Port Scan Network Hosts with PowerShell

After discovering hosts with a ping sweep, you may want to know what ports those hosts have open. You can modify this one-liner to scan a range of ports on a target IP Address.

1..1024 | % {echo ((new-object Net.Sockets.TcpClient).Connect("192.0.2.25",$_)) "Port $_ is open!"} 2>$null

But if you’re going to check for open ports on more than a rare occasion it can be useful to have a script ready to go.

PS C:\> PortScan-Host.ps1

This script will check for open ports on 1 - 1024 by default on a single host. Modify this command as needed for other 
scenarios:
1..1024 | % {echo ((new-object Net.Sockets.TcpClient).Connect( 192.0.2.25,)) Port  is open!} 2>$null

Current IP Address:

192.0.2.25

[1.] Port Scan Localhost at 192.0.2.25 
[2.] Enter IP to Scan
[3.] Change Port Range
[4.] Exit


Choose: 

PortScan-Host.ps1

$Log = "$env:Admin_Tools_Dir\results.txt"
Remove-Item -Force $Log -ErrorAction Ignore

$ipv4 = (Test-Connection -ComputerName (hostname) -Count 1).IPV4Address.IPAddressToString
$startPort = 1
$endPort = 1024

function Print-Options() {
	Write-Host "`n[1.] Port Scan Localhost at $ipv4 `n[2.] Enter IP to Scan`n[3.] Change Port Range`n[4.] Exit"
	$opt = Read-Host "`n`nChoose"
	if([string]::IsNullOrEmpty($opt)) {
		Write-Warning "Invalid choice selected. Exiting."
	}
	else{
		return $opt
	}
}

while($true){

	Write-Host "`nThis script will check for open ports on $startPort - $endPort by default on a single host. Modify this command as needed for other scenarios:" 
	Write-Host "$startPort..$endPort | % {echo ((new-object Net.Sockets.TcpClient).Connect("192.0.2.25",$_)) "Port $_ is open!"} 2>`$null"

	Write-Host "`nCurrent IP Address:`n"
	$ipv4 
	
	$opt = Print-Options

	switch($opt){
		1{#Scan localhost
			#$ipv4 already set for localhost
			#Reset Log
			Remove-Item -Force $Log -ErrorAction Ignore
			#Check for open ports
			Write-Host "Checking ports $startPort - $endPort on $ipv4" | tee $Log -Append; Write-Host "This might take a minute . . ."
			$startPort..$endPort | % {echo ((new-object Net.Sockets.TcpClient).Connect($ipv4,$_)) "Port $_ is open!"} 2>$null | tee $Log -Append
			#Strip blank lines from log
			(Get-Content $Log -ErrorAction:SilentlyContinue) | ? { -not [String]::IsNullOrWhiteSpace($_) } | Set-Content $Log
			if (-not(Test-Path -Path $Log)) {
				Write-Host "`nNo open ports found in range $startPort - $endPort on $ipv4`n"     
			}
			else {
				#Count open ports on targe
				$portCount = Get-Content $Log | Measure-Object –Line
				Write-Host "`n" $portCount.Lines "open port(s) on $ipv4!"
				#Remind user where login is located
				Write-Host "Results are saved to $Log`n" 
			} 
			pause
		}
		2{#Scan User selected IP
			$selectIpv4 = Read-Host "`nEnter IP to scan"
			#Reset Log
			Remove-Item -Force $Log -ErrorAction Ignore
			#Check for open ports
			Write-Host "Checking ports $startPort - $endPort on $selectIpv4" | tee $Log -Append; Write-Host "This might take a minute . . ."
			$startPort..$endPort | % {echo ((new-object Net.Sockets.TcpClient).Connect($selectIpv4,$_)) "Port $_ is open!"} 2>$null | tee $Log -Append
			#Strip blank lines from log
			(Get-Content $Log -ErrorAction:SilentlyContinue) | ? { -not [String]::IsNullOrWhiteSpace($_) } | Set-Content $Log
			if (-not(Test-Path -Path $Log)) {
				Write-Host "`nNo open ports found in range $startPort - $endPort on $selectIpv4`n"     
			}
			else {
				#Count open ports on targe
				$portCount = Get-Content $Log | Measure-Object –Line
				Write-Host "`n" $portCount.Lines "open port(s) on $selectIpv4!"
				#Remind user where login is located
				Write-Host "Results are saved to $Log`n" 
			} 
			pause
		}
		3{#Change port range
			Write-Host "TCP port range is 0 - 65536"
			Remove-Variable startPort -ErrorAction Ignore
			Remove-Variable endPort -ErrorAction Ignore
			$startPort = Read-Host "`nEnter starting port"
			$endPort = Read-Host "`nEnter ending port"
			
			while ($startPort -notin 0..65536) {
				Write-Host "Starting port must be a number between 0 and 65536"
				$startPort = Read-Host "`nEnter starting port"
			}
			while ($endPort -notin 0..65536) {
				Write-Host "Starting end must be a number between 0 and 65536"
				$endPort = Read-Host "`nEnter ending port"
			}
			while ($startPort -gt $endPort) {
				Write-Host "Ending port must be greater or equal to starting port!"
				$startPort = Read-Host "`nEnter starting port"
				$endPort = Read-Host "`nEnter ending port"
			}

		}
		4{Exit}
		Default{"Invalid choice selected."}
	}

}

Further Reading:
https://www.sans.org/blog/sans-pen-test-cheat-sheet-powershell/
https://hull1.com/scriptit/2022/10/14/ping-subnet.html