
            if (echo > /dev/tcp/"$machine"/"$port") > /dev/null 2>&1; then
                echo "OK: $machine -> $port"
            else
                echo "ERROR: $machine -> $port"
            fi
        done
        IFS=$OLD_IFS
    done < "$1"
else
    echo "ERROR: Invalid or missing data file!"
    exit 103
fi

 

zzh@ZZHPC:~/aaa$ ./portscan.sh portscan.csv 
OK: 172.17.0.1 -> 21
ERROR: 172.17.0.1 -> 22
ERROR: 172.17.0.1 -> 8080
OK: 192.168.1.16 -> 21
ERROR: 192.168.1.16 -> 22
ERROR: 192.168.1.16 -> 80


zzh@ZZHPC:~/aaa$ ./portscan.sh portscan.csv | sort -k1
ERROR: 172.17.0.1 -> 22
ERROR: 172.17.0.1 -> 8080
ERROR: 192.168.1.16 -> 22
ERROR: 192.168.1.16 -> 80
OK: 172.17.0.1 -> 21
OK: 192.168.1.16 -> 21