Port scanning through external services

In this article, we will learn how to scan the ports of a host without being detected, using external services such as websites that perform the scanning for us. The tool that unifies all these websites is scanless.

We download the tool:

git clone https://github.com/vesche/scanless.git
cd scanless/

We start the scanning:

python scanless.py -t A.B.C.D -a

Running scanless...

------- ipfingerprints -------
Host is up (0.0059s latency).
Not shown: 485 closed ports
PORT    STATE    SERVICE
22/tcp  open     ssh
111/tcp filtered rpcbind
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.11 - 3.14
Network Distance: 9 hops
------------------------------

------- viewdns -------
PORT     STATE  SERVICE
21/tcp   closed ftp
22/tcp   open   ssh
23/tcp   closed telnet
25/tcp   closed smtp
53/tcp   closed dns
80/tcp   closed http
110/tcp  closed pop3
139/tcp  closed netbios
143/tcp  closed imap
443/tcp  closed https
445/tcp  closed smb
1433/tcp closed mssql
1521/tcp closed oracle
3306/tcp closed mysql
3389/tcp closed rdp
-----------------------

------- pingeu -------
PORT     STATE  SERVICE
21/tcp   closed ftp
22/tcp   open   ssh
23/tcp   closed telnet
25/tcp   closed smtp
53/tcp   closed dns
80/tcp   open   http
139/tcp  closed netbios
443/tcp  closed https
445/tcp  closed smb
3389/tcp closed rdp
----------------------

------- hackertarget -------
tarting Nmap 7.01 ( https://nmap.org ) at 2017-05-08 13:29 UTC
Nmap scan report for A.B.C.D (A.B.C.D)
Host is up (0.081s latency).
PORT     STATE    SERVICE       VERSION
21/tcp   closed   ftp
22/tcp   open     ssh           OpenSSH 7.2p2 Ubuntu 4ubuntu2.1 (Ubuntu Linux; protocol 2.0)
23/tcp   closed   telnet
25/tcp   closed   smtp
80/tcp   closed   http
110/tcp  closed   pop3
143/tcp  closed   imap
443/tcp  closed   https
445/tcp  filtered microsoft-ds
3389/tcp closed   ms-wbt-server
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.08 second
----------------------------

------- yougetsignal -------
PORT     STATE  SERVICE
21/tcp   closed ftp
22/tcp   open   ssh
23/tcp   closed telnet
25/tcp   closed smtp
53/tcp   closed dns
80/tcp   closed http
110/tcp  closed pop3
115/tcp  closed sftp
135/tcp  closed msrpc
139/tcp  closed netbios
143/tcp  closed imap
194/tcp  closed irc
443/tcp  closed https
445/tcp  closed smb
1433/tcp closed mssql
3306/tcp closed mysql
3389/tcp closed rdp
5632/tcp closed pcanywhere
5900/tcp closed vnc
6112/tcp closed wc3
----------------------------