#!/usr/bin/perl -w
#This could really stand to be improved, but it works for basic purposes
#right now of identifying open ports on the given host.
#The big improvement would be a hash containing basic jibberish to
#send to given ports (eg 22, 21, 25, 80, 110) to see if they're
#running standard services.

use IO::Socket;
use Getopt::Std;
use strict;

my %args;
my $socket;
my $host = "127.0.0.1";
my $lowport = 0;
my $highport = 65535;
my $wait = 10;
my $outfile;
my $jibberish = "\n";
my $usage = <<EOT;

portscan.pl : scan a range of ports on a given host and report active ports
	-h : this help
	-t : the target hostname or IP address (defaults to 127.0.0.1)
	-m : minimum port number (defaults to 1)
	-M : maximum port number (defaults to 65535)
	-w : timeout time (wait this long to drop attempt - defaults to 
		10 seconds)
	-f : write results to specified logfile instead of stdout
	-v : be particularly verbose
	-j : specify the jibberish to send to the ports found to elicit
		a response
EOT

getopts("ht:m:M:w:vf:j:", \%args);

if ( defined $args{h} ) {
	print $usage;
	exit;
}
if ( defined $args{t} ) {
	$host = $args{t};
}
if ( defined $args{m} ) {
	$lowport = $args{m};
}
if ( defined $args{M} ) {
	$highport = $args{M};
}
if ( defined $args{w} ) {
	$wait = $args{w};
}
if ( defined $args{j} ) {
	$jibberish = $args{j};
}
if ( !$host ) {
	print $usage;
	exit;
}
if ( defined $args{f} ) {
	open($outfile, ">$args{f}") 
		or die "Couldn't open output file $args{f}";
}

foreach ( $lowport ... $highport ) {
	my $response = "";
	if ( $args{v} ) { 
		$response .= "trying $host port $_\n";
	}
	$socket = IO::Socket::INET->new(PeerAddr => $host,
					PeerPort => $_,
					Proto => "tcp",
					Type => SOCK_STREAM,
					Timeout => $wait)
		or next;
	$response .= "Got socket on $host port $_\n";
	if ( $socket && $args{v} ) {
		# got a connection, let's throw some jibberish at it and 
		# see what happens!
		print $socket $jibberish;
		my $response .= <$socket>;
		close($socket);
	}
	if ( $outfile ) {
		print $outfile $response;
	}
	else {
		print $response;
	}
}

if ( $outfile ) {
	close($outfile);
}