The Bash script outputs text stating each IP address tested, and whether or not each port tested is OPEN or CLOSED on that host.
The script is run by typing sh ./portscanner.sh ./mytargets.txt ./mytcpports.txt
The mytargets.txt and mytcpports.txt are entered as parameters as seen above
There is also some error and parameter handling included, which ensures that both input files are put in the command, as well as that the files entered actually exist.
The /dev/tcp/$host/$port directory is accesses in the script. It is a kernel module that, when used in a command, bash opens a TCP connection to the associated socket on the specified host.
Nmap scans
I ran some nmap scans in this lab using different flags
Using the -p flag, I ran an nmap scan of port 80 on the host, 10.0.5.31
I ran the command once without using sudo and once with using sudo. Using a wireshark capture, I found that the difference between the two is that the sudo nmap includes ICMP ping packets, and the non-sudo nmap doesn’t have ICMP ping packets.
I also used nmap -Pn 10.0.5.31 -p 443 to skip the host discovery process and run a handshake on port 443 of the host.
Reflection
This lab was a bit of a challenge for me. I had trouble with the first script ad trying to add error handling and parameter handling. Eventually my classmates gave me some guidance and I was able to implement those measures into my code