Manual
  • BluSapphire Manuals
  • BluSapphire
    • Detections
      • Creating "Detections" Using BluSapphire Portal
    • Roles & Permissions
    • Knowledge Base
  • BluGenie
    • Full Function List
      • Add-BluGenieFirewallRule
      • Clear-BlugenieMemory
      • Connect-BluGenieToSystem
      • Convert-BluGenieSID2UserName
      • Convert-BluGenieSize
      • Convert-BluGenieUserName2SID
      • Convert-BluGenieUTCtoLocal
      • ConvertFrom-Yaml
      • ConvertTo-BluGenieDate
      • ConvertTo-Yaml
      • Disable-BluGenieAllFirewallRules
      • Disable-BluGenieFirewallRule
      • Enable-BluGenieAllFirewallRules
      • Enable-BluGenieFirewallRule
      • Enable-BluGenieWinRMoverWMI
      • Expand-BluGenieArchivePS2
      • Format-BluGenieEvent
      • Get-BluGenieADGroupMembers
      • Get-BluGenieADGroups
      • Get-BluGenieADMachineInfo
      • Get-BluGenieAuditProcessTracking
      • Get-BluGenieAutoRuns
      • Get-BluGenieChildItemList
      • Get-BluGenieCOMObjectInfo
      • Get-BluGenieCurrentSessionAliases
      • Get-BluGenieCurrentSessionFunctions
      • Get-BluGenieCurrentSessionVariables
      • Get-BluGenieErrorAction
      • Get-BluGenieFileADS
      • Get-BluGenieFilePermissions
      • Get-BluGenieFileSnapshot
      • Get-BluGenieFileStreams
      • Get-BluGenieFirewallRules
      • Get-BluGenieHashInfo
      • Get-BluGenieHelp
      • Get-BluGenieHostingVersion
      • Get-BluGenieIPrange
      • Get-BluGenieLiteralPath
      • Get-BluGenieLoadedRegHives
      • Get-BluGenieLockingProcess
      • Get-BluGenieMRUActivityView
      • Get-BluGenieProcessList
      • Get-BluGenieRegistry
      • Get-BluGenieRegistryProcessTracking
      • Get-BluGenieRegSnapshot
      • Get-BluGenieRunSpaceSessionAliases
      • Get-BluGenieRunSpaceSessionFunctions
      • Get-BluGenieRunSpaceSessionVariables
      • Get-BluGenieSchTaskInfo
      • Get-BluGenieScriptDirectory
      • Get-BluGenieServiceList
      • Get-BluGenieServiceStatus
      • Get-BluGenieSessionAliasList
      • Get-BluGenieSessionFunctionList
      • Get-BluGenieSessionVariableList
      • Get-BluGenieSettings
      • Get-BluGenieSignature
      • Get-BluGenieSystemInfo
      • Get-BluGenieToolsDirectory
      • Get-BluGenieTranscriptsDir
      • Get-BluGenieTranscriptsFile
      • Get-BluGenieTrapData
      • Get-BluGenieWindowsTitle
      • Get-BluGenieWindowsUpdates
      • Install-BluGenieHarvester
      • Install-BluGenieSysMon
      • Invoke-BluGenieAnalyzer
      • Invoke-BluGenieFileBrowser
      • Invoke-BluGenieLoadAllProfileHives
      • Invoke-BluGenieNetStat
      • Invoke-BluGenieParallel
      • Invoke-BluGenieProcess
      • Invoke-BluGenieProcessHash
      • Invoke-BluGeniePSQuery
      • Invoke-BluGeniePython
      • Invoke-BluGenieSQLLQuery
      • Invoke-BluGenieThreadLock
      • Invoke-BluGenieUnLoadAllProfileHives
      • Invoke-BluGenieWalkThrough
      • Invoke-BluGenieWipe
      • Invoke-BluGenieYara
      • Invoke-PSipcalc
      • Invoke-PSnmap
      • Invoke-SQLiteBulkCopy
      • Invoke-SqliteQuery
      • Invoke-WalkThrough
      • Join-BluGenieObjects
      • New-BluGenieCommand
      • New-BluGenieHelpMenu
      • New-BluGenieService
      • New-BluGenieSessionInfo
      • New-BluGenieTimeStamp
      • New-BluGenieUID
      • New-SQLiteConnection
      • Open-BluGenieLog
      • Open-BluGenieLogDir
      • Open-BluGenieScriptDir
      • Open-BluGenieToolDir
      • Open-BluGenieTransDir
      • Out-DataTable
      • Publish-BluGenieArtifact
      • Publish-BluGenieFirewallRules
      • Remove-BluGenieFile
      • Remove-BluGenieFirewallRule
      • Remove-BluGenieModule
      • Remove-BluGenieService
      • Resolve-BluGenieDnsName
      • Send-BluGenieItem
      • Set-BluGenieAuditProcessPol
      • Set-BluGenieCommands
      • Set-BluGenieCores
      • Set-BluGenieDebugger
      • Set-BluGenieFirewallGPOStatus
      • Set-BluGenieFirewallStatus
      • Set-BluGenieJobId
      • Set-BluGenieJobMemory
      • Set-BluGenieJobTimeout
      • Set-BluGenieNoBanner
      • Set-BluGenieNoExit
      • Set-BluGenieNoSetRes
      • Set-BluGenieParallelCommands
      • Set-BluGeniePostCommands
      • Set-BluGeniePrefetch
      • Set-BluGenieProcessCPUAffinity
