From 71885912b89e8cb7ec7c1bb25f6dbacf9daea286 Mon Sep 17 00:00:00 2001
From: kris <>
Date: Mon, 27 Oct 2008 23:33:34 +0000
Subject: [PATCH] Allow more flexible (Nmap-esque) port specifications in TCP
 portscan aux module, so things like "21-25,80,443", "1024-" and "-" behave
 like you expect.  This replaces the PORTSTART and PORTSTOP options with a
 single PORTS option.

git-svn-id: file:///home/svn/framework3/trunk@5796 4d416f70-5f16-0410-b530-b9f4589650da
---
 modules/auxiliary/scanner/portscan/tcp.rb | 42 +++++++++++++++--------
 1 file changed, 27 insertions(+), 15 deletions(-)

diff --git a/modules/auxiliary/scanner/portscan/tcp.rb b/modules/auxiliary/scanner/portscan/tcp.rb
index 09976c0885..91186035be 100644
--- a/modules/auxiliary/scanner/portscan/tcp.rb
+++ b/modules/auxiliary/scanner/portscan/tcp.rb
@@ -26,15 +26,14 @@ class Metasploit3 < Msf::Auxiliary
 			'Name'        => 'TCP Port Scanner',
 			'Version'     => '$Revision$',
 			'Description' => 'Enumerate open TCP services',
-			'Author'      => 'hdm',
+			'Author'      => [ 'hdm', 'Kris Katterjohn <katterjohn[at]gmail.com>' ],
 			'License'     => MSF_LICENSE
 		)
 
 		register_options(
 		[
-			OptPort.new('PORTSTART', [true, 'The starting port number', 1]),
-			OptPort.new('PORTSTOP', [true, 'The stopping port number', 10000]),
-			OptInt.new('TIMEOUT', [true, "The socket connect timeout in milliseconds", 1000]),
+			OptString.new('PORTS', [true, "Ports to scan (e.g. 22-25,80,110-900)", "1-10000"]),
+			OptInt.new('TIMEOUT', [true, "The socket connect timeout in milliseconds", 1000])
 		], self.class)
 		
 		deregister_options('RPORT')
@@ -44,17 +43,30 @@ class Metasploit3 < Msf::Auxiliary
 	
 	def run_host(ip)
 	
-		port_start = datastore['PORTSTART'].to_i
-		port_stop  = datastore['PORTSTOP'].to_i
-		timeout    = datastore['TIMEOUT'].to_i
-		
-		if(port_stop < port_start)
-			tmp = port_start
-			port_start = port_stop
-			port_stop  = tmp
+		timeout = datastore['TIMEOUT'].to_i
+		ports = []
+
+		# Build ports array from port specification
+		datastore['PORTS'].split(/,/).each do |item|
+			start, stop = item.split(/-/).map { |p| p.to_i }
+
+			start ||= 0
+			stop ||= item.match(/-/) ? 65535 : start
+
+			start, stop = stop, start if stop < start
+
+			start.upto(stop) { |p| ports << p }
 		end
-	
-		port_start.upto(port_stop) do |port|
+
+		# Sort, and remove dups and invalid ports
+		ports = ports.sort.uniq.delete_if { |p| p < 0 or p > 65535 }
+
+		if ports.empty?
+			print_status("Error: No valid ports specified")
+			return
+		end
+
+		ports.each do |port|
 
 			begin
 				s = connect(false,
@@ -82,4 +94,4 @@ class Metasploit3 < Msf::Auxiliary
 
 
 
-end
\ No newline at end of file
+end