An open API service indexing awesome lists of open source software.

https://github.com/0xsbow/pscan

A lightweight, efficient port scanner for authorized network testing written in PowerShell.
https://github.com/0xsbow/pscan

portscan portscanner portscanning powershell powershell-portscanner powershell-script scanning

Last synced: about 1 month ago
JSON representation

A lightweight, efficient port scanner for authorized network testing written in PowerShell.

Awesome Lists containing this project

README

          

# PScan - PowerShell Port Scanner

A lightweight, efficient port scanner for authorized network testing written in PowerShell.

## Features

- Scan single IP or multiple IPs from a file
- Support for custom ports, port ranges, and common port presets
- Batch processing with configurable delays
- Multiple export formats (CSV, TXT, JSON)
- Colored console output
- Verbose and quiet modes

## Installation

1. clone the repository or download the project zip file
```
git clone https://github.com/Sid-Bahuguna/PScan.git
```
2. No additional dependencies required - uses native PowerShell

## Usage

### Basic Syntax

```powershell
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target -Ports [options]
```

### Quick Start Examples

```powershell
# Scan a single host using top 100 common ports
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 10.16.10.236 -Ports top100

# Scan a hosts file, save results to a TXT file
powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\PScan.ps1 -HostsFile hosts-192-range -Ports top100 -OutTxt results.txt
```

### Scan Single IP

```powershell
# Scan default ports (22,80,443)
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 192.168.1.1

# Scan specific ports
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 192.168.1.1 -Ports "22,80,443,8080"

# Scan port range
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 192.168.1.1 -Ports "20-1024"

# Scan top 100 common ports
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 192.168.1.1 -Ports top100

# Scan top 1000 common ports
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 192.168.1.1 -Ports top1000
```

### Scan Multiple IPs

```powershell
# Scan hosts from file with top 100 ports
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -HostsFile hosts.txt -Ports top100

# Scan multiple IPs with custom port range
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -HostsFile network-hosts.txt -Ports "1-1024"

# Scan with custom batch settings for large networks
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -HostsFile hosts.txt -Ports top100 -BatchSize 20 -BatchDelaySeconds 3
```

### Port Presets

- **Custom ports:** `"22,80,443,8080"`
- **Port range:** `"1-1024"`
- **Top 100 ports:** `top100`
- **Top 1000 ports:** `top1000`
- **All ports:** `all` (1-65535, use with caution)

### Export Results

```powershell
# Export to CSV
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 192.168.1.1 -Ports top100 -OutCsv results.csv

# Export to JSON
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 192.168.1.1 -Ports top100 -OutJson results.json

# Export to TXT
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 192.168.1.1 -Ports top100 -OutTxt results.txt

# Export to multiple formats simultaneously
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -HostsFile hosts.txt -Ports top1000 -OutCsv scan.csv -OutJson scan.json -OutTxt scan.txt
```

### Advanced Options

```powershell
# Verbose output (show all port checks in real-time)
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 192.168.1.1 -Ports top100 -Verbose

# Quiet mode (suppress console output except errors)
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 192.168.1.1 -Ports top100 -Quiet -OutCsv results.csv

# Custom batch settings for large-scale scans
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -HostsFile hosts.txt -Ports top100 -BatchSize 20 -BatchDelaySeconds 10

# NoProfile flag for faster execution
powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 10.16.10.236 -Ports "22,80,443,3389"

# Comprehensive scan with verbose output and CSV export
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -HostsFile enterprise-hosts.txt -Ports top1000 -Verbose -OutCsv enterprise-scan.csv -BatchSize 15
```

## Examples

### Example 1: Quick Single Host Scan
```powershell
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 10.16.10.236 -Ports top100
```

### Example 2: Scan Multiple Hosts from File
```powershell
powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\PScan.ps1 -HostsFile hosts-192-range -Ports top100 -OutTxt results.txt
```

### Example 3: Enterprise Network Scan with CSV Export
```powershell
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -HostsFile enterprise-network.txt -Ports top1000 -OutCsv network-audit.csv -BatchSize 25 -BatchDelaySeconds 8
```

### Example 4: Verbose Scan with All Output Formats
```powershell
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 192.168.1.100 -Ports "1-1000" -Verbose -OutCsv scan.csv -OutJson scan.json -OutTxt scan.txt
```

### Example 5: Silent Batch Scan for Automation
```powershell
powershell.exe -NoProfile -ExecutionPolicy Bypass -File .\PScan.ps1 -HostsFile critical-servers.txt -Ports "22,80,443,3389,8080" -Quiet -OutJson daily-scan.json
```

### Example 6: Web Server Discovery
```powershell
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -HostsFile datacenter-hosts.txt -Ports "80,443,8080,8443" -OutCsv webservers.csv
```

### Example 7: Custom Port Range Scan
```powershell
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 10.0.0.50 -Ports "20-25,80,443,3389,5900-5910" -Verbose
```

## Output Format

### Console Output
```
IP OpenPorts
-- ---------
192.168.1.1 22,80,443
192.168.1.2 80,8080
```

### CSV Output
```csv
IP,OpenPorts
192.168.1.1,"22,80,443"
192.168.1.2,"80,8080"
```

### JSON Output
```json
[
{
"IP": "192.168.1.1",
"OpenPorts": "22,80,443"
}
]
```

## Performance Tips

- Use smaller batch sizes (`-BatchSize 5-10`) for faster networks with low latency
- Increase `BatchDelaySeconds` (10-15 seconds) if experiencing network throttling or rate limiting
- Use port presets (`top100`, `top1000`) instead of `all` for faster scans
- For large scans, use `-Quiet` mode with file export to reduce console overhead
- Use `-NoProfile` flag for faster PowerShell startup time
- Scan during off-peak hours for large enterprise networks
- Test connectivity with `ping` before running large scans

## Security Notice

⚠️ **Important:** This tool is intended for authorized network testing only. Only scan systems you own or have explicit permission to test. Unauthorized port scanning may be illegal in your jurisdiction.

## Troubleshooting

### Execution Policy Error
```powershell
powershell -ExecutionPolicy Bypass -File .\PScan.ps1 -Target 192.168.1.1
```

### No Results Displayed
- Check if target is reachable: `ping `
- Try with verbose mode: `-Verbose`
- Verify ports are actually open

### Firewall Blocking
Some corporate firewalls may block outbound connection attempts. Run from a trusted network segment.

## License

This tool is provided as-is for authorized security testing purposes only.

## Contributing

For bugs, feature requests, or contributions, please contact Sidharth Bahuguna.

---

**Remember:** Always obtain proper authorization before scanning any network or system.