      • Set-BluGenieProcessPriority
      • Set-BluGenieRange
      • Set-BluGenieRemoteDesktopProcess
      • Set-BluGenieScriptCredentials
      • Set-BluGenieServiceJob
      • Set-BluGenieSessionInfo
      • Set-BluGenieSettingsPriority
      • Set-BluGenieSystems
      • Set-BluGenieThreadCount
      • Set-BluGenieTrapping
      • Set-BluGenieUpdateMods
      • Set-BluGenieVerbose
      • Show-BluGenieGUI
      • Show-BluGenieMore
      • Start-BluGenieNewProcess
      • Start-BluGenieRunSpace
      • Stop-BluGenieService
      • Test-BluGenieIsFileLocked
      • Test-BluGenieIsMutexAvailable
      • Trace-BluGenieFireWallStatus
      • Update-BluGenieFirewallProfileStatus
      • Update-BluGenieSysinternals
      • Update-Sqlite
      • Write BluGenieVerboseMsg
    • Functions by Category
      • Discovery
        • Registry
        • File/Folder
        • Process
        • System
        • Network
        • ActiveDirectory
      • Execution
        • Registry
        • File/Folder
        • Process
        • System
        • Network
        • Tools
      • Support
    • Artifacts
      • Example Template
      • Tactical Artifacts by Category
        • Combination Query
          • Query Autorun locations for any item nested that is not digitally signed
        • EventLog Query
          • Query for Process execution from unusual directories
          • Query suspicious programs processed by the Task Scheduler using the Event Log
          • Query for unusual instances of rundll32.exe via the Event Log
          • Query for Unusual Instances of rundll32.exe making outbound network connections using SysMon Data
          • Query Suspicious Powershell Command Line Executions
          • Query the Windows System Log for 104, 517, 1102
        • File and Folder Query
          • Query for malicious file types in all users and system temp directories
          • Query Malicious file types from any directory not including the default OS and Install directories
          • Query all users for their Powershell Profile content for Powershell, Powershell_ISE, and VS Code
          • Query to Determine if any lolbin files are installed outside the normal OS and Program Files dir's
        • Network Query
          • Query for Unusual Windows Network Activity
        • Process Query
          • Query for all Processes not running from the Windows and Program Files.* Directories
        • Registry Query
          • Query Information from the Registry on Recentdocs, Recentapps
          • Query Registry for a list of mounted USB storage devices, including external memory cards
          • Query the Most Recently Used items from the Registry
          • Query the Most Recently Open and Saved File information from the Registry
          • Query all Run, RunOnce, and RunOnceEx Registry Keys
          • Query Command list from the MRU Registry List
          • Query Startup Services from the Registry
          • Query Map Network Drives from the Registry
          • Query Shell Folders and User Shell Folders from both the HKLM and HKU Registry Information
          • Query Typed Urls from the Registry
          • Query Current Control Set Services information from the Registry
          • Query Accessibility Features from Image File Execution Options from the Registry
          • Query the Registry for Commands that are automatically executed each time cmd.exe is run
          • Query the Registry for Mounted Device information
          • Query the Registry for Browser Helper Objects (BHO)
          • Query the Registry for Explore Run commands
          • Query the Registry for Winlogon Helper Dll's
          • Query the Registry for Active Setup information
          • Query the Registry for Bypassing UAC Mechanisms from the User-Accessible information
          • Query the Registry for User-Logon, and Startup Scripts
          • Query the Registry for the most common MRU information for All User Hives, including offline users
          • Query the Registry for any user, using the SysInternals Tools
Powered by GitBook
On this page
  • Invoke-PSnmap
  • SYNOPSIS
  • SYNTAX
  • DESCRIPTION
  • EXAMPLES
  • PARAMETERS
  1. BluGenie
  2. Full Function List

