JavaScript Port Scanner

Tue, 01 Aug 2006 19:37:52 GMT
by pdp

SPI Dynamics released a paper on how to port scan and do other cool stuff with JavaScript. I found the paper interesting and as a result I decided to make my own port scanner in JavaScript. My aim was to build a small, fast and reusable javascript portscanning object. After a couple of hours fiddling around with IMG tags and other DOM elements I came up with the following solution.


The code depends on your connection speed and might not be very accurate. Please adjust the timeout value to achieve better results. This tool has been tested on IE and Firefox. Firefox does not allow connections to very low ports such as 7, 21, etc. I haven't tested it on other browsers although it should work more or less the same way.

Archived Comments

It doesn't work properly, says everything is open.......
In IE6 that is.
as I said above, you may need to tweak the timeout value. but yes, the portscanner is not very stable and I don't think that it will reach the desired level of stability as I am using the DOM to detect open ports. however, it works most of the time. :)
it seems that port 25 is always open?
kwela, yes port scanning techniques with JavaScript are not as accurate as the traditional ones. However, by tunning the script a bit you may get more accurate results. Keep in mind that this is still a very experimental field.
this is all wrong ........ i get open
how could this be possible.....
JavaScript port scanning is not very accurate as you can see :) but it does work in most of the cases. though, I haven't updated this code for a long time. also, adjust the timeout value as this is crucial in order to perform more accurate scans. moreover, 333333333333333333333333333 is kind of a big number. :)
Hi Is it possible that some kind of protection is built in into Firefox to prevent JS portscanning? Whatever port I scan, I always get the answer open. Even with completly different hosts and timeout values. TIA Willem.
hmm, not sure. It could be because of NoScript or any other plugin that you may have installed. However, I've already suggested that browser port-scanning is not extremely accurate.
I've tested Firefox in safemode, but same result. Thanks anyway for your response :)
Worse, I scanned port jfivsdcd and it's open... I wonder whether there is an alphabet port
Jason MillerJason Miller
The port scanner cannot detect ports that are blocked by your browser. The only way you could scan ports like 25 and 443 would be to use a server-side proxy.
Jason MillerJason Miller
Perhaps try using a script, link or style tag to test - I don't think there are as many port restrictions for the HTTP Request methods used in those implementations.