Monitoring with PowerShell: External port scanning

So I like knowing exactly what ports are open on my clients network, and have the ability to alert on specific ports that are opened. The problem with most port-scan utilities, and the PowerShell Test-netconnection cmdlet is that they always scan the internal network. In the case that you do enter the external IP whitelisting might allow you to connect anyway and give you some false positives.

To resolve this I’ve created a php page to be used in conjunction with a PowerShell script. The reason I’ve created the page is that I do not like relying on external web based API IP scans. Also I don’t want to be stuck in any subscription model for something as simple as a port scan. With this method you are also completely in control of the source.

So let’s get started! First off you’ll have to upload the following file as “scan.php” to any PHP host. You can browse to the page and it should show you some JSON information regarding the scan it performs on your IP. Scan.php is based on this Github script.

$host = $_SERVER['REMOTE_ADDR'];
$ports = array(
foreach ($ports as $port)
    $connection = @fsockopen($host, $port, $errno, $errstr, 2);
    if (is_resource($connection))
        echo '{' . '"Port":' . $port . ',' . '"status" : "open"' . "},";
        echo '{' . '"Port":' . $port . ', "status" : "closed"},';
} ?> { "result": "done" } ]

I’ve converted the original github page to return only JSON. The good thing is that we can use the Invoke-restmethod cmdlet straight away, without having to convert anything, The PowerShell script can be edited to alert only on specific ports that are opened, or on all open ports.

$Results = invoke-restmethod -uri "http://YOURWEBHOST.COM/ip/scan.php"
$OpenPorts = $Results | Where-Object { $_.status -eq "open"}
$ClosedPorts = $Results | Where-Object { $_.status -eq "closed"}

if(!$OpenPorts) {
$PortScanResult = "Healthy"
} else {
$PortScanResult = $OpenPorts

And that’s it! as always Happy PowerShelling!


  1. David December 30, 2019 at 4:07 pm

    Great post! I only see a few lines where it appears the entire scan.php code should be. Can you fix the post or possibly just send me the code? Thanks!

    1. Kelvin Tegelaar December 30, 2019 at 4:15 pm

      Seems like my code plugin broke – It should be fine now! 🙂

  2. KT August 27, 2020 at 1:22 pm

    Hi Kelvin,

    Was playing with this today just an FYI you need to add an echo “[” to make this a valid json object so that it can be read. just before the foreach

    echo “[“;
    foreach ($ports as $port)

  3. Pingback: Breaking Cyber Attack Chains With 5 Tools You Already Have Access To - ChannelE2E

  4. Pingback: Monitoring with PowerShell: External port scanning part 2 - CyberDrain

  5. OlivierO September 24, 2021 at 9:05 am

    why not using Shodan API (free or paid)?

    1. Kelvin Tegelaar September 24, 2021 at 9:20 am

      There’s another blog about Shodan, but Shodan does not do live scanning and does not allow custom ports you might want to check.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.