Invoke-PSnmap

PreviousInvoke-PSipcalcNextInvoke-SQLiteBulkCopy

Last updated 3 years ago



Invoke-PSnmap

SYNOPSIS

Linux nmap for PowerShell (almost). Ping sweeps and scans a network for specified open ports. Can also perform DNS lookups. Port connect timeout is custom (milliseconds). Multithreaded with a default of 32 concurrent threads.

If you get over about 20-25,000 threads, you'll experience significant slowdowns towards the end, so avoiding that is recommended. This number may vary in your environment.

Svendsen Tech. Copyright (c) 2015, Joakim Borger Svendsen. All rights reserved.

MIT license.

Homepage/documentation:

SYNTAX

Invoke-PSnmap [-ComputerName] <String[]> [[-Port] <Int32[]>] [-Dns] [-ScanOnPingFail] [[-ThrottleLimit] <Int32>] [-HideProgress] [[-Timeout] <Int32>] [[-PortConnectTimeoutMs] <Int32>] [-NoSummary] [-AddService] 
[<CommonParameters>]

DESCRIPTION

EXAMPLES

EXAMPLE 1

$x = PSnmap -Cn 192.168.1.1/24, synology, ubuntuvm, vista64esxi -Port 22,3389,80,443 -Dns #-Verbose
PS C:\> $x | Where { $_.Ping } | Format-Table -AutoSize

ComputerName  IP/DNS                                    Ping Port 22 Port 80 Port 443 Port 3389
------------  ------                                    ---- ------- ------- -------- ---------
192.168.1.1   router.asus.com                           True   False    True    False     False
192.168.1.17  Chromecast                                True   False   False    False     False
192.168.1.25  android-xxxxxxxxxxxxxxx                   True   False   False    False     False
192.168.1.31  ubuntuvm                                  True    True    True    False     False
192.168.1.77                                            True    True   False    False     False
192.168.1.84  synology                                  True    True    True     True     False
192.168.1.122 desktop                                   True   False   False    False     False
192.168.1.124 PC58271                                   True   False    True     True      True
192.168.1.127 stuepc                                    True   False   False    False      True
192.168.1.131 2008r2esxi                                True   False    True    False      True
192.168.1.132 2008r2esxi2                               True   False    True    False      True
192.168.1.133 win7esxi                                  True   False   False    False      True
192.168.1.151 SERVER2008                                True   False   False    False      True
192.168.1.166                                           True    True    True     True     False
192.168.1.195                                           True   False   False    False     False
192.168.1.231 HPENVY4500                                True   False    True     True     False
192.168.1.234 elitebook                                 True    True   False    False      True
192.168.1.245 server2012                                True   False    True    False      True
192.168.1.253 vista64esxi                               True   False   False    False      True
synology      192.168.1.84                              True    True    True     True     False
ubuntuvm      192.168.1.31                              True    True    True    False     False
vista64esxi   fa70::614c:f45a:72f9:46a5%3;192.168.1.253 True   False   False    False      True

EXAMPLE 2

$x = PSnmap -Cn 192.168.1.1/24, synology, ubuntuvm, vista64esxi -Port 22,3389,80,443 -Dns #-Verbose
PS C:\> $x | Where { $_.'Port 22' } | Format-Table -AutoSize

ComputerName  IP/DNS       Ping Port 22 Port 80 Port 443 Port 3389
------------  ------       ---- ------- ------- -------- ---------
192.168.1.31  ubuntuvm     True    True    True    False     False
192.168.1.77               True    True   False    False     False
192.168.1.84  synology     True    True    True     True     False
192.168.1.166              True    True    True     True     False
192.168.1.234 elitebook    True    True   False    False      True
synology      192.168.1.84 True    True    True     True     False
ubuntuvm      192.168.1.31 True    True    True    False     False

PARAMETERS

ComputerName

-ComputerName <String[]>
   List of CIDR, IP/subnet, IP or DNS/NetBIOS name.
   
   Required?                    true
   Position?                    1
   Default value                
   Accept pipeline input?       false
   Accept wildcard characters?  false

Port

-Port <Int32[]>
   Port or ports to check.
   
   Required?                    false
   Position?                    2
   Default value                
   Accept pipeline input?       false
   Accept wildcard characters?  false

Dns

-Dns [<SwitchParameter>]
   Perform a DNS lookup.
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

ScanOnPingFail

-ScanOnPingFail [<SwitchParameter>]
   Scan all hosts even if ping fails.
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

ThrottleLimit

-ThrottleLimit <Int32>
   Number of concurrent threads. Default: 32.
   
   Required?                    false
   Position?                    3
   Default value                32
   Accept pipeline input?       false
   Accept wildcard characters?  false

HideProgress

-HideProgress [<SwitchParameter>]
   Do not display progress with Write-Progress
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

Timeout

-Timeout <Int32>
   Timeout in seconds for each thread. Causes problems if too short. 30 as a default seems OK.
   
   Required?                    false
   Position?                    4
   Default value                30
   Accept pipeline input?       false
   Accept wildcard characters?  false

PortConnectTimeoutMs

-PortConnectTimeoutMs <Int32>
   Port connect timeout in milliseconds. 5 seconds as a default for LAN scans. Increase for mobile/slow WAN.
   
   Required?                    false
   Position?                    5
   Default value                5000
   Accept pipeline input?       false
   Accept wildcard characters?  false

NoSummary

-NoSummary [<SwitchParameter>]
   Do not display the end summary with start and end time, using Write-Host.
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

AddService

-AddService [<SwitchParameter>]
   Add IANA service for the port number in parentheses.
   
   Required?                    false
   Position?                    named
   Default value                False
   Accept pipeline input?       false
   Accept wildcard characters?  false

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see .

http://www.opensource.org/licenses/MIT
https://www.powershelladmin.com/wiki/Port_scan_subnets_with_PSnmap_for_PowerShell
about_CommonParameters