A Simple php script for Port Scanning

The below given php script scans open ports on target server. There are mainly two functions are used for scanning :

fsockopen() : The fsockopen() function is used to open socket connection with given hostname and port. Syntax :

 fsockopen(hostname, port, errNo, errStr, timeout);

getservbyport() : The getservbyport() function is used to get the service name which corresponds to supplied port and protocol. Syntax :

 getservbyport(portNumber, ProtocolName);

Code : scan.php

<?php

if(isset($_POST['ip'])) {
  $ports = array(21, 22, 23, 25, 53, 80, 110, 135, 137, 139, 1433, 1434);
  $result = array();

  foreach($ports as $port) {
    if($scn = fsockopen($_POST['ip'], $port, $err, $err_string, 1)) {
      $result[$port] = true;
      fclose($scn);
    } else {
      $result[$port] = false;
    }
  }

  echo "<strong>Scanning Result for :</strong> <i>", $_POST['ip'], "</i><br/><br/>";
  foreach($result as $port=>$val) {
    $srv = getservbyport($port, "tcp");
    echo "Port $port [$srv] : ";
    if($val) {
      echo "<span style='color:green'>OPEN</span><br/>";
    } else {
      echo "<span style='color:red'>Closed</span><br/>";
    }
  }

} else {
  echo "<br/>";
  echo '<form action="" method="post">';
  echo 'Enter IP Address to Scan : <input type="text" name="ip"> ';
  echo "<input type='submit' value='Start Scan'>";
  echo "</form>";
}

?>

Download Link : Github

Output :

Possible use case : This script can be uploaded onto a vulnerable server in case File Upload Vulnerability, and that server is used to scan other targets to avoid detection.