PowerShell小技巧之獲取TCP響應(類Telnet)

更新時間：2014年10月12日 14:05:56 投稿：hebedich

這篇文章主要介紹了使用PowerShell獲取TCP響應(類Telnet)的小技巧,需要的朋友可以參考下

通常情況下，為了檢測指定的TCP端口是否存活，我們都是通過telnet指定的端口看是否有響應來確定，然而默認情況下win8以后的系統(tǒng)默認是不安裝telnet的。設想一下如果你黑進了一個服務器，上面沒裝telnet，但是為了進一步滲透進內(nèi)網(wǎng)，需要探測內(nèi)部服務器特定端口是否打開，同時你還不愿意安裝telnet，擔心引起管理員注意。那么好吧，在這個情況下你需要我的這個腳本。由于它是原生態(tài)的PowerShell語句完成，木有telnet你也照樣能檢測TCP端口的情況了。

下面首先上代碼，后面進行講解:

復制代碼代碼如下:

        =====文件名：Get-TCPResponse.ps1=====
Function Get-TCPResponse {
<# Author:fuhj(powershell#live.cn ,http://fuhaijun.com)
        .SYNOPSIS
            Tests TCP port of remote or local system and returns a response header
            if applicable
        .DESCRIPTION
            Tests TCP port of remote or local system and returns a response header
            if applicable
            If server has no default response, then Response property will be NULL
        .PARAMETER Computername
            Local or remote system to test connection
        .PARAMETER Port
            TCP Port to connect to
        .PARAMETER TCPTimeout
            Time until connection should abort
        .EXAMPLE
        Get-TCPResponse -Computername pop.126.com -Port 110

        Computername : pop.126.com
        Port         : 110
        IsOpen       : True
        Response     : +OK Welcome to coremail Mail Pop3 Server (126coms[75c606d72bf436dfbce6.....])

        Description
        -----------
        Checks port 110 of an mail server and displays header response.
    #>
    [OutputType('Net.TCPResponse')]
    [cmdletbinding()]
    Param (
        [parameter(ValueFromPipeline,ValueFromPipelineByPropertyName)]
        [Alias('__Server','IPAddress','IP','domain')]
        [string[]]$Computername = $env:Computername,
        [int[]]$Port = 25,
        [int]$TCPTimeout = 1000
    )
    Process {
        ForEach ($Computer in $Computername) {
            ForEach ($_port in $Port) {
                $stringBuilder = New-Object Text.StringBuilder
                $tcpClient = New-Object System.Net.Sockets.TCPClient
                $connect = $tcpClient.BeginConnect($Computer,$_port,$null,$null)
                $wait = $connect.AsyncWaitHandle.WaitOne($TCPtimeout,$false)
                If (-NOT $wait) {
                    $object = [pscustomobject] @{
                        Computername = $Computer
                        Port = $_Port
                        IsOpen = $False
                        Response = $Null
                    }
                } Else {
                    While ($True) {
                        #Let buffer
                        Start-Sleep -Milliseconds 1000
                        Write-Verbose "Bytes available: $($tcpClient.Available)"
                        If ([int64]$tcpClient.Available -gt 0) {
                            $stream = $TcpClient.GetStream()
                            $bindResponseBuffer = New-Object Byte[] -ArgumentList $tcpClient.Available
                            [Int]$response = $stream.Read($bindResponseBuffer, 0, $bindResponseBuffer.count)
                            $Null = $stringBuilder.Append(($bindResponseBuffer | ForEach {[char][int]$_}) -join '')
                        } Else {
                            Break
                        }
                    }
                    $object = [pscustomobject] @{
                        Computername = $Computer
                        Port = $_Port
                        IsOpen = $True
                        Response = $stringBuilder.Tostring()
                    }
                }
                $object.pstypenames.insert(0,'Net.TCPResponse')
                Write-Output $object
                If ($Stream) {
                    $stream.Close()
                    $stream.Dispose()
                }
                $tcpClient.Close()
                $tcpClient.Dispose()
            }
        }
    }
}

首先創(chuàng)建一個System.Net.Sockets.TCPClient對象,去連接指定的域名和端口，瞬間斷開的那是服務器沒開那個端口，直接被拒絕了，如果沒拒絕，那就等著服務器端給你響應，然后讀取字節(jié)流拼接起來進行解析。
最后需要強調(diào)的是需要對打開的流和TCP連接進行關閉，以便釋放資源
調(diào)用方法如下:

復制代碼代碼如下:

Get-TCPResponse -Computername pop.126.com -Port